| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bildschirm flimmert in verschiedenen Farben!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.05.2015, 15:01
| #31 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Bildschirm flimmert in verschiedenen Farben! Sagmal was ist denn jetzt?  Ist das so schwierig das richtige geforderte Log, das in C:\adwCleaner\ liegt zu posten?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.05.2015, 15:02
| #32 |
 | Bildschirm flimmert in verschiedenen Farben! Der ist nicht mehr auf dem Rechner, nur noch der
__________________Quarantine.Editor |
|
15.05.2015, 15:07
| #33 |
| | Bildschirm flimmert in verschiedenen Farben! Diese sind da!
__________________ |
|
15.05.2015, 15:23
| #34 |
| | Bildschirm flimmert in verschiedenen Farben!Code:
ATTFilter # AdwCleaner v4.204 - Bericht erstellt 15/05/2015 um 00:42:37
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-12.2 [Lokal]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : hp - ROMAN-PC
# Gestarted von : F:\AdwCleaner_4.204.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : bonanzadealslive
[#] Dienst Gelöscht : bonanzadealslivem
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files\BabylonToolbar
Ordner Gelöscht : C:\Program Files\BatBrowse
Ordner Gelöscht : C:\Program Files\BonanzaDeals
Ordner Gelöscht : C:\Program Files\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files\FoxTab
Ordner Gelöscht : C:\Program Files\Red Sky
Ordner Gelöscht : C:\Program Files\vGrabber-software
Ordner Gelöscht : C:\Program Files\Optimizer Pro
Ordner Gelöscht : C:\Users\hp\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\hp\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\hp\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\hp\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\hp\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\hp\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\hp\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\hp\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\hp\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\hp\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\hp\AppData\Roaming\FoxTab
Ordner Gelöscht : C:\Users\hp\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\hp\AppData\Roaming\UpdaterEX
Ordner Gelöscht : C:\Users\hp\AppData\Roaming\YourFileDownloader
Ordner Gelöscht : C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
Ordner Gelöscht : C:\Users\Roman\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\Roman\AppData\Roaming\HPAppData
Ordner Gelöscht : C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
Ordner Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Ordner Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchmpbaclbiioedakpcldenooikekokm
Ordner Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Datei Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ccncljhbalbbkkfgopogabimepmfkmff
Datei Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dchmpbaclbiioedakpcldenooikekokm_0.localstorage
Datei Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dchmpbaclbiioedakpcldenooikekokm_0.localstorage-journal
Datei Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dchmpbaclbiioedakpcldenooikekokm
Datei Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ieadcoanfjloocmfafkebdnfefmohngj_0.localstorage
Datei Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ieadcoanfjloocmfafkebdnfefmohngj_0.localstorage-journal
Datei Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbpjplgmaeigbnpadeajipebdlihpcfn
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\hp\AppData\Local\foxtab_speeddial.crx
Datei Gelöscht : C:\Users\hp\AppData\Roaming\BabMaint.exe
Datei Gelöscht : C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\bprotector_extensions.rdf
Datei Gelöscht : C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\searchplugins\bingp.xml
Datei Gelöscht : C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\searchplugins\BitGuard.xml
Datei Gelöscht : C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\cd4q4fu9.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\user.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\defaults\pref\reporter.js
Datei Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\bprotector web data
Datei Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mmotraffic.com_0.localstorage
Datei Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage
Datei Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage-journal
Datei Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.divshare.com_0.localstorage
Datei Gelöscht : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.divshare.com_0.localstorage-journal
***** [ Geplante Tasks ] *****
Task Gelöscht : BonanzaDealsLiveUpdateTaskMachineCore
Task Gelöscht : BonanzaDealsLiveUpdateTaskMachineUA
Task Gelöscht : FoxTab
Task Gelöscht : UpdaterEX
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\hp\Desktop\Search.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeMeter\Tools\CodeMeter Command Prompt.lnk
Verknüpfung Desinfiziert : C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Search.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ccncljhbalbbkkfgopogabimepmfkmff
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\dchmpbaclbiioedakpcldenooikekokm
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dchmpbaclbiioedakpcldenooikekokm
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pbpjplgmaeigbnpadeajipebdlihpcfn
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Schlüssel Gelöscht : HKCU\Software\5e2dd8bb03cbf12
Schlüssel Gelöscht : HKLM\SOFTWARE\5e2dd8bb03cbf12
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\76B608FFCF7542C88965C93F350BEBF2
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\BatBrowse
Schlüssel Gelöscht : HKCU\Software\BonanzaDeals
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\smartbarbackup
Schlüssel Gelöscht : HKCU\Software\smartbarlog
Schlüssel Gelöscht : HKCU\Software\UpdaterEX
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\BatBrowse
Schlüssel Gelöscht : HKLM\SOFTWARE\BonanzaDeals
Schlüssel Gelöscht : HKLM\SOFTWARE\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F04C4F83-D9C7-408C-9DEB-D5526E72108C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BatBrowse
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{10174305-FFC7-4F27-8AB5-0E7768CCA5EF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B01AAC47-D5D7-4A9A-AFC0-1C2C23AE8991}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F04C4F83-D9C7-408C-9DEB-D5526E72108C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon Chrome Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BatBrowse
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bonanza Deals
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\UpdaterEX
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16533
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v3.6.25 (de)
[tgl3lw7g.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[tgl3lw7g.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0aa0c8f1-8479-4867-bf2c-20c9e71eae53&affid=111583&searchtype=hp&babsrc=lnkry&installDate=01/01/1970"[...]
[tgl3lw7g.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.enabledItems", "{0aa0c8f1-8479-4867-bf2c-20c9e71eae53}:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.1.0.10441,helperbar@helperbar.com:1[...]
[tgl3lw7g.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0aa0c8f1-8479-4867-bf2c-20c9e71eae53&affid=111583&searchtype=ds&babsrc=lnkry&installDate=01/01/1970&q=");
[tgl3lw7g.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
[tgl3lw7g.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0aa0c8f1-8479-4867-bf2c-20c9e71eae53&affid=111583&searchtype=nt&babsrc=lnkry_nt&installDate=01/01/1970&q="[...]
[cd4q4fu9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0aa0c8f1-8479-4867-bf2c-20c9e71eae53&affid=111583&searchtype=hp&babsrc=lnkry&installDate=01/01/1970"[...]
[cd4q4fu9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[cd4q4fu9.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0aa0c8f1-8479-4867-bf2c-20c9e71eae53&affid=111583&searchtype=ds&babsrc=lnkry&installDate=01/01/1970&q=");
[cd4q4fu9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0aa0c8f1-8479-4867-bf2c-20c9e71eae53&affid=111583&searchtype=nt&babsrc=lnkry_nt&installDate=01/01/1970&q="[...]
-\\ Google Chrome v33.0.1750.117
[C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=120024&tt=3512_3&babsrc=SP_ss_gin2g&mntrId=543b40cc000000000000001a73e1866a
[C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.searchgol.com/?q={searchTerms}&affID=120024&tt=3512_3&babsrc=SP_ss_Btisdt7&mntrId=543b40cc000000000000001a73e1866a
[C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0aa0c8f1-8479-4867-bf2c-20c9e71eae53&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
[C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Extension] : dchmpbaclbiioedakpcldenooikekokm
[C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Extension] : ieadcoanfjloocmfafkebdnfefmohngj
[C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Homepage] : hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0aa0c8f1-8479-4867-bf2c-20c9e71eae53&affid=111583&searchtype=hp&babsrc=lnkry&installDate=01/01/1970
[C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Startup_URLs] : hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0aa0c8f1-8479-4867-bf2c-20c9e71eae53&affid=111583&searchtype=hp&babsrc=lnkry&installDate=01/01/1970
[C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0aa0c8f1-8479-4867-bf2c-20c9e71eae53&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate={installDate}
[C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Homepage] : hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0aa0c8f1-8479-4867-bf2c-20c9e71eae53&affid=111583&searchtype=hp&babsrc=lnkry&installDate={installDate}
*************************
AdwCleaner[R0].txt - [30968 Bytes] - [15/05/2015 00:39:31]
AdwCleaner[S0].txt - [29692 Bytes] - [15/05/2015 00:42:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29752 Bytes] ##########
Es tut mir echt leid! Hab echt nicht richtig gelesen! Danke das Du so eine Geduld mit mir hast! Lisa Bin jetzt noch bis 16:40 Uhr da, muss dann in die Arbeit! Wenn Du noch Anweisungen hast, werde ich diese genauestens ausführen zu deiner Zufriedenheit. Bin ab ca. 22:30 Uhr dann wieder online und morgen den ganzen Tag. Danke für deine Mühe! Lisa  |
|
15.05.2015, 15:40
| #35 |
| | Bildschirm flimmert in verschiedenen Farben! Komme jetzt wieder rein ins Prog. ohne Abgesicherter Modus!! Bringt eine Fehler Meldung! |
|
16.05.2015, 08:31
| #36 |
| | Bildschirm flimmert in verschiedenen Farben! Hallo Cosinus, hilfst Du mir noch weiter? Das Laptop geht jetzt, braucht aber ewig bis es sich rauf lädt. Den Dll fehler habe ich beseitigt in dem ich ITunes, und Mobile von der Festplatte deinstalliert habe. Die werden von den Jungen sowieso nicht gebraucht. Der Explorer verabschiedet sich auch ab und zu ( Explorer reagiert nicht mehr) muss dann neu geladen werden! Lg Lisa das Laptop ist ca. 1 Jahr nicht mehr angewesen, weil es nicht ging. Windows Update habe ich suchen lassen 87 insgesamt und Updates geladen. |
|
16.05.2015, 12:37
| #37 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bildschirm flimmert in verschiedenen Farben! Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.05.2015, 15:15
| #38 |
| | Bildschirm flimmert in verschiedenen Farben!Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-05-2015 02
Ran by hp at 2015-05-17 15:51:57
Running from F:\
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2087834869-41306806-706425095-500 - Administrator - Disabled)
Gast (S-1-5-21-2087834869-41306806-706425095-501 - Limited - Enabled)
hp (S-1-5-21-2087834869-41306806-706425095-1000 - Administrator - Enabled) => C:\Users\hp
Roman (S-1-5-21-2087834869-41306806-706425095-1001 - Administrator - Enabled) => C:\Users\Roman
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.3.183.11 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader 8 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A80000000002}) (Version: 8.0.0 - Adobe Systems Incorporated)
Age of Mythology (HKLM\...\Age of Mythology 1.0) (Version: - )
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aufstieg des Hexenkönigs™ (HKLM\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version: - )
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.7.0.62 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Brother HL-2035 (HKLM\...\{30ABD2DC-8B23-4BB2-84AD-DF8DCFF2B75D}) (Version: 1.00 - Brother)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.03 - Piriform)
CodeMeter Runtime Kit v4.20a (HKLM\...\{3D86163C-6E2A-4C00-A7C0-FB794D6BF476}) (Version: 4.20.282.501 - WIBU-SYSTEMS AG)
CodeMeter Runtime Merge Module (Win32) (Version: 4.10.235.503 - Alexander Schmitt) Hidden
CodeMeter Tools Merge Module (Version: 4.10.235.503 - Marc Beissmann) Hidden
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: 4.18.0.0 - Conexant)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 90.0.205.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Schlacht um Mittelerde™ II (HKLM\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
DJ_AIO_ProductContext (Version: 90.0.236.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
