Hi Schrauber,
hier die Logs: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01
Ran by Männi (administrator) on MAENNI-PC on 28-05-2015 21:32:58
Running from C:\Users\Männi\Desktop
Loaded Profiles: Männi (Available Profiles: Männi)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe
(CyberLink Corp.) C:\Program Files\Hp\QuickPlay\QPService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [181544 2007-09-30] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2007-08-17] (CyberLink Corp.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554288 2007-11-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-14] (Avast Software s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\4627e772-2092-483f-9661-c2d00eff779b.exe [183232 2015-05-28] (AVAST Software)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
HKU\S-1-5-21-1328458002-1274361104-3696180445-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [455968 2007-08-23] (Hewlett-Packard Company)
HKU\S-1-5-21-1328458002-1274361104-3696180445-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1328458002-1274361104-3696180445-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1189888 2015-04-10] (Ruiware LLC)
HKU\S-1-5-21-1328458002-1274361104-3696180445-1000\...\Run: [Steam] => "C:\Program Files\Steam\Steam.exe" -silent
HKU\S-1-5-21-1328458002-1274361104-3696180445-1000\...\Run: [IncrediMail] => C:\Program Files\IncrediMail\bin\IncMail.exe [444840 2013-10-20] (IncrediMail, Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-05-18]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-23] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1328458002-1274361104-3696180445-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1328458002-1274361104-3696180445-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://meine-startseite.computerbild.de/michael-jackson/Michael%20Jackson
HKU\S-1-5-21-1328458002-1274361104-3696180445-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1328458002-1274361104-3696180445-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-1328458002-1274361104-3696180445-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2007-01-01] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
FireFox:
========
FF ProfilePath: C:\Users\Männi\AppData\Roaming\Mozilla\Firefox\Profiles\6i0k917q.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Männi\AppData\Roaming\Mozilla\Firefox\Profiles\6i0k917q.default\searchplugins\computer-bild-suche.xml [2012-08-18]
FF Extension: German Dictionary - C:\Users\Männi\AppData\Roaming\Mozilla\Firefox\Profiles\6i0k917q.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-13]
FF Extension: WOT - C:\Users\Männi\AppData\Roaming\Mozilla\Firefox\Profiles\6i0k917q.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: everygain Translator - C:\Users\Männi\AppData\Roaming\Mozilla\Firefox\Profiles\6i0k917q.default\Extensions\ck@everygain.com.xpi [2012-01-30]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Männi\AppData\Roaming\Mozilla\Firefox\Profiles\6i0k917q.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-11-12]
FF Extension: Save Session - C:\Users\Männi\AppData\Roaming\Mozilla\Firefox\Profiles\6i0k917q.default\Extensions\savesession@noasobi.net.xpi [2011-08-18]
FF Extension: Adblock Plus - C:\Users\Männi\AppData\Roaming\Mozilla\Firefox\Profiles\6i0k917q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-08-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-08-14]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2007-01-01]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-23] (Avast Software)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [457248 2008-12-18] ()
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [191008 2008-12-18] ()
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-09-30] ()
S2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-09-30] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-04-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-23] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-04-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-23] ()
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2015-05-28] (Malwarebytes Corporation)
U0 msgg; C:\Windows\System32\drivers\oxyfx.sys [52440 2015-05-28] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35088 2013-04-30] (The OpenVPN Project)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-23] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
U4 eabfiltr; No ImagePath
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-28 21:32 - 2015-05-28 21:33 - 00017269 _____ () C:\Users\Männi\Desktop\FRST.txt
2015-05-28 21:32 - 2015-05-28 21:33 - 00000000 ____D () C:\FRST
2015-05-28 21:30 - 2015-05-28 21:30 - 01147392 _____ (Farbar) C:\Users\Männi\Desktop\FRST.exe
2015-05-28 19:06 - 2015-05-28 19:06 - 00001521 _____ () C:\Users\Männi\Desktop\mbam.txt
2015-05-28 19:02 - 2015-05-28 19:02 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\oxyfx.sys
2015-05-18 16:49 - 2015-05-18 16:50 - 17385800 _____ (Google Inc.) C:\Users\Männi\Downloads\picasa39-setup.exe
2015-05-18 16:19 - 2015-05-18 16:19 - 00000824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-05-18 16:15 - 2015-05-18 16:15 - 03272136 _____ (Secunia) C:\Users\Männi\Downloads\PSISetup(1).exe
2015-05-18 10:47 - 2015-05-18 10:48 - 18014014 _____ () C:\Users\Männi\Desktop\Lektion 4 Stehlen darf man nicht.mp4
2015-05-18 10:30 - 2015-05-18 10:31 - 35802774 _____ () C:\Users\Männi\Desktop\Lied 2 Hab Dank, Herr Jehova!.mp4