ESU for Microsoft Vista (HKLM\...\{B76A76EB-BCCA-4625-9C4C-1FFAE19E4772}) (Version: 2.0.5.1 - Hewlett-Packard)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100 (Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_doccd (Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_Help (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Fahren Lernen Verwaltung 1.5 (HKLM\...\{EA863E91-B793-4D1B-BF04-97DB395E74C5}_is1) (Version: - Verlag Heinrich Vogel - Springer Transport Media GmbH)
FahrenLernenSync 1.5 (HKLM\...\{7339E5F7-32DE-45CD-995E-A795494A4082}_is1) (Version: - Verlag Heinrich Vogel - Springer Transport Media GmbH)
Fahrschulmanager 9.2 (HKLM\...\{C53E8248-AB7C-41EA-98E3-BF54B0559AC3}_is1) (Version: - Springer Fachmedien München GmbH - Verlag Heinrich Vogel)
ffdshow v1.1.3562 [2010-09-07] (HKLM\...\ffdshow_is1) (Version: 1.1.3562.0 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - )
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: - )
Hewlett-Packard Active Check (Version: 1.1.7.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent (Version: 2.0.58.0 - HP) Hidden
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.1.0.2278 - Hewlett-Packard)
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Deskjet All-In-One Software 9.0 (HKLM\...\{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}) (Version: 9.0 - HP)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.1.0.2279 - Hewlett-Packard)
HP Help and Support (HKLM\...\{9061CEF2-51F5-42C9-8A70-9ED351C6597A}) (Version: 1.1.0 - Hewlett-Packard)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4900 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP QuickPlay 3.2 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP Smart Web Printing (HKLM\...\{415CDA53-9100-476F-A7B2-476691E117C7}) (Version: 2.15.7.0 - Ihr Firmenname)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}) (Version: 4.000.006.003 - Hewlett-Packard)
HP User Guides 0056 (HKLM\...\{5AB56552-6938-4686-9F87-DB0ED8D1E06B}) (Version: 1.02.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Ihr Firmenname)
Java(TM) 6 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
LightScribe 1.6.43.1 (Version: 1.6.43.1 - hxxp://www.lightscribe.com) Hidden
Linkury Smartbar Engine (HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\{665f828d-0390-4867-8e22-03a531074fc2}) (Version: 1.24.22.10764 - Linkury Inc.) <==== ATTENTION
LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.4.5 - Symantec Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mirage Driver 1.1 (HKLM\...\Mirage Driver_is1) (Version: 1.1 - )
Mouse Driver (HKLM\...\InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}) (Version: 5.1 - Driver Builder)
Mouse Driver (Version: 5.1 - Driver Builder) Hidden
Mozilla Firefox (3.6.25) (HKLM\...\Mozilla Firefox (3.6.25)) (Version: 3.6.25 (de) - Mozilla)
MSCU for Microsoft Vista (HKLM\...\{8CC5F040-44F2-4FB7-9720-47F53F96D180}) (Version: 1.0.1.3 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
PC-Professional (HKLM\...\{776CCBE6-CB5F-4CCB-B364-5937CA2AB0F0}_is1) (Version: - Verlag Heinrich Vogel)
PC-Professional Klasse A 2011 (HKLM\...\{00F4B50E-C3B4-4E41-8334-042DF54A0AB3}_is1) (Version: - Verlag Heinrich Vogel)
PC-Professional Klasse B 2011 (HKLM\...\{791E2D38-210B-4622-8C57-512520D9F4EF}_is1) (Version: - Verlag Heinrich Vogel)
PC-Professional Klasse C 2011 (HKLM\...\{D0CAA2F0-A08E-42DD-815F-1691A684D39E}_is1) (Version: - Verlag Heinrich Vogel)
PC-Professional Klasse D 2011 (HKLM\...\{68E9010A-98DF-44B0-A7AB-3CE36ACA5263}_is1) (Version: - Verlag Heinrich Vogel)
PC-Professional Modul Weiterbildung LKW: Schaltstelle Fahrer (HKLM\...\{2D9D5712-150B-4826-BFF3-07E4C4EBEBE6}_is1) (Version: - Verlag Heinrich Vogel)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.551 - Roxio)
Safari (HKLM\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Sigel Label- und Barcode Software (HKLM\...\Sigel Label- und Barcode Software) (Version: - )
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartAudio (HKLM\...\SmartAudio) (Version: - Conexant)
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.11.0 - Synaptics)
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Telekom Internet Manager (HKLM\...\Telekom Internet Manager) (Version: 11.301.05.05.748 - Huawei Technologies Co.,Ltd)
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VeriSoft Access Manager (HKLM\...\{0ABA40AF-288D-41F1-B735-C5155692CD7D}) (Version: 2.1.2.880.15 - Bioscrypt Inc.)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\3F84B3D0CF7723323F1B217C178C4C4BDC5BA436) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
17-02-2014 19:17:10 Windows Update
20-02-2014 23:10:39 Windows Update
02-03-2014 17:42:41 Windows Update
02-03-2014 21:14:13 DirectX wurde installiert
04-03-2014 19:21:51 Installiert Dawn of War - Dark Crusade
04-03-2014 19:45:32 Installiert DawnOfWar
06-03-2014 19:58:28 Windows Update
22-03-2014 16:03:21 Windows Update
23-03-2014 20:05:29 Windows Update
27-03-2014 19:46:33 Windows Update
04-04-2014 18:22:40 Windows Update
10-04-2014 23:05:24 Windows Update
19-04-2014 17:39:06 Windows Update
27-04-2014 12:36:52 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2015-05-15 13:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {12A40B69-07DB-4670-96B1-B0E3DC7BD7BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {229A58B3-65DF-446F-93C3-87C52715DD4B} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {45AFD6B2-9904-48B0-AD0F-712A9CAAC1D3} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {52003A4B-AEC2-44D6-B3EC-4583BEFAB06D} - \YourFile Update No Task File <==== ATTENTION
Task: {8C5F06BA-B278-45D8-9211-EA803AAED5AD} - \FoxTab No Task File <==== ATTENTION
Task: {9217FACC-D9A6-4868-A92A-8932DE021A3E} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {A728B8C0-05EC-40C7-9A56-AA26990DD191} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: {A7313D84-05D0-4842-B3FC-4BD07C632EF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {B5030DA7-34D2-4E32-8204-907132F36225} - \BitGuard No Task File <==== ATTENTION
Task: {CFBAFF41-2C62-43A0-A5DB-FACF4930B0E0} - \EPUpdater No Task File <==== ATTENTION
Task: {D50887CD-31E7-410C-B646-5062E93AA277} - \BonanzaDealsLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {EE259ACE-5A8E-4008-9F59-4F1DFC812828} - \BonanzaDealsLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {F5E0808E-BC45-4040-A19E-E10CCB0A3913} - \BonanzaDealsUpdate No Task File <==== ATTENTION
Task: {FA64CC72-1509-44F5-B833-5D3925FDB9AF} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12] (Hewlett-Packard)
Task: {FE4C308E-0100-4D24-A189-ECF6F301470D} - \UpdaterEX No Task File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-05-15 02:14 - 2015-05-15 02:14 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-15 02:14 - 2015-05-15 02:14 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-16 21:21 - 2015-05-16 21:21 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051601\algo.dll
2015-05-17 15:14 - 2015-05-17 15:14 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051700\algo.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-08-20 10:51 - 2007-04-24 03:11 - 00262243 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
2007-08-20 10:51 - 2007-04-24 03:11 - 00237673 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2011-06-21 16:21 - 2011-06-16 12:01 - 00212992 _____ () C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\System.ComponentModel.Composition.dll
2011-06-21 16:21 - 2011-03-30 15:40 - 00052736 _____ () C:\PROGRAM FILES\VOGEL VERLAG\GEMEINSAME KOMPONENTEN\FAHRENLERNENSYNC\PLUGINS\ONLINESERVICES.SERVICEONLINEUPDATES.DATEN.dll
2012-08-19 18:23 - 2012-08-19 18:23 - 00910680 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-06-21 16:21 - 2011-09-06 15:33 - 00028672 _____ () C:\PROGRAM FILES\VOGEL VERLAG\GEMEINSAME KOMPONENTEN\FAHRENLERNENSYNC\PLUGINS\VERLAGHEINRICHVOGEL.FTP.dll
2011-06-21 16:21 - 2011-03-30 15:40 - 00033280 _____ () C:\PROGRAM FILES\VOGEL VERLAG\GEMEINSAME KOMPONENTEN\FAHRENLERNENSYNC\PLUGINS\VERLAGHEINRICHVOGEL.ONLINEUPDATES.SERVICECLIENT.dll
2011-06-21 16:21 - 2011-04-13 12:31 - 00030720 _____ () C:\PROGRAM FILES\VOGEL VERLAG\GEMEINSAME KOMPONENTEN\FAHRENLERNENSYNC\PLUGINS\VERLAGHEINRICHVOGEL.UTILS.dll
2011-12-12 18:57 - 2011-08-29 11:29 - 00058880 _____ () C:\PROGRAM FILES\VOGEL VERLAG\GEMEINSAME KOMPONENTEN\FAHRENLERNENSYNC\PLUGINS\VOGEL.SYNCSERVICES.PLUGINS.FSMANDROID.dll
2015-05-15 02:15 - 2015-05-15 02:15 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2007-02-17 02:40 - 2007-02-17 02:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-02-17 02:40 - 2007-02-17 02:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2015-05-16 11:15 - 2015-05-16 11:15 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\05139c8c59a94faa7592e7d20a46d2c3\Kies.Common.DeviceServiceLib.Interface.ni.dll
2015-05-16 11:16 - 2015-05-16 11:16 - 14971904 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\6af4e6849c5245d553c7f3ad01d0a01c\Kies.Theme.ni.dll
2015-05-16 11:14 - 2015-05-16 11:14 - 01842688 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8f4cca061ac29325dadb6340cc1fce18\Kies.UI.ni.dll
2015-05-16 11:14 - 2015-05-16 11:14 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\781622d2d2f65de56982ebb61ee0eab2\Kies.MVVM.ni.dll
2015-05-16 11:15 - 2015-05-16 11:15 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\6815ff93472d008087880a6462931188\ASF_cSharpAPI.ni.dll
2007-03-29 13:17 - 2007-03-29 13:17 - 00106496 _____ () C:\Program Files\Mouse Driver\keydll.dll
2005-05-04 20:12 - 2005-05-04 20:12 - 00028672 _____ () C:\Program Files\Mouse Driver\MouseHook.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hp\AppData\Local\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{A6790671-C896-495F-A8E2-A9952EFD431E}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{EB6EB3E0-DF7A-452B-965A-548971C6A386}] => (Allow) svchost.exe
FirewallRules: [{3AABD80B-337E-4F0D-813A-D7118F789BD3}] => (Allow) C:\Program Files\MSN Messenger\livecall.exe
FirewallRules: [{7EBDCEDB-3F52-4967-B9F1-635E2B4F366B}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
FirewallRules: [{D243203B-5D8C-4C0D-B3EA-33E9AD6724DC}] => (Allow) C:\Program Files\HP\QuickPlay\QPService.exe
FirewallRules: [{47168574-D071-40AC-9D4D-F2CB875D16DC}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F920AB3D-52A9-49B0-9508-0EEB2265C4A6}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{C5801744-471B-488C-BE91-103B901C8BFB}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
FirewallRules: [UDP Query User{AAC3A01D-0AA2-404D-A899-C111E99A70BE}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
FirewallRules: [TCP Query User{7C51C5EB-8D0F-465B-A35E-BDA29B71217B}C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe] => (Block) C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe
FirewallRules: [UDP Query User{7BBAD1D6-CAEE-458A-B1F4-2217274BF4AB}C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe] => (Block) C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe
FirewallRules: [{061E4FC6-39BD-4A70-ADA1-DF3C8D4467F2}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{EB89D978-7A63-4CA1-BFDB-3F459F389C4E}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{8E02DC7C-DE75-421C-BECF-5978BE26F742}C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe] => (Block) C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe
FirewallRules: [UDP Query User{4CB27430-1891-4735-BB8B-39DA6918DFB5}C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe] => (Block) C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe
FirewallRules: [{D07DF6EC-1E47-46C6-84CE-7759D727DBE0}] => (Allow) LPort=80
FirewallRules: [{AFB90AA4-77C5-4267-BB13-812A6B98E9C1}] => (Allow) LPort=80
FirewallRules: [{CE86704A-3AC4-4B12-A2FB-D219E228EE3B}] => (Allow) LPort=80
FirewallRules: [TCP Query User{9A3A58F3-A466-494C-84B7-A5700BAE3D19}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [UDP Query User{9DA453AB-F5F1-4FE3-AC42-7D19C62A611A}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [TCP Query User{7203B5F9-EAB8-49EA-8468-69823F4E30F2}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{6531FBF9-BF11-43E2-AB70-7222518AECB0}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{C17A2C84-F259-414A-AE05-9C7E8414CF6A}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{9499FEDD-34AC-41F4-9485-DF7EE079F8DE}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{DAFD5ACD-4E46-40FF-A64A-DB202CB68AB3}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [UDP Query User{52468090-D9DA-463D-B934-4EABC238E1A6}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [TCP Query User{4748B723-092A-400A-A6EC-E375B81F1BDF}C:\drisc\programme\fsm_winvnc.exe] => (Allow) C:\drisc\programme\fsm_winvnc.exe
FirewallRules: [UDP Query User{841514AF-F047-4366-B599-285576448BB2}C:\drisc\programme\fsm_winvnc.exe] => (Allow) C:\drisc\programme\fsm_winvnc.exe
FirewallRules: [{B6F833CC-8FF0-438B-A6C0-73DA28D8DDFC}] => (Allow) C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
FirewallRules: [{1A9F57E6-5CB8-4076-91B6-80412766B67C}] => (Allow) C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
FirewallRules: [{D6B33A5A-2C18-42AF-8221-BCD378312417}] => (Allow) C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