2015-05-18 10:26 - 2015-05-18 10:27 - 16733599 _____ () C:\Users\Männi\Desktop\Lektion 3 Bete ganz oft.mp4
2015-05-18 10:23 - 2015-05-18 10:23 - 36215068 _____ () C:\Users\Männi\Desktop\Lied 88 Kinder — ein kostbares Geschenk von Jehova.mp4
2015-05-18 10:15 - 2015-05-18 10:16 - 24787609 _____ () C:\Users\Männi\Desktop\Lied 95 „Schmeckt und seht, dass Jehova gut ist“.mp4
2015-05-18 10:12 - 2015-05-18 10:12 - 32567391 _____ () C:\Users\Männi\Desktop\Lied 106 Freundschaft mit Jehova.mp4
2015-05-18 10:07 - 2015-05-18 10:07 - 39450216 _____ () C:\Users\Männi\Desktop\Lied 55 Endlich ewiges Leben!.mp4
2015-05-18 09:57 - 2015-05-18 09:58 - 43717359 _____ () C:\Users\Männi\Desktop\Lied 24 Schau fest auf das Ziel!.mp4
2015-05-18 09:46 - 2015-05-18 09:47 - 31374394 _____ () C:\Users\Männi\Desktop\Lied 92 „Predige das Wort“.mp4
2015-05-18 09:40 - 2015-05-18 09:40 - 26309665 _____ () C:\Users\Männi\Desktop\Lied 53 Harmonisch zusammenarbeiten.mp4
2015-05-18 09:32 - 2015-05-18 09:32 - 31839259 _____ () C:\Users\Männi\Desktop\132-Das Siegeslied.mp4
2015-05-18 08:36 - 2015-05-28 15:26 - 00000000 __SHD () C:\Jumpshot
2015-05-18 08:30 - 2015-05-28 13:52 - 00000000 ____D () C:\Windows\jumpshot.com
2015-05-15 10:32 - 2015-05-15 10:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-14 13:11 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 13:10 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-14 13:10 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-14 13:10 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-14 13:10 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-14 13:10 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-14 13:10 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-14 13:10 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-14 13:10 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 13:10 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 13:10 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 13:08 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 12:58 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 12:53 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 12:53 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 12:53 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 12:53 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 12:53 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 12:53 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 12:53 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 12:53 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 12:53 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 12:53 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 12:53 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 12:53 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 12:53 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-14 12:53 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 12:53 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 12:53 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 12:53 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 12:53 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 12:53 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 12:53 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-14 12:53 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-14 12:53 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-05 12:17 - 2015-05-05 12:17 - 05490752 _____ (Secunia) C:\Users\Männi\Downloads\PSISetup.exe
2015-05-05 11:43 - 2015-05-05 11:44 - 04814058 _____ () C:\Users\Männi\Downloads\Windows6.0-KB971512-x86.msu
2015-05-03 14:52 - 2015-05-03 14:52 - 00000000 ____D () C:\Users\Männi\AppData\Roaming\proDAD
2015-05-03 14:45 - 2015-05-03 14:59 - 01131176 _____ () C:\adorage-protocol.txt
2015-05-03 14:45 - 2015-05-03 14:52 - 00000000 ____D () C:\Program Files\AdorageI-GfxDatas
2015-05-03 14:45 - 2015-05-03 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD
2015-05-03 14:45 - 2015-05-03 14:45 - 00000000 ____D () C:\Program Files\AdorageI-SAL
2015-05-03 14:41 - 2015-05-03 15:00 - 00000019 _____ () C:\Windows\Studio11_BonusDVD.log
2015-05-01 19:48 - 2015-05-01 19:50 - 00000000 ____D () C:\Users\Männi\Desktop\Herz-Volltreffer
2015-05-01 13:31 - 2015-05-01 13:31 - 00000000 ____D () C:\Users\Männi\AppData\Local\Skype
2015-05-01 13:30 - 2015-05-01 13:30 - 00000000 ___RD () C:\Program Files\Skype
2015-05-01 13:30 - 2015-05-01 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-01 13:30 - 2015-05-01 13:30 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-05-01 13:24 - 2015-05-01 13:24 - 00000000 ____D () C:\Users\Männi\AppData\Roaming\PeerNetworking
2015-04-29 17:27 - 2015-04-29 17:27 - 00010436 _____ () C:\Windows\system32\install.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-28 21:33 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 21:33 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 21:27 - 2014-09-02 15:22 - 00031871 _____ () C:\ProgramData\nvModes.dat
2015-05-28 21:27 - 2014-09-02 15:22 - 00031871 _____ () C:\ProgramData\nvModes.001
2015-05-28 21:27 - 2012-07-06 14:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 19:02 - 2013-08-18 10:21 - 00000000 ____D () C:\Windows\ERUNT
2015-05-28 14:58 - 2014-03-31 11:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-28 14:11 - 2012-02-06 22:53 - 00000000 ____D () C:\Users\Männi\AppData\Roaming\Skype
2015-05-28 14:07 - 2007-12-24 22:37 - 01230292 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 13:55 - 2012-02-06 22:52 - 00000000 ____D () C:\ProgramData\Skype