FirewallRules: [{5CB3601E-4303-4859-BBCD-198C6E2FABF5}] => (Allow) C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
FirewallRules: [{A6BE6B39-57A0-4DF2-9B49-4EDBAB89DFFF}] => (Allow) C:\Program Files\Vogel Verlag\Fahren Lernen Verwaltung\Vogel.FahrenLernenMax.Admin.exe
FirewallRules: [{88711B07-9086-4443-ADE0-7C01EFCF5D81}] => (Allow) C:\Program Files\Vogel Verlag\Fahren Lernen Verwaltung\Vogel.FahrenLernenMax.Admin.exe
FirewallRules: [{2371A715-2D00-42B3-BE50-F6311CF55160}] => (Allow) C:\Program Files\Vogel Verlag\Fahren Lernen Verwaltung\Vogel.FahrenLernenMax.Admin.exe
FirewallRules: [{62880775-348C-4D0A-B8C5-68FC74B6D00C}] => (Allow) C:\Program Files\Vogel Verlag\Fahren Lernen Verwaltung\Vogel.FahrenLernenMax.Admin.exe
FirewallRules: [{2E1DB27C-BCA8-466E-9212-CAA1C0EDEC5C}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\Fernwartung.EXE
FirewallRules: [{D6FDF186-2C86-49F1-9F88-6ECD28864EE9}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\Fernwartung.EXE
FirewallRules: [{FEDEA407-751F-42D0-AF9C-00FCC82EF4A0}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\FSM_WinVNC.exe
FirewallRules: [{04A0DE97-38D6-4854-919C-F1FC34667BE1}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\FSM_WinVNC.exe
FirewallRules: [{78E51E29-DC1E-41E9-B9C8-B7E78758C101}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\PC_Professional.exe
FirewallRules: [{663E77E6-59D9-45E9-A3F5-DB2D6EA3298C}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\PC_Professional.exe
FirewallRules: [TCP Query User{08C6CC39-A699-415F-8388-AED3E290C51E}C:\drisc\programme\fsm_winvnc.exe] => (Allow) C:\drisc\programme\fsm_winvnc.exe
FirewallRules: [UDP Query User{27084DFB-F357-49E6-B814-381DC98EA5BA}C:\drisc\programme\fsm_winvnc.exe] => (Allow) C:\drisc\programme\fsm_winvnc.exe
FirewallRules: [{6CF09865-16E8-4D90-93A6-55020D7F2443}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{366AEAD6-DA18-49EA-A355-6F05F218445B}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\Fernwartung.EXE
FirewallRules: [{823814E8-50BE-4495-83E6-0F4BF0E62763}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\Fernwartung.EXE
FirewallRules: [{4F1A15C6-14B4-4776-9EE5-90854AB95751}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\FSM_WinVNC.exe
FirewallRules: [{0D1DA389-1F60-4641-A4C4-46751ABD8F02}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\FSM_WinVNC.exe
FirewallRules: [{7634ADE5-DE5C-48CA-B166-94911CBD3E27}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\PC_Professional.exe
FirewallRules: [{DF30A205-732C-458A-9107-571894027560}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\PC_Professional.exe
FirewallRules: [{F0C5310B-AAF2-442B-A283-CEA8070B8393}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7169267E-6CB3-456E-BCE0-540E67EFF381}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9A4BE4E0-6660-4163-B282-3B3B3C9E5DDD}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{ABFBD873-ECEF-4F44-A905-152111FA2731}] => (Allow) svchost.exe
FirewallRules: [{E36A9C37-40FE-466D-AF45-0DA902F6240A}] => (Allow) C:\Program Files\MSN Messenger\livecall.exe
FirewallRules: [TCP Query User{6088709B-8FB8-41D9-83A2-C11CCD59DB7F}C:\program files\tmnationsforever\tmforever.exe] => (Block) C:\program files\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{E2970C9F-6304-4276-82AC-F96060B80771}C:\program files\tmnationsforever\tmforever.exe] => (Block) C:\program files\tmnationsforever\tmforever.exe
FirewallRules: [{B4911FB6-2F9A-4F89-8149-E90FF5CD829C}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{0D773D39-B32C-447B-9CC4-A32354C8ECD6}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{7BA80829-DAEF-48CC-90EB-88C8E8DB3603}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{309A8461-DE35-4F96-BA9D-4DF07BD00038}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{F772C099-2565-4888-A7E6-F554D0AD0418}] => (Allow) C:\Program Files\YourFileDownloader\YourFile.exe
FirewallRules: [{031E2438-B146-4A4E-9F4B-BD1F891AF659}] => (Allow) C:\Program Files\YourFileDownloader\YourFile.exe
FirewallRules: [{759C0A06-BA49-4E16-841D-0504B04279EF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{068B69BF-2995-4DC9-A386-56D065F78C68}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{45746126-D74A-49FF-B6AA-FE7AC4A4ADC8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [{AF0A3435-8EEA-411D-B727-7378C40DBFBD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F83572D7-41B6-4831-AD16-2E0930F4717D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{09381C21-8F92-4A2D-AFBC-1F5E70F22614}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{6C2CEFC4-FCFB-45F6-9761-91F8858F7D70}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [{0297924F-1AA2-4C0E-B469-3F98BDF67107}] => (Allow) C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{15914E1A-B5D1-405B-8772-9536ABD1C751}] => (Allow) C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{8BCACE6D-DAA7-4BFE-BBF6-4AF82D30CBFA}] => (Allow) C:\Program Files\Electronic Arts\Aufstieg des Hexenkönigs\game.dat
FirewallRules: [{18A860F2-5DF0-47B1-93A9-7B4F77E11604}] => (Allow) C:\Program Files\Electronic Arts\Aufstieg des Hexenkönigs\game.dat
FirewallRules: [{C7727F93-6530-4089-852B-45A2BFF9CB1A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{29A4B90A-BAB6-4A6A-B39E-CD69A5E209FB}] => (Allow) C:\Program Files\Electronic Arts\Aufstieg des Hexenkönigs\game.dat
FirewallRules: [{DD6D1E07-8885-4DD0-91C5-ED7EBB5E0806}] => (Allow) C:\Program Files\Electronic Arts\Aufstieg des Hexenkönigs\game.dat
DomainProfile\AuthorizedApplications: [C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
==================== Faulty Device Manager Devices =============
Name: mv video hook driver2
Description: mv video hook driver2
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: UVNC BVBA
Service: mv2
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/17/2015 03:46:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/17/2015 03:29:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Edain_Mod_Launcher.exe, Version 1.0.0.3 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 11fc
Anfangszeit: 01d090a3cf7807b8
Zeitpunkt der Beendigung: 569
Error: (05/17/2015 03:10:54 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HP\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/17/2015 03:10:54 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HP\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/17/2015 03:10:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HP\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/17/2015 03:10:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HP\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/17/2015 03:10:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HP\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/17/2015 03:10:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HP\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/17/2015 03:10:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HP\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/17/2015 03:10:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HP\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (05/17/2015 03:14:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update
Error: (05/17/2015 03:09:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: CyberLink Task Scheduler (CTS)CyberLink Background Capture Service (CBCS)%%1070
Error: (05/17/2015 03:09:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: CyberLink Background Capture Service (CBCS)
Error: (05/17/2015 03:07:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Vogel - FahrenLernenSync%%1053
Error: (05/17/2015 03:07:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Vogel - FahrenLernenSync
Error: (05/17/2015 03:07:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MBAMService%%1053
Error: (05/17/2015 03:07:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000MBAMService
Error: (05/17/2015 03:07:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (05/17/2015 03:03:51 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (05/16/2015 10:57:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x800706baWindows Live Essentials 2011 (KB2434419){087B85DE-3627-4A1F-BF1B-E6D3BCEA03F0}101
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-05-17 15:51:24.413
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-17 15:51:23.487
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-17 15:51:22.579
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-17 15:51:21.646
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-17 15:51:20.274
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-17 15:51:19.370
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-17 15:51:18.456
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-17 15:51:17.599
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-17 15:49:31.245
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-17 15:49:30.407
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-64
Percentage of memory in use: 60%
Total physical RAM: 2046.23 MB
Available physical RAM: 798.55 MB
Total Pagefile: 4330.94 MB
Available Pagefile: 2486.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.67 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:225.35 GB) (Free:55.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:7.54 GB) (Free:2.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (LOTRBFME2EP1) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF
Drive f: (KINGSTON) (Removable) (Total:28.8 GB) (Free:13.72 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: DCC27A89)
Partition 1: (Active) - (Size=225.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 28.8 GB) (Disk ID: 22896F74)
Partition 1: (Active) - (Size=28.8 GB) - (Type=0B)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02
Ran by hp (administrator) on ROMAN-PC on 17-05-2015 15:47:46
Running from F:\
Loaded Profiles: hp (Available profiles: hp & Roman)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cognizance Corporation) C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(Verlag Heinrich Vogel in der Springer Transport Media GmbH) C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
(Huawei Technologies Co., Ltd.) C:\Program Files\Telekom\InternetManager_H\DataCardMonitor.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(UASSOFT.COM) C:\Program Files\Mouse Driver\StartAutorun.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(UASSOFT.COM) C:\Program Files\Mouse Driver\KMWDSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(UASSOFT.COM) C:\Program Files\Mouse Driver\KMCONFIG.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files\Samsung\Kies\KiesAirMessage.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
(UASSOFT.COM) C:\Program Files\Mouse Driver\KMProcess.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Huawei Technologies Co., Ltd.) C:\Users\hp\AppData\Roaming\Telekom Internet Manager\ouc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\RacAgent.exe
(Microsoft Corporation) C:\Windows\System32\mcbuilder.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SpiderService] => C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe [324096 2011-10-11] (Verlag Heinrich Vogel in der Springer Transport Media GmbH)
HKLM\...\Run: [DataCardMonitor] => C:\Program Files\Telekom\InternetManager_H\DataCardMonitor.exe [253952 2011-01-24] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [KMCONFIG] => C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-15] (Avast Software s.r.o.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] => C:\Program Files\Telekom\InternetManager_H\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-10-30] (Samsung Electronics)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2009-02-16]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2009-02-17]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-15] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2087834869-41306806-706425095-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2087834869-41306806-706425095-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: HP Print Clips -> {053F9267-DC04-4294-A72C-58F732D338C0} -> C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02] (Hewlett-Packard Co.)
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-25] (Sun Microsystems, Inc.)
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-15] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar1.dll [2007-08-20] (Google Germany GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-25] (Sun Microsystems, Inc.)
BHO: VeriSoft Access Manager -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll [2006-11-21] (Bioscrypt Inc.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2007-08-20] (Google Germany GmbH)
Toolbar: HKU\.DEFAULT -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2007-08-20] (Google Germany GmbH)
Toolbar: HKU\S-1-5-21-2087834869-41306806-706425095-1000 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2007-08-20] (Google Germany GmbH)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll [2007-01-19] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll [2007-01-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2011-12-02] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2011-12-21] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-01-04] (Apple Inc.)
FF Extension: No Name - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\Extensions\helperbar@helperbar.com [2015-05-16]
FF Extension: Linkury Smartbar - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\Extensions\{0aa0c8f1-8479-4867-bf2c-20c9e71eae53} [2013-06-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-10-31]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-15]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> feed.helperbar.com
CHR DefaultSearchURL: Default -> hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0aa0c8f1-8479-4867-bf2c-20c9e71eae53&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Application Manager) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll No File
CHR Plugin: (GoogleChromeRemotePlugin) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-16]
CHR Extension: (Avast Online Security) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-16]
CHR Extension: (Google Wallet) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-15]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASBroker; c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; c:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll [131584 2006-06-22] (Cognizance Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-15] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-15] (Avast Software)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243 2007-04-24] () [File not signed]
S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [106593 2007-04-24] () [File not signed]
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2067344 2010-06-30] (WIBU-SYSTEMS AG)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-02-05] (Teruten) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 KMWDSERVICE; C:\Program Files\Mouse Driver\KMWDSrv.exe [208896 2008-03-29] (UASSOFT.COM) [File not signed]
R2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-02-12] (Sonic Solutions) [File not signed]
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S2 Vogel.USBSpider; C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe [324096 2011-10-11] (Verlag Heinrich Vogel in der Springer Transport Media GmbH) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S4 AntiVirWebService; "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S3 ZSWTCTAZBTJS; C:\Users\hp\AppData\Local\Temp\ZSWTCTAZBTJS.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-15] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-05-15] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-15] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-15] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-05-15] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-15] ()
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140424 2007-03-28] (AuthenTec, Inc.)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [13184 2009-12-15] (Bytemobile, Inc.) [File not signed]
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [31896 2005-11-25] (DemoForge, LLC)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [160768 2007-04-12] (Conexant Systems Inc.)
S3 KMWDFilter; C:\Windows\System32\Drivers\KMWDFilter.SYS [17024 2008-03-22] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [24192 2009-12-15] (Bytemobile, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-15] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [113664 2009-12-08] (Huawei Technologies Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-16 22:38 - 2015-05-16 22:39 - 25002795 _____ () C:\Users\hp\Downloads\sum2_addon_patch_2.01_deutsch.exe
2015-05-16 22:31 - 2015-05-16 22:31 - 00000939 _____ () C:\Users\hp\Desktop\Edain Mod.lnk
2015-05-16 22:31 - 2015-05-16 22:31 - 00000000 ____D () C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Edain Mod
2015-05-16 22:03 - 2015-05-16 22:04 - 00000000 ____D () C:\a782c809316e4ebda93b13e6faf44b0a
2015-05-16 22:03 - 2015-05-16 22:03 - 00000000 ____D () C:\Users\Default\AppData\Roaming\hpqLog
2015-05-16 22:03 - 2015-05-16 22:03 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\hpqLog
2015-05-16 22:02 - 2015-05-16 22:02 - 00000000 ____D () C:\Windows\QLB
2015-05-16 22:02 - 2015-05-16 22:02 - 00000000 ____D () C:\Users\hp\AppData\Roaming\hpqLog
2015-05-16 22:02 - 2009-04-29 07:46 - 00015872 _____ (Hewlett-Packard Development Company, L.P.) C:\Windows\system32\Drivers\HpqKbFiltr.sys
2015-05-16 22:02 - 2006-11-02 06:09 - 01419232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wdfcoinstaller01005.dll
2015-05-16 22:01 - 2015-05-16 22:02 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-05-16 21:43 - 2009-08-04 10:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2015-05-16 21:36 - 2015-05-17 15:45 - 00200698 _____ () C:\ProgramData\nvModes.dat
2015-05-16 21:36 - 2015-05-17 15:45 - 00200698 _____ () C:\ProgramData\nvModes.001
2015-05-16 21:36 - 2015-05-16 21:59 - 00031352 _____ () C:\Windows\DirectX.log
2015-05-16 21:36 - 2015-05-16 21:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-16 21:33 - 2015-05-16 21:33 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 21:33 - 2015-05-16 21:33 - 00000000 _____ () C:\Windows\setupact.log
2015-05-16 21:12 - 2015-05-16 21:12 - 00000000 ____D () C:\Users\hp\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2015-05-16 21:11 - 2015-05-17 15:10 - 00000000 ____D () C:\Users\hp\Desktop\LOTR
2015-05-16 12:18 - 2015-05-17 15:02 - 00001566 _____ () C:\Windows\PFRO.log
2015-05-16 11:39 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-16 11:38 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-16 11:30 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-05-16 11:30 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-05-16 11:30 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-05-16 11:30 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-05-16 11:29 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-16 11:29 - 2014-08-27 02:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-16 11:28 - 2014-06-16 00:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-05-16 11:28 - 2014-06-13 20:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-05-16 11:28 - 2014-06-13 20:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-05-16 11:26 - 2014-10-10 03:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-05-16 11:26 - 2014-10-10 03:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-16 11:26 - 2014-10-10 01:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-16 11:25 - 2014-12-19 02:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-16 11:24 - 2014-11-04 02:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-05-16 11:23 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-16 11:23 - 2015-01-15 06:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-16 11:23 - 2014-10-10 03:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-16 11:22 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-16 10:59 - 2014-10-24 03:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-16 10:58 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-16 10:58 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-16 10:57 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-16 10:57 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-16 10:57 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-16 10:57 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-16 10:57 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-16 10:56 - 2014-10-24 03:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-05-16 10:46 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-16 10:46 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-16 10:46 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-16 10:46 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-16 10:46 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-16 10:46 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-16 10:46 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-16 10:46 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-16 10:46 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-16 10:46 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-16 10:43 - 2014-11-26 04:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-05-16 10:42 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-16 10:42 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-16 10:39 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 10:20 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-16 10:19 - 2014-08-12 04:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-05-16 10:17 - 2015-05-16 10:17 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-05-16 10:12 - 2014-10-13 03:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-05-16 10:12 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-05-16 10:12 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-05-16 10:12 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-05-16 10:12 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-05-16 10:11 - 2015-05-16 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-16 10:11 - 2015-05-16 10:11 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-05-16 10:09 - 2014-10-03 03:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-16 10:09 - 2014-10-03 03:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-16 10:09 - 2014-10-03 03:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-16 10:09 - 2014-10-03 03:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-16 10:08 - 2014-12-06 05:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-16 10:08 - 2014-12-06 05:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-05-16 10:08 - 2014-12-06 05:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-05-16 10:06 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-16 10:01 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-16 09:53 - 2014-09-05 01:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-05-16 09:51 - 2014-12-08 03:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-16 09:47 - 2014-12-06 05:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-16 09:40 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-05-16 09:40 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-05-16 09:39 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-05-16 09:39 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-05-16 09:39 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-05-16 09:38 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-05-16 09:33 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-16 09:32 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-05-16 09:21 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-16 09:21 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-16 09:21 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-16 09:21 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-16 09:21 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-16 09:21 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-16 09:21 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-16 09:21 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-16 09:21 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-16 09:21 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-16 09:21 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-16 09:21 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-16 09:21 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-16 09:21 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-16 09:21 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-16 09:21 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-16 09:21 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-16 09:21 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-16 09:21 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-16 09:21 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-16 09:21 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-16 09:21 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-16 09:20 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-05-16 09:05 - 2015-05-16 09:05 - 00448512 _____ (OldTimer Tools) C:\Users\hp\Desktop\TFC.exe
2015-05-16 09:01 - 2015-05-16 09:01 - 00002728 _____ () C:\Users\hp\Documents\cc_20150516_090139.reg
2015-05-16 09:00 - 2015-05-16 09:01 - 00134606 _____ () C:\Users\hp\Documents\cc_20150516_090030.reg
2015-05-16 08:48 - 2015-05-16 08:48 - 00000000 ____D () C:\Users\hp\Documents\Updater5
2015-05-15 16:38 - 2015-05-15 16:38 - 00000000 ____D () C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2015-05-15 16:38 - 2015-05-15 16:38 - 00000000 ____D () C:\Program Files\GPU-Z
2015-05-15 13:44 - 2015-05-15 13:44 - 00014838 _____ () C:\ComboFix.txt
2015-05-15 13:06 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-15 13:06 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-15 13:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-15 13:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-15 13:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-15 13:06 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-15 13:06 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-15 13:06 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-15 03:05 - 2015-05-15 03:05 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ROMAN-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-05-15 03:04 - 2015-05-15 03:04 - 00000000 ____D () C:\RegBackup
2015-05-15 02:33 - 2015-05-15 02:33 - 00000000 ____D () C:\Users\hp\AppData\Roaming\AVAST Software
2015-05-15 02:16 - 2015-05-15 02:16 - 00001829 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-15 02:16 - 2015-05-15 02:16 - 00000350 _____ () C:\Windows\Tasks\avast! Emergency Update.job
2015-05-15 02:16 - 2015-05-15 02:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-15 02:15 - 2015-05-15 02:15 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-15 02:15 - 2015-05-15 02:14 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-15 02:15 - 2015-05-15 02:14 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-15 02:14 - 2015-05-15 02:14 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-15 02:14 - 2014-02-11 20:00 - 00000426 _____ () C:\AVScanner.ini
2015-05-15 02:13 - 2015-05-15 02:13 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-15 02:11 - 2015-05-15 02:12 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-15 01:00 - 2015-05-15 01:00 - 00000000 ____D () C:\Windows\system32\vbox
2015-05-15 00:39 - 2015-05-15 15:03 - 00000000 ____D () C:\AdwCleaner
2015-05-15 00:17 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-15 00:16 - 2015-05-15 00:16 - 00000820 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2015-05-15 00:16 - 2015-05-15 00:16 - 00000814 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2015-05-14 22:22 - 2015-05-16 21:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 22:22 - 2015-05-16 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-14 22:22 - 2015-05-14 22:22 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-14 22:22 - 2015-05-14 22:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-14 22:22 - 2015-05-14 22:22 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-05-14 22:22 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-14 22:22 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-14 22:12 - 2015-05-15 13:44 - 00000000 ____D () C:\Qoobox
2015-05-14 22:10 - 2015-05-15 13:43 - 00000000 ____D () C:\Windows\erdnt
2015-05-14 21:53 - 2015-05-14 21:54 - 00000000 ____D () C:\Program Files\GUMDD72.tmp
2015-05-14 21:53 - 2015-05-14 21:53 - 06103040 _____ () C:\Program Files\GUTDDB2.tmp
2015-05-14 21:24 - 2015-05-17 15:48 - 00000000 ____D () C:\FRST
2015-05-10 14:21 - 2015-05-10 14:21 - 00000000 _____ () C:\Users\hp\AppData\Local\BIT78AB.tmp
2015-05-10 14:21 - 2015-05-10 14:21 - 00000000 _____ () C:\Users\hp\AppData\Local\{7FD46037-1682-4D96-8119-B3A1438B79CE}
2015-05-10 13:52 - 2015-05-15 02:36 - 00000680 _____ () C:\Users\hp\AppData\Local\d3d9caps.dat
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-17 15:49 - 2009-01-15 17:52 - 01842745 _____ () C:\Windows\WindowsUpdate.log
2015-05-17 15:45 - 2006-11-02 12:33 - 01573638 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-17 15:13 - 2010-09-08 13:24 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-17 15:04 - 2010-09-08 13:24 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 15:04 - 2006-11-02 14:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-05-17 15:03 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 15:03 - 2006-11-02 14:47 - 00003168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-17 15:03 - 2006-11-02 14:47 - 00003168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-16 22:58 - 2009-01-15 17:52 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-05-16 22:58 - 2006-11-02 15:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-16 22:57 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-16 22:03 - 2007-08-20 10:01 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-05-16 22:02 - 2009-01-15 10:23 - 00000000 ____D () C:\Users\hp
2015-05-16 22:01 - 2007-08-20 09:48 - 00000000 ____D () C:\Program Files\CONEXANT
2015-05-16 21:58 - 2014-03-02 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2015-05-16 21:51 - 2014-03-02 21:00 - 00000000 ____D () C:\Program Files\Electronic Arts
2015-05-16 21:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2015-05-16 21:11 - 2009-01-15 12:48 - 00172258 _____ () C:\Users\hp\AppData\Roaming\nvModes.001
2015-05-16 20:49 - 2012-03-05 21:16 - 00000000 ____D () C:\Users\hp\AppData\Roaming\Skype
2015-05-16 12:20 - 2006-11-02 14:47 - 00435624 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-16 12:14 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-16 12:14 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-16 11:38 - 2007-08-20 10:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-16 10:35 - 2013-07-31 20:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-16 10:21 - 2007-08-20 10:43 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-05-16 10:11 - 2013-11-05 22:48 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-05-16 10:11 - 2013-03-04 21:59 - 00000000 ___RD () C:\Program Files\Skype
2015-05-16 10:11 - 2012-03-05 21:15 - 00000000 ____D () C:\ProgramData\Skype
2015-05-16 08:56 - 2011-02-10 09:58 - 00000000 ____D () C:\Windows\Minidump
2015-05-16 08:38 - 2009-12-01 19:18 - 00000000 ____D () C:\Users\hp\AppData\Roaming\Apple Computer
2015-05-16 08:38 - 2009-03-09 22:52 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-15 16:29 - 2009-01-15 10:39 - 00119952 _____ () C:\Users\hp\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-15 13:44 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2015-05-15 13:44 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default
2015-05-15 13:33 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2015-05-15 13:30 - 2006-11-02 12:22 - 62914560 _____ () C:\Windows\system32\config\software.bak
2015-05-15 13:30 - 2006-11-02 12:22 - 39583744 _____ () C:\Windows\system32\config\COMPON~3.bak
2015-05-15 13:30 - 2006-11-02 12:22 - 28311552 _____ () C:\Windows\system32\config\system.bak
2015-05-15 13:30 - 2006-11-02 12:22 - 00786432 _____ () C:\Windows\system32\config\default.bak
2015-05-15 13:30 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-05-15 13:30 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-05-15 04:05 - 2007-08-20 11:11 - 00000000 ____D () C:\Windows\SMINST
2015-05-15 02:15 - 2011-02-10 21:04 - 00000000 ____D () C:\ProgramData\Avira
2015-05-15 02:14 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-05-15 00:44 - 2010-11-04 19:41 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-15 00:43 - 2013-06-09 14:18 - 00001065 _____ () C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-05-15 00:16 - 2010-11-04 19:41 - 00000000 ____D () C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-15 00:16 - 2010-11-04 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-14 22:46 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Speech
2015-05-10 15:43 - 2009-01-21 13:49 - 00000000 ____D () C:\Users\Roman
2015-05-10 15:43 - 2006-11-02 12:22 - 63176704 _____ () C:\Windows\system32\config\software_previous
2015-05-10 15:42 - 2011-08-13 16:38 - 00000000 ____D () C:\Users\hp\AppData\Roaming\Telekom Internet Manager
2015-05-10 15:42 - 2010-09-08 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-10 15:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2015-05-10 15:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-05-10 15:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2015-05-10 15:41 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-05-10 15:41 - 2006-11-02 12:22 - 28311552 _____ () C:\Windows\system32\config\system_previous
2015-05-10 14:21 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-05-10 14:11 - 2006-11-02 12:22 - 39583744 _____ () C:\Windows\system32\config\components_previous
2015-05-10 14:11 - 2006-11-02 12:22 - 00786432 _____ () C:\Windows\system32\config\default_previous
2015-05-10 14:11 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-30 10:07 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
==================== Files in the root of some directories =======
2015-05-14 21:53 - 2015-05-14 21:53 - 6103040 _____ () C:\Program Files\GUTDDB2.tmp
2009-01-15 12:48 - 2015-05-16 21:11 - 0172258 _____ () C:\Users\hp\AppData\Roaming\nvModes.001
2009-01-15 12:48 - 2010-07-10 01:18 - 0172258 _____ () C:\Users\hp\AppData\Roaming\nvModes.dat
2013-12-22 12:35 - 2014-03-02 20:36 - 0000150 _____ () C:\Users\hp\AppData\Roaming\WB.CFG
2010-07-13 18:43 - 2011-07-17 22:30 - 0000102 _____ () C:\Users\hp\AppData\Roaming\wklnhst.dat
2009-01-15 10:40 - 2009-01-15 10:40 - 0000000 _____ () C:\Users\hp\AppData\Local\AtStart.txt
2015-05-10 14:21 - 2015-05-10 14:21 - 0000000 _____ () C:\Users\hp\AppData\Local\BIT78AB.tmp
2015-05-10 13:52 - 2015-05-15 02:36 - 0000680 _____ () C:\Users\hp\AppData\Local\d3d9caps.dat
2009-01-15 11:02 - 2011-09-27 00:07 - 0005120 _____ () C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-01-15 10:40 - 2009-01-15 10:40 - 0000000 _____ () C:\Users\hp\AppData\Local\DSwitch.txt
2009-01-15 12:48 - 2009-01-16 14:47 - 0000000 _____ () C:\Users\hp\AppData\Local\FnF4.txt
2009-01-15 10:40 - 2009-01-15 10:40 - 0000000 _____ () C:\Users\hp\AppData\Local\QSwitch.txt
2015-05-10 14:21 - 2015-05-10 14:21 - 0000000 _____ () C:\Users\hp\AppData\Local\{7FD46037-1682-4D96-8119-B3A1438B79CE}
2007-08-20 11:01 - 2009-01-23 19:38 - 0001541 _____ () C:\ProgramData\hpzinstall.log
2015-05-16 21:36 - 2015-05-17 15:45 - 0200698 _____ () C:\ProgramData\nvModes.001
2015-05-16 21:36 - 2015-05-17 15:45 - 0200698 _____ () C:\ProgramData\nvModes.dat
Some content of TEMP:
====================
C:\Users\hp\AppData\Local\temp\AutoRun.exe
C:\Users\hp\AppData\Local\temp\AutoRunGUI.dll
C:\Users\hp\AppData\Local\temp\EAInstall.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-17 15:08
==================== End Of Log ============================
--- --- --- |
|
17.05.2015, 23:37
| #39 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bildschirm flimmert in verschiedenen Farben! Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.05.2015, 15:11
| #40 |
| | Bildschirm flimmert in verschiedenen Farben! Hallo, was für Programme soll ich auswählen? Da sind viele? Lg Lisa |
|
18.05.2015, 15:40
| #41 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bildschirm flimmert in verschiedenen Farben! Muss ich dich erneut auffordern richtig zu lesen? Hast du deine Lesebrille verlegt? Dass man mal etwas nicht richtig liest passiert ja jedem mal, dir aber bei fast jedem Beitrag hier 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.05.2015, 16:50
| #42 |
| | Bildschirm flimmert in verschiedenen Farben! Sorry, lese richtig! Wenn ich das richtig verstehe: Zeigt mir das Programm alle Dateien vom Autostart an. Soll ich diese alle löschen? Was für Programme soll ich löschen? Alle? Sorry wo stehen die Programme die ich suchen muss zu löschen? Unistaller stehen alle Prog. die das Laptop drauf hat! mir fällt da keine Datei auf die gefährlich wäre? unter Tool im Revo Prog. kann ich wählen: Auto Run Manager, Windows Tools, Junkdateien bereinigen, ich glaub das überzuckere ich nicht, kannst Du mir das erklären bitte was? Bin wahrscheinlich zu blöd! Kann keine Trojaner usw. sehen bin leihe! Ich verstehe das so das ich alle Programme löschen soll, im Uninstaller? Diese auch Linkury Smartbar? Linkury Smartbar Engine habe ich gelöscht! Habe jetzt nur Linkury Smartbar Engine geloschen so wie beschrieben.......es existiert aber noch eine Datei mit den Namen Linkury Smartbar! FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02
Ran by hp (administrator) on ROMAN-PC on 18-05-2015 17:45:31
Running from F:\
Loaded Profiles: hp (Available profiles: hp & Roman)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DataCardMonitor] => C:\Program Files\Telekom\InternetManager_H\DataCardMonitor.exe [253952 2011-01-24] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [KMCONFIG] => C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-15] (Avast Software s.r.o.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] => C:\Program Files\Telekom\InternetManager_H\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-10-30] (Samsung Electronics)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2009-02-16]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (No File)
Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2009-02-17]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-15] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2087834869-41306806-706425095-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2087834869-41306806-706425095-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: HP Print Clips -> {053F9267-DC04-4294-A72C-58F732D338C0} -> C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02] (Hewlett-Packard Co.)
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-25] (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-15] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-25] (Sun Microsystems, Inc.)
BHO: VeriSoft Access Manager -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll [2006-11-21] (Bioscrypt Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2011-12-02] ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2011-12-21] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-01-04] (Apple Inc.)
FF Extension: No Name - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\Extensions\helperbar@helperbar.com [2015-05-16]
FF Extension: Linkury Smartbar - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\Extensions\{0aa0c8f1-8479-4867-bf2c-20c9e71eae53} [2013-06-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-10-31]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-15]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> feed.helperbar.com
CHR DefaultSearchURL: Default -> hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0aa0c8f1-8479-4867-bf2c-20c9e71eae53&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Application Manager) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll No File
CHR Plugin: (GoogleChromeRemotePlugin) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-16]
CHR Extension: (Avast Online Security) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-16]
CHR Extension: (Google Wallet) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-15]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 ASBroker; c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
S2 ASChannel; c:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll [131584 2006-06-22] (Cognizance Corporation) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-15] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-15] (Avast Software)
S2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243 2007-04-24] () [File not signed]
S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [106593 2007-04-24] () [File not signed]
S2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-02-05] (Teruten) [File not signed]
S2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 KMWDSERVICE; C:\Program Files\Mouse Driver\KMWDSrv.exe [208896 2008-03-29] (UASSOFT.COM) [File not signed]
S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-02-12] (Sonic Solutions) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S4 AntiVirWebService; "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S2 CodeMeter.exe; "C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" [X]
S2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S3 ZSWTCTAZBTJS; C:\Users\hp\AppData\Local\Temp\ZSWTCTAZBTJS.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-15] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-15] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-05-15] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-15] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-15] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-15] (Avast Software s.r.o.)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-05-15] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-15] ()
S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140424 2007-03-28] (AuthenTec, Inc.)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [13184 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [31896 2005-11-25] (DemoForge, LLC)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [160768 2007-04-12] (Conexant Systems Inc.)
S3 KMWDFilter; C:\Windows\System32\Drivers\KMWDFilter.SYS [17024 2008-03-22] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [24192 2009-12-15] (Bytemobile, Inc.) [File not signed]
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-15] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [113664 2009-12-08] (Huawei Technologies Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-18 16:05 - 2015-05-18 17:41 - 00001057 _____ () C:\Users\hp\Desktop\Revo Uninstaller.lnk
2015-05-18 16:05 - 2015-05-18 17:41 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-05-17 18:10 - 2015-05-17 18:10 - 222329340 _____ () C:\Windows\MEMORY.DMP
2015-05-17 18:10 - 2015-05-17 18:10 - 00159048 _____ () C:\Windows\Minidump\Mini051715-01.dmp
2015-05-17 17:15 - 2015-05-17 17:15 - 00000756 _____ () C:\Users\hp\Documents\Meine freigegebenen Ordner.lnk
2015-05-16 22:38 - 2015-05-16 22:39 - 25002795 _____ () C:\Users\hp\Downloads\sum2_addon_patch_2.01_deutsch.exe
2015-05-16 22:31 - 2015-05-16 22:31 - 00000939 _____ () C:\Users\hp\Desktop\Edain Mod.lnk
2015-05-16 22:31 - 2015-05-16 22:31 - 00000000 ____D () C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Edain Mod
2015-05-16 22:03 - 2015-05-16 22:04 - 00000000 ____D () C:\a782c809316e4ebda93b13e6faf44b0a
2015-05-16 22:03 - 2015-05-16 22:03 - 00000000 ____D () C:\Users\Default\AppData\Roaming\hpqLog
2015-05-16 22:03 - 2015-05-16 22:03 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\hpqLog
2015-05-16 22:02 - 2015-05-16 22:02 - 00000000 ____D () C:\Windows\QLB
2015-05-16 22:02 - 2015-05-16 22:02 - 00000000 ____D () C:\Users\hp\AppData\Roaming\hpqLog
2015-05-16 22:02 - 2009-04-29 07:46 - 00015872 _____ (Hewlett-Packard Development Company, L.P.) C:\Windows\system32\Drivers\HpqKbFiltr.sys
2015-05-16 22:02 - 2006-11-02 06:09 - 01419232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wdfcoinstaller01005.dll
2015-05-16 21:43 - 2009-08-04 10:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2015-05-16 21:36 - 2015-05-17 20:19 - 00200698 _____ () C:\ProgramData\nvModes.001
2015-05-16 21:36 - 2015-05-17 20:08 - 00200698 _____ () C:\ProgramData\nvModes.dat
2015-05-16 21:36 - 2015-05-16 21:59 - 00031352 _____ () C:\Windows\DirectX.log
2015-05-16 21:36 - 2015-05-16 21:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-16 21:33 - 2015-05-18 16:14 - 00000068 _____ () C:\Windows\setupact.log
2015-05-16 21:33 - 2015-05-16 21:33 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 21:12 - 2015-05-16 21:12 - 00000000 ____D () C:\Users\hp\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2015-05-16 21:11 - 2015-05-17 15:10 - 00000000 ____D () C:\Users\hp\Desktop\LOTR
2015-05-16 12:18 - 2015-05-17 18:10 - 00001958 _____ () C:\Windows\PFRO.log
2015-05-16 11:39 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-16 11:38 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-16 11:30 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-05-16 11:30 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-05-16 11:30 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-05-16 11:30 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-05-16 11:29 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-16 11:29 - 2014-08-27 02:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-16 11:28 - 2014-06-16 00:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-05-16 11:28 - 2014-06-13 20:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-05-16 11:28 - 2014-06-13 20:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-05-16 11:26 - 2014-10-10 03:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-05-16 11:26 - 2014-10-10 03:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-16 11:26 - 2014-10-10 01:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-16 11:25 - 2014-12-19 02:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-16 11:24 - 2014-11-04 02:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-05-16 11:23 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-16 11:23 - 2015-01-15 06:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-16 11:23 - 2014-10-10 03:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-16 11:22 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-16 10:59 - 2014-10-24 03:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-16 10:58 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-16 10:58 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-16 10:57 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-16 10:57 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-16 10:57 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-16 10:57 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-16 10:57 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-16 10:56 - 2014-10-24 03:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-05-16 10:46 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-16 10:46 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-16 10:46 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-16 10:46 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-16 10:46 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-16 10:46 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-16 10:46 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-16 10:46 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-16 10:46 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-16 10:46 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-16 10:43 - 2014-11-26 04:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-05-16 10:42 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-16 10:42 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-16 10:39 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 10:20 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-16 10:19 - 2014-08-12 04:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-05-16 10:17 - 2015-05-16 10:17 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-05-16 10:12 - 2014-10-13 03:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-05-16 10:12 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-05-16 10:12 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-05-16 10:12 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-05-16 10:12 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-05-16 10:09 - 2014-10-03 03:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-16 10:09 - 2014-10-03 03:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-16 10:09 - 2014-10-03 03:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-16 10:09 - 2014-10-03 03:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-16 10:08 - 2014-12-06 05:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-16 10:08 - 2014-12-06 05:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-05-16 10:08 - 2014-12-06 05:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-05-16 10:06 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-16 10:01 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-16 09:53 - 2014-09-05 01:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-05-16 09:51 - 2014-12-08 03:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-16 09:47 - 2014-12-06 05:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-16 09:40 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-05-16 09:40 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-05-16 09:39 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-05-16 09:39 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-05-16 09:39 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-05-16 09:38 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-05-16 09:33 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-16 09:32 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-05-16 09:21 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-16 09:21 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-16 09:21 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-16 09:21 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-16 09:21 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-16 09:21 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-16 09:21 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-16 09:21 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-16 09:21 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-16 09:21 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-16 09:21 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-16 09:21 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-16 09:21 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-16 09:21 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-16 09:21 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-16 09:21 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-16 09:21 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-16 09:21 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-16 09:21 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-16 09:21 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-16 09:21 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-16 09:21 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-16 09:20 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-05-16 09:05 - 2015-05-16 09:05 - 00448512 _____ (OldTimer Tools) C:\Users\hp\Desktop\TFC.exe
2015-05-16 09:01 - 2015-05-16 09:01 - 00002728 _____ () C:\Users\hp\Documents\cc_20150516_090139.reg
2015-05-16 09:00 - 2015-05-16 09:01 - 00134606 _____ () C:\Users\hp\Documents\cc_20150516_090030.reg
2015-05-16 08:48 - 2015-05-16 08:48 - 00000000 ____D () C:\Users\hp\Documents\Updater5
2015-05-15 16:38 - 2015-05-15 16:38 - 00000000 ____D () C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2015-05-15 16:38 - 2015-05-15 16:38 - 00000000 ____D () C:\Program Files\GPU-Z
2015-05-15 13:44 - 2015-05-15 13:44 - 00014838 _____ () C:\ComboFix.txt
2015-05-15 13:06 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-15 13:06 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-15 13:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-15 13:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-15 13:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-15 13:06 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-15 13:06 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-15 13:06 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-15 03:05 - 2015-05-15 03:05 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ROMAN-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-05-15 03:04 - 2015-05-15 03:04 - 00000000 ____D () C:\RegBackup
2015-05-15 02:33 - 2015-05-15 02:33 - 00000000 ____D () C:\Users\hp\AppData\Roaming\AVAST Software
2015-05-15 02:16 - 2015-05-15 02:16 - 00001829 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-15 02:16 - 2015-05-15 02:16 - 00000350 _____ () C:\Windows\Tasks\avast! Emergency Update.job
2015-05-15 02:16 - 2015-05-15 02:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-15 02:15 - 2015-05-15 02:15 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-15 02:15 - 2015-05-15 02:14 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-15 02:15 - 2015-05-15 02:14 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-15 02:14 - 2015-05-15 02:14 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-15 02:14 - 2014-02-11 20:00 - 00000426 _____ () C:\AVScanner.ini
2015-05-15 02:13 - 2015-05-15 02:13 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-15 02:11 - 2015-05-15 02:12 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-15 01:00 - 2015-05-15 01:00 - 00000000 ____D () C:\Windows\system32\vbox
2015-05-15 00:39 - 2015-05-15 15:03 - 00000000 ____D () C:\AdwCleaner
2015-05-15 00:17 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-15 00:16 - 2015-05-15 00:16 - 00000820 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2015-05-15 00:16 - 2015-05-15 00:16 - 00000814 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2015-05-14 22:22 - 2015-05-16 21:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 22:22 - 2015-05-16 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-14 22:22 - 2015-05-14 22:22 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-14 22:22 - 2015-05-14 22:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-14 22:22 - 2015-05-14 22:22 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-05-14 22:22 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-14 22:22 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-14 22:12 - 2015-05-15 13:44 - 00000000 ____D () C:\Qoobox
2015-05-14 22:10 - 2015-05-15 13:43 - 00000000 ____D () C:\Windows\erdnt
2015-05-14 21:53 - 2015-05-14 21:54 - 00000000 ____D () C:\Program Files\GUMDD72.tmp
2015-05-14 21:53 - 2015-05-14 21:53 - 06103040 _____ () C:\Program Files\GUTDDB2.tmp
2015-05-14 21:24 - 2015-05-18 17:45 - 00000000 ____D () C:\FRST
2015-05-10 14:21 - 2015-05-10 14:21 - 00000000 _____ () C:\Users\hp\AppData\Local\BIT78AB.tmp
2015-05-10 14:21 - 2015-05-10 14:21 - 00000000 _____ () C:\Users\hp\AppData\Local\{7FD46037-1682-4D96-8119-B3A1438B79CE}
2015-05-10 13:52 - 2015-05-18 16:33 - 00000680 _____ () C:\Users\hp\AppData\Local\d3d9caps.dat
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-18 16:53 - 2010-07-12 16:04 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2015-05-18 16:53 - 2009-01-23 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeMeter
2015-05-18 16:53 - 2009-01-23 17:23 - 00000000 ____D () C:\Program Files\CodeMeter
2015-05-18 16:52 - 2007-08-20 11:04 - 00000000 ____D () C:\ProgramData\Google
2015-05-18 16:52 - 2007-08-20 11:04 - 00000000 ____D () C:\Program Files\Google
2015-05-17 20:19 - 2010-09-08 13:24 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 20:17 - 2009-01-15 17:52 - 01879797 _____ () C:\Windows\WindowsUpdate.log
2015-05-17 20:11 - 2010-09-08 13:24 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-17 20:08 - 2006-11-02 14:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-05-17 20:07 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 20:07 - 2006-11-02 14:47 - 00003168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-17 20:07 - 2006-11-02 14:47 - 00003168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-17 18:18 - 2006-11-02 12:33 - 01573638 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-17 18:10 - 2011-02-10 09:58 - 00000000 ____D () C:\Windows\Minidump
2015-05-17 18:06 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-17 17:14 - 2011-04-27 11:07 - 00000000 ____D () C:\DRISC
2015-05-17 17:14 - 2009-01-23 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verlag Heinrich Vogel
2015-05-17 17:11 - 2013-03-04 21:59 - 00000000 ___RD () C:\Program Files\Skype
2015-05-17 17:11 - 2012-03-05 21:15 - 00000000 ____D () C:\ProgramData\Skype
2015-05-17 17:10 - 2012-03-05 21:16 - 00000000 ____D () C:\Users\hp\AppData\Roaming\Skype
2015-05-17 15:59 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2015-05-16 22:58 - 2009-01-15 17:52 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-05-16 22:58 - 2006-11-02 15:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-16 22:03 - 2007-08-20 10:01 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-05-16 22:02 - 2009-01-15 10:23 - 00000000 ____D () C:\Users\hp
2015-05-16 22:01 - 2007-08-20 09:48 - 00000000 ____D () C:\Program Files\CONEXANT
2015-05-16 21:58 - 2014-03-02 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2015-05-16 21:51 - 2014-03-02 21:00 - 00000000 ____D () C:\Program Files\Electronic Arts
2015-05-16 21:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2015-05-16 21:11 - 2009-01-15 12:48 - 00172258 _____ () C:\Users\hp\AppData\Roaming\nvModes.001
2015-05-16 12:20 - 2006-11-02 14:47 - 00435624 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-16 12:14 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-16 12:14 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-16 11:38 - 2007-08-20 10:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-16 10:35 - 2013-07-31 20:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-16 10:21 - 2007-08-20 10:43 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-05-16 08:38 - 2009-12-01 19:18 - 00000000 ____D () C:\Users\hp\AppData\Roaming\Apple Computer
2015-05-15 16:29 - 2009-01-15 10:39 - 00119952 _____ () C:\Users\hp\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-15 13:44 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2015-05-15 13:44 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default
2015-05-15 13:33 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2015-05-15 13:30 - 2006-11-02 12:22 - 62914560 _____ () C:\Windows\system32\config\software.bak
2015-05-15 13:30 - 2006-11-02 12:22 - 39583744 _____ () C:\Windows\system32\config\COMPON~3.bak
2015-05-15 13:30 - 2006-11-02 12:22 - 28311552 _____ () C:\Windows\system32\config\system.bak
2015-05-15 13:30 - 2006-11-02 12:22 - 00786432 _____ () C:\Windows\system32\config\default.bak
2015-05-15 13:30 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-05-15 13:30 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-05-15 04:05 - 2007-08-20 11:11 - 00000000 ____D () C:\Windows\SMINST
2015-05-15 02:15 - 2011-02-10 21:04 - 00000000 ____D () C:\ProgramData\Avira
2015-05-15 02:14 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-05-15 00:44 - 2010-11-04 19:41 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-15 00:43 - 2013-06-09 14:18 - 00001065 _____ () C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-05-15 00:16 - 2010-11-04 19:41 - 00000000 ____D () C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-15 00:16 - 2010-11-04 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-14 22:46 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Speech
2015-05-10 15:43 - 2009-01-21 13:49 - 00000000 ____D () C:\Users\Roman
2015-05-10 15:43 - 2006-11-02 12:22 - 63176704 _____ () C:\Windows\system32\config\software_previous
2015-05-10 15:42 - 2011-08-13 16:38 - 00000000 ____D () C:\Users\hp\AppData\Roaming\Telekom Internet Manager
2015-05-10 15:42 - 2010-09-08 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-10 15:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2015-05-10 15:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-05-10 15:41 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-05-10 15:41 - 2006-11-02 12:22 - 28311552 _____ () C:\Windows\system32\config\system_previous
2015-05-10 14:21 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-05-10 14:11 - 2006-11-02 12:22 - 39583744 _____ () C:\Windows\system32\config\components_previous
2015-05-10 14:11 - 2006-11-02 12:22 - 00786432 _____ () C:\Windows\system32\config\default_previous
2015-05-10 14:11 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-30 10:07 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
==================== Files in the root of some directories =======
2015-05-14 21:53 - 2015-05-14 21:53 - 6103040 _____ () C:\Program Files\GUTDDB2.tmp
2009-01-15 12:48 - 2015-05-16 21:11 - 0172258 _____ () C:\Users\hp\AppData\Roaming\nvModes.001
2009-01-15 12:48 - 2010-07-10 01:18 - 0172258 _____ () C:\Users\hp\AppData\Roaming\nvModes.dat
2013-12-22 12:35 - 2014-03-02 20:36 - 0000150 _____ () C:\Users\hp\AppData\Roaming\WB.CFG
2010-07-13 18:43 - 2011-07-17 22:30 - 0000102 _____ () C:\Users\hp\AppData\Roaming\wklnhst.dat
2009-01-15 10:40 - 2009-01-15 10:40 - 0000000 _____ () C:\Users\hp\AppData\Local\AtStart.txt
2015-05-10 14:21 - 2015-05-10 14:21 - 0000000 _____ () C:\Users\hp\AppData\Local\BIT78AB.tmp
2015-05-10 13:52 - 2015-05-18 16:33 - 0000680 _____ () C:\Users\hp\AppData\Local\d3d9caps.dat
2009-01-15 11:02 - 2011-09-27 00:07 - 0005120 _____ () C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-01-15 10:40 - 2009-01-15 10:40 - 0000000 _____ () C:\Users\hp\AppData\Local\DSwitch.txt
2009-01-15 12:48 - 2009-01-16 14:47 - 0000000 _____ () C:\Users\hp\AppData\Local\FnF4.txt
2009-01-15 10:40 - 2009-01-15 10:40 - 0000000 _____ () C:\Users\hp\AppData\Local\QSwitch.txt
2015-05-10 14:21 - 2015-05-10 14:21 - 0000000 _____ () C:\Users\hp\AppData\Local\{7FD46037-1682-4D96-8119-B3A1438B79CE}
2007-08-20 11:01 - 2009-01-23 19:38 - 0001541 _____ () C:\ProgramData\hpzinstall.log
2015-05-16 21:36 - 2015-05-17 20:19 - 0200698 _____ () C:\ProgramData\nvModes.001
2015-05-16 21:36 - 2015-05-17 20:08 - 0200698 _____ () C:\ProgramData\nvModes.dat
Some content of TEMP:
====================
C:\Users\hp\AppData\Local\temp\AutoRun.exe
C:\Users\hp\AppData\Local\temp\AutoRunGUI.dll
C:\Users\hp\AppData\Local\temp\EAInstall.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-18 16:42
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-05-2015 02
Ran by hp at 2015-05-18 17:46:34
Running from F:\
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2087834869-41306806-706425095-500 - Administrator - Disabled)
Gast (S-1-5-21-2087834869-41306806-706425095-501 - Limited - Enabled)
hp (S-1-5-21-2087834869-41306806-706425095-1000 - Administrator - Enabled) => C:\Users\hp
Roman (S-1-5-21-2087834869-41306806-706425095-1001 - Administrator - Enabled) => C:\Users\Roman
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.3.183.11 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader 8 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A80000000002}) (Version: 8.0.0 - Adobe Systems Incorporated)
Age of Mythology (HKLM\...\Age of Mythology 1.0) (Version: - )
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Aufstieg des Hexenkönigs™ (HKLM\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version: - )
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.7.0.62 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Brother HL-2035 (HKLM\...\{30ABD2DC-8B23-4BB2-84AD-DF8DCFF2B75D}) (Version: 1.00 - Brother)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.03 - Piriform)
CodeMeter Runtime Merge Module (Win32) (Version: 4.10.235.503 - Alexander Schmitt) Hidden
CodeMeter Tools Merge Module (Version: 4.10.235.503 - Marc Beissmann) Hidden
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: 4.18.0.0 - Conexant)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 90.0.205.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Schlacht um Mittelerde™ II (HKLM\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
DJ_AIO_ProductContext (Version: 90.0.236.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
ESU for Microsoft Vista (HKLM\...\{B76A76EB-BCCA-4625-9C4C-1FFAE19E4772}) (Version: 2.0.5.1 - Hewlett-Packard)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100 (Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_doccd (Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_Help (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: - )
Hewlett-Packard Active Check (Version: 1.1.7.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent (Version: 2.0.58.0 - HP) Hidden
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.1.0.2278 - Hewlett-Packard)
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Deskjet All-In-One Software 9.0 (HKLM\...\{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}) (Version: 9.0 - HP)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.1.0.2279 - Hewlett-Packard)
HP Help and Support (HKLM\...\{9061CEF2-51F5-42C9-8A70-9ED351C6597A}) (Version: 1.1.0 - Hewlett-Packard)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4900 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP QuickPlay 3.2 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP Smart Web Printing (HKLM\...\{415CDA53-9100-476F-A7B2-476691E117C7}) (Version: 2.15.7.0 - Ihr Firmenname)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}) (Version: 4.000.006.003 - Hewlett-Packard)
HP User Guides 0056 (HKLM\...\{5AB56552-6938-4686-9F87-DB0ED8D1E06B}) (Version: 1.02.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Ihr Firmenname)
Java(TM) 6 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
LightScribe 1.6.43.1 (Version: 1.6.43.1 - hxxp://www.lightscribe.com) Hidden
LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.4.5 - Symantec Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mirage Driver 1.1 (HKLM\...\Mirage Driver_is1) (Version: 1.1 - )
Mouse Driver (HKLM\...\InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}) (Version: 5.1 - Driver Builder)
Mouse Driver (Version: 5.1 - Driver Builder) Hidden
Mozilla Firefox (3.6.25) (HKLM\...\Mozilla Firefox (3.6.25)) (Version: 3.6.25 (de) - Mozilla)
MSCU for Microsoft Vista (HKLM\...\{8CC5F040-44F2-4FB7-9720-47F53F96D180}) (Version: 1.0.1.3 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
PC-Professional (HKLM\...\{776CCBE6-CB5F-4CCB-B364-5937CA2AB0F0}_is1) (Version: - Verlag Heinrich Vogel)
PC-Professional Klasse A 2011 (HKLM\...\{00F4B50E-C3B4-4E41-8334-042DF54A0AB3}_is1) (Version: - Verlag Heinrich Vogel)
PC-Professional Klasse B 2011 (HKLM\...\{791E2D38-210B-4622-8C57-512520D9F4EF}_is1) (Version: - Verlag Heinrich Vogel)
PC-Professional Klasse C 2011 (HKLM\...\{D0CAA2F0-A08E-42DD-815F-1691A684D39E}_is1) (Version: - Verlag Heinrich Vogel)
PC-Professional Klasse D 2011 (HKLM\...\{68E9010A-98DF-44B0-A7AB-3CE36ACA5263}_is1) (Version: - Verlag Heinrich Vogel)
PC-Professional Modul Weiterbildung LKW: Schaltstelle Fahrer (HKLM\...\{2D9D5712-150B-4826-BFF3-07E4C4EBEBE6}_is1) (Version: - Verlag Heinrich Vogel)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.551 - Roxio)
Safari (HKLM\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Sigel Label- und Barcode Software (HKLM\...\Sigel Label- und Barcode Software) (Version: - )
SmartAudio (HKLM\...\SmartAudio) (Version: - Conexant)
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.11.0 - Synaptics)
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Telekom Internet Manager (HKLM\...\Telekom Internet Manager) (Version: 11.301.05.05.748 - Huawei Technologies Co.,Ltd)
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VeriSoft Access Manager (HKLM\...\{0ABA40AF-288D-41F1-B735-C5155692CD7D}) (Version: 2.1.2.880.15 - Bioscrypt Inc.)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\3F84B3D0CF7723323F1B217C178C4C4BDC5BA436) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
04-03-2014 19:45:32 Installiert DawnOfWar
06-03-2014 19:58:28 Windows Update
22-03-2014 16:03:21 Windows Update
23-03-2014 20:05:29 Windows Update
27-03-2014 19:46:33 Windows Update
04-04-2014 18:22:40 Windows Update
10-04-2014 23:05:24 Windows Update
19-04-2014 17:39:06 Windows Update
27-04-2014 12:36:52 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2015-05-15 13:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {12A40B69-07DB-4670-96B1-B0E3DC7BD7BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {229A58B3-65DF-446F-93C3-87C52715DD4B} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {45AFD6B2-9904-48B0-AD0F-712A9CAAC1D3} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {52003A4B-AEC2-44D6-B3EC-4583BEFAB06D} - \YourFile Update No Task File <==== ATTENTION
Task: {8C5F06BA-B278-45D8-9211-EA803AAED5AD} - \FoxTab No Task File <==== ATTENTION
Task: {9217FACC-D9A6-4868-A92A-8932DE021A3E} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {A728B8C0-05EC-40C7-9A56-AA26990DD191} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: {A7313D84-05D0-4842-B3FC-4BD07C632EF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {B5030DA7-34D2-4E32-8204-907132F36225} - \BitGuard No Task File <==== ATTENTION
Task: {CFBAFF41-2C62-43A0-A5DB-FACF4930B0E0} - \EPUpdater No Task File <==== ATTENTION
Task: {D50887CD-31E7-410C-B646-5062E93AA277} - \BonanzaDealsLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {EE259ACE-5A8E-4008-9F59-4F1DFC812828} - \BonanzaDealsLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {F5E0808E-BC45-4040-A19E-E10CCB0A3913} - \BonanzaDealsUpdate No Task File <==== ATTENTION
Task: {FA64CC72-1509-44F5-B833-5D3925FDB9AF} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12] (Hewlett-Packard)
Task: {FE4C308E-0100-4D24-A189-ECF6F301470D} - \UpdaterEX No Task File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hp\AppData\Local\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{A6790671-C896-495F-A8E2-A9952EFD431E}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{EB6EB3E0-DF7A-452B-965A-548971C6A386}] => (Allow) svchost.exe
FirewallRules: [{3AABD80B-337E-4F0D-813A-D7118F789BD3}] => (Allow) C:\Program Files\MSN Messenger\livecall.exe
FirewallRules: [{7EBDCEDB-3F52-4967-B9F1-635E2B4F366B}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
FirewallRules: [{D243203B-5D8C-4C0D-B3EA-33E9AD6724DC}] => (Allow) C:\Program Files\HP\QuickPlay\QPService.exe
FirewallRules: [{47168574-D071-40AC-9D4D-F2CB875D16DC}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F920AB3D-52A9-49B0-9508-0EEB2265C4A6}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{C5801744-471B-488C-BE91-103B901C8BFB}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
FirewallRules: [UDP Query User{AAC3A01D-0AA2-404D-A899-C111E99A70BE}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
FirewallRules: [TCP Query User{7C51C5EB-8D0F-465B-A35E-BDA29B71217B}C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe] => (Block) C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe
FirewallRules: [UDP Query User{7BBAD1D6-CAEE-458A-B1F4-2217274BF4AB}C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe] => (Block) C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe
FirewallRules: [{061E4FC6-39BD-4A70-ADA1-DF3C8D4467F2}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{EB89D978-7A63-4CA1-BFDB-3F459F389C4E}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{8E02DC7C-DE75-421C-BECF-5978BE26F742}C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe] => (Block) C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe
FirewallRules: [UDP Query User{4CB27430-1891-4735-BB8B-39DA6918DFB5}C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe] => (Block) C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe
FirewallRules: [{D07DF6EC-1E47-46C6-84CE-7759D727DBE0}] => (Allow) LPort=80
FirewallRules: [{AFB90AA4-77C5-4267-BB13-812A6B98E9C1}] => (Allow) LPort=80
FirewallRules: [{CE86704A-3AC4-4B12-A2FB-D219E228EE3B}] => (Allow) LPort=80
FirewallRules: [TCP Query User{9A3A58F3-A466-494C-84B7-A5700BAE3D19}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [UDP Query User{9DA453AB-F5F1-4FE3-AC42-7D19C62A611A}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [TCP Query User{7203B5F9-EAB8-49EA-8468-69823F4E30F2}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{6531FBF9-BF11-43E2-AB70-7222518AECB0}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{C17A2C84-F259-414A-AE05-9C7E8414CF6A}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{9499FEDD-34AC-41F4-9485-DF7EE079F8DE}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{DAFD5ACD-4E46-40FF-A64A-DB202CB68AB3}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [UDP Query User{52468090-D9DA-463D-B934-4EABC238E1A6}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [TCP Query User{4748B723-092A-400A-A6EC-E375B81F1BDF}C:\drisc\programme\fsm_winvnc.exe] => (Allow) C:\drisc\programme\fsm_winvnc.exe
FirewallRules: [UDP Query User{841514AF-F047-4366-B599-285576448BB2}C:\drisc\programme\fsm_winvnc.exe] => (Allow) C:\drisc\programme\fsm_winvnc.exe
FirewallRules: [{B6F833CC-8FF0-438B-A6C0-73DA28D8DDFC}] => (Allow) C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
FirewallRules: [{1A9F57E6-5CB8-4076-91B6-80412766B67C}] => (Allow) C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
FirewallRules: [{A6BE6B39-57A0-4DF2-9B49-4EDBAB89DFFF}] => (Allow) C:\Program Files\Vogel Verlag\Fahren Lernen Verwaltung\Vogel.FahrenLernenMax.Admin.exe
FirewallRules: [{88711B07-9086-4443-ADE0-7C01EFCF5D81}] => (Allow) C:\Program Files\Vogel Verlag\Fahren Lernen Verwaltung\Vogel.FahrenLernenMax.Admin.exe
FirewallRules: [{2E1DB27C-BCA8-466E-9212-CAA1C0EDEC5C}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\Fernwartung.EXE
FirewallRules: [{D6FDF186-2C86-49F1-9F88-6ECD28864EE9}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\Fernwartung.EXE
FirewallRules: [{FEDEA407-751F-42D0-AF9C-00FCC82EF4A0}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\FSM_WinVNC.exe
FirewallRules: [{04A0DE97-38D6-4854-919C-F1FC34667BE1}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\FSM_WinVNC.exe
FirewallRules: [{78E51E29-DC1E-41E9-B9C8-B7E78758C101}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\PC_Professional.exe
FirewallRules: [{663E77E6-59D9-45E9-A3F5-DB2D6EA3298C}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\PC_Professional.exe
FirewallRules: [TCP Query User{08C6CC39-A699-415F-8388-AED3E290C51E}C:\drisc\programme\fsm_winvnc.exe] => (Allow) C:\drisc\programme\fsm_winvnc.exe
FirewallRules: [UDP Query User{27084DFB-F357-49E6-B814-381DC98EA5BA}C:\drisc\programme\fsm_winvnc.exe] => (Allow) C:\drisc\programme\fsm_winvnc.exe
FirewallRules: [{366AEAD6-DA18-49EA-A355-6F05F218445B}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\Fernwartung.EXE
FirewallRules: [{823814E8-50BE-4495-83E6-0F4BF0E62763}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\Fernwartung.EXE
FirewallRules: [{4F1A15C6-14B4-4776-9EE5-90854AB95751}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\FSM_WinVNC.exe
FirewallRules: [{0D1DA389-1F60-4641-A4C4-46751ABD8F02}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\FSM_WinVNC.exe
FirewallRules: [{7634ADE5-DE5C-48CA-B166-94911CBD3E27}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\PC_Professional.exe
FirewallRules: [{DF30A205-732C-458A-9107-571894027560}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\PC_Professional.exe
FirewallRules: [{F0C5310B-AAF2-442B-A283-CEA8070B8393}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7169267E-6CB3-456E-BCE0-540E67EFF381}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9A4BE4E0-6660-4163-B282-3B3B3C9E5DDD}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{ABFBD873-ECEF-4F44-A905-152111FA2731}] => (Allow) svchost.exe
FirewallRules: [{E36A9C37-40FE-466D-AF45-0DA902F6240A}] => (Allow) C:\Program Files\MSN Messenger\livecall.exe
FirewallRules: [TCP Query User{6088709B-8FB8-41D9-83A2-C11CCD59DB7F}C:\program files\tmnationsforever\tmforever.exe] => (Block) C:\program files\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{E2970C9F-6304-4276-82AC-F96060B80771}C:\program files\tmnationsforever\tmforever.exe] => (Block) C:\program files\tmnationsforever\tmforever.exe
FirewallRules: [{B4911FB6-2F9A-4F89-8149-E90FF5CD829C}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{0D773D39-B32C-447B-9CC4-A32354C8ECD6}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{7BA80829-DAEF-48CC-90EB-88C8E8DB3603}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{309A8461-DE35-4F96-BA9D-4DF07BD00038}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{F772C099-2565-4888-A7E6-F554D0AD0418}] => (Allow) C:\Program Files\YourFileDownloader\YourFile.exe
FirewallRules: [{031E2438-B146-4A4E-9F4B-BD1F891AF659}] => (Allow) C:\Program Files\YourFileDownloader\YourFile.exe
FirewallRules: [{759C0A06-BA49-4E16-841D-0504B04279EF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{45746126-D74A-49FF-B6AA-FE7AC4A4ADC8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [{AF0A3435-8EEA-411D-B727-7378C40DBFBD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F83572D7-41B6-4831-AD16-2E0930F4717D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{09381C21-8F92-4A2D-AFBC-1F5E70F22614}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{6C2CEFC4-FCFB-45F6-9761-91F8858F7D70}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [{0297924F-1AA2-4C0E-B469-3F98BDF67107}] => (Allow) C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{15914E1A-B5D1-405B-8772-9536ABD1C751}] => (Allow) C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{8BCACE6D-DAA7-4BFE-BBF6-4AF82D30CBFA}] => (Allow) C:\Program Files\Electronic Arts\Aufstieg des Hexenkönigs\game.dat
FirewallRules: [{18A860F2-5DF0-47B1-93A9-7B4F77E11604}] => (Allow) C:\Program Files\Electronic Arts\Aufstieg des Hexenkönigs\game.dat
FirewallRules: [{C7727F93-6530-4089-852B-45A2BFF9CB1A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{29A4B90A-BAB6-4A6A-B39E-CD69A5E209FB}] => (Allow) C:\Program Files\Electronic Arts\Aufstieg des Hexenkönigs\game.dat
FirewallRules: [{DD6D1E07-8885-4DD0-91C5-ED7EBB5E0806}] => (Allow) C:\Program Files\Electronic Arts\Aufstieg des Hexenkönigs\game.dat
DomainProfile\AuthorizedApplications: [C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/18/2015 05:39:56 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"; Beschreibung = Revo Uninstaller's restore point - Linkury Smartbar; Hr = 0x8007043c).
Error: (05/18/2015 05:32:43 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"; Beschreibung = Revo Uninstaller's restore point - Linkury Smartbar; Hr = 0x8007043c).
Error: (05/18/2015 05:29:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"; Beschreibung = Revo Uninstaller's restore point - Linkury Smartbar Engine; Hr = 0x8007043c).
Error: (05/18/2015 04:53:18 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed CodeMeter Runtime Kit v4.20a; Hr = 0x8007043c).
Error: (05/18/2015 04:53:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed CodeMeter Runtime Kit v4.20a; Hr = 0x8007043c).
Error: (05/18/2015 04:53:07 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"; Beschreibung = Revo Uninstaller's restore point - CodeMeter Runtime Kit v4.20a; Hr = 0x8007043c).
Error: (05/18/2015 04:52:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed Google Toolbar for Internet Explorer; Hr = 0x8007043c).
Error: (05/18/2015 04:52:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed Google Toolbar for Internet Explorer; Hr = 0x8007043c).
Error: (05/18/2015 04:52:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"; Beschreibung = Revo Uninstaller's restore point - Google Toolbar for Internet Explorer; Hr = 0x8007043c).
Error: (05/18/2015 04:44:48 PM) (Source: MsiInstaller) (EventID: 11721) (User: Roman-PC)
Description: Produkt: Apple Software Update -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: SoftwareUpdate_UnregServer, Pfad: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, Befehl: /UnregServer
System errors:
=============
Error: (05/18/2015 04:35:47 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}
Error: (05/18/2015 04:28:43 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (05/18/2015 04:28:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
Error: (05/18/2015 04:28:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
spldr
Wanarpv6
Error: (05/18/2015 04:28:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: ComputerbrowserServer%%1068
Error: (05/18/2015 04:27:43 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (05/18/2015 04:27:30 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (05/18/2015 04:27:15 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (05/18/2015 04:27:13 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (05/18/2015 04:02:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-05-18 17:46:19.517
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-18 17:46:18.331
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-18 17:46:17.146
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-18 17:46:15.960
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-18 17:46:14.492
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-18 17:46:13.306
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-18 17:46:12.120
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-18 17:46:10.904
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-18 17:45:42.585
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-18 17:45:41.399
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-64
Percentage of memory in use: 36%
Total physical RAM: 2046.23 MB
Available physical RAM: 1305.8 MB
Total Pagefile: 4330.93 MB
Available Pagefile: 3787.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:225.35 GB) (Free:63.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:7.54 GB) (Free:2.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (KINGSTON) (Removable) (Total:28.8 GB) (Free:14.06 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: DCC27A89)
Partition 1: (Active) - (Size=225.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 28.8 GB) (Disk ID: 22896F74)
Partition 1: (Active) - (Size=28.8 GB) - (Type=0B)
==================== End Of Log ============================
|
|
18.05.2015, 21:07
| #43 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bildschirm flimmert in verschiedenen Farben! FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-2087834869-41306806-706425095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2087834869-41306806-706425095-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR DefaultSearchKeyword: Default -> feed.helperbar.com
CHR DefaultSearchURL: Default -> hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0aa0c8f1-8479-4867-bf2c-20c9e71eae53&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
S3 ZSWTCTAZBTJS; C:\Users\hp\AppData\Local\Temp\ZSWTCTAZBTJS.exe [X]
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Task: {45AFD6B2-9904-48B0-AD0F-712A9CAAC1D3} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {52003A4B-AEC2-44D6-B3EC-4583BEFAB06D} - \YourFile Update No Task File <==== ATTENTION
Task: {8C5F06BA-B278-45D8-9211-EA803AAED5AD} - \FoxTab No Task File <==== ATTENTION
Task: {B5030DA7-34D2-4E32-8204-907132F36225} - \BitGuard No Task File <==== ATTENTION
Task: {CFBAFF41-2C62-43A0-A5DB-FACF4930B0E0} - \EPUpdater No Task File <==== ATTENTION
Task: {D50887CD-31E7-410C-B646-5062E93AA277} - \BonanzaDealsLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {EE259ACE-5A8E-4008-9F59-4F1DFC812828} - \BonanzaDealsLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {F5E0808E-BC45-4040-A19E-E10CCB0A3913} - \BonanzaDealsUpdate No Task File <==== ATTENTION
Task: {FE4C308E-0100-4D24-A189-ECF6F301470D} - \UpdaterEX No Task File <==== ATTENTION
C:\Users\hp\Downloads\sum2_addon_patch_2.01_deutsch.exe
C:\Program Files\GUMDD72.tmp
C:\Program Files\GUTDDB2.tmp
C:\Users\hp\AppData\Local\{7FD46037-1682-4D96-8119-B3A1438B79CE}
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bildschirm flimmert in verschiedenen Farben! |
| abend, bild, bildschirm, das bild, farbe, farben, file, flimmert, freue, fängt, guten, heulen, hilfe, launch, melde, nichts, poste, problem, schwarz, verschiedene, verschiedenen, würde |
dann auf 
und dann auf 
. 
Linear-Darstellung