2015-05-28 13:35 - 2007-12-24 22:53 - 00000163 _____ () C:\Users\Public\Documents\hpqp.ini
2015-05-28 13:33 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 13:16 - 2006-11-02 15:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-28 12:58 - 2011-08-15 19:40 - 00000000 ____D () C:\Users\Männi\AppData\Roaming\HpUpdate
2015-05-18 18:18 - 2013-08-18 13:50 - 00000000 ____D () C:\Users\Männi\AppData\Roaming\vlc
2015-05-18 16:38 - 2014-06-13 14:32 - 00026008 _____ () C:\Windows\SecuniaPackage.log
2015-05-18 16:24 - 2012-07-06 14:37 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-18 16:24 - 2011-08-14 20:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-18 08:24 - 2011-08-15 22:13 - 00000000 ____D () C:\Users\Männi\AppData\Local\Adobe
2015-05-18 08:12 - 2012-07-06 14:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-15 10:18 - 2012-01-30 20:25 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-05-14 13:57 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-14 13:35 - 2006-11-02 14:47 - 00339576 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 13:32 - 2011-08-16 12:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 13:31 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-14 13:31 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 13:08 - 2013-07-21 11:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 13:00 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-14 12:57 - 2011-08-16 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-05 12:02 - 2013-10-02 10:34 - 00081504 _____ () C:\Users\Männi\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-04 12:42 - 2011-08-18 07:23 - 00081408 _____ () C:\Users\Männi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-01 13:51 - 2014-09-01 20:18 - 06514164 _____ () C:\Users\Männi\Desktop\Sender-Antenne.odt
2015-05-01 09:52 - 2011-08-26 12:38 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-28 15:09 - 2011-08-14 18:04 - 00000000 ____D () C:\Users\Männi\AppData\Local\QuickPlay
==================== Files in the root of some directories =======
2011-08-15 19:29 - 2011-08-15 19:29 - 0027335 _____ () C:\Users\Männi\AppData\Roaming\nvModes.001
2011-08-15 15:50 - 2011-08-15 15:50 - 0027335 _____ () C:\Users\Männi\AppData\Roaming\nvModes.dat
2011-12-03 16:37 - 2015-05-01 13:24 - 0025447 _____ () C:\Users\Männi\AppData\Roaming\UserTile.png
2011-09-25 21:25 - 2014-10-01 19:44 - 0000292 _____ () C:\Users\Männi\AppData\Roaming\wklnhst.dat
2011-08-14 18:04 - 2011-08-14 18:04 - 0000000 _____ () C:\Users\Männi\AppData\Local\AtStart.txt
2011-10-16 10:27 - 2014-09-21 17:57 - 0001356 _____ () C:\Users\Männi\AppData\Local\d3d9caps.dat
2011-08-18 07:23 - 2015-05-04 12:42 - 0081408 _____ () C:\Users\Männi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-14 18:04 - 2011-08-14 18:04 - 0000000 _____ () C:\Users\Männi\AppData\Local\DSwitch.txt
2011-08-14 18:04 - 2011-08-14 18:04 - 0000000 _____ () C:\Users\Männi\AppData\Local\QSwitch.txt
2014-09-02 15:22 - 2015-05-28 21:27 - 0031871 _____ () C:\ProgramData\nvModes.001
2014-09-02 15:22 - 2015-05-28 21:27 - 0031871 _____ () C:\ProgramData\nvModes.dat
Some files in TEMP:
====================
C:\Users\Männi\AppData\Local\temp\_is3A9F.exe
C:\Users\Männi\AppData\Local\temp\_is47D9.exe
C:\Users\Männi\AppData\Local\temp\_is78E7.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-28 13:48
==================== End of log ============================ Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-05-2015 01
Ran by Männi at 2015-05-28 21:33:56
Running from C:\Users\Männi\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1328458002-1274361104-3696180445-500 - Administrator - Disabled)
Gast (S-1-5-21-1328458002-1274361104-3696180445-501 - Limited - Disabled)
Männi (S-1-5-21-1328458002-1274361104-3696180445-1000 - Administrator - Enabled) => C:\Users\Männi
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\{506B121D-1B93-484D-8241-6250BCB736C7}) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.150.22.0 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.60 - Conexant)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1002 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.0928 - CyberLink Corp.)
EA Link (HKLM\...\InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}) (Version: 3.1.1.4 - Electronic Arts)
EA Link (Version: 3.1.1.4 - Electronic Arts) Hidden
ESU for Microsoft Vista (HKLM\...\{9BA6E8AF-2122-4825-9B55-98BC351E3C94}) (Version: 2.0.10.1 - Hewlett-Packard)
Google+ Auto Backup (HKLM\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25149 - Hauppauge Computer Works, Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - )
Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden
HP Active Support Library (HKLM\...\{11BB336F-0E58-4977-B866-F24FA334616B}) (Version: 2.3.0.2 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{BD0E2B92-3814-46F0-893B-4612EA010C7E}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.02.0001 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Help and Support (HKLM\...\{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}) (Version: 1.5.1 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP QuickPlay 3.6 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP QuickTouch 1.00 D2 (HKLM\...\{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}) (Version: 1.0.9 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{b02df929-29a7-4fd2-9a70-81a644b635f7}) (Version: 1.4.19.2433 - Hewlett-Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP User Guides 0088 (HKLM\...\{8347A7A5-4AB8-433F-82AA-496B0D189A9B}) (Version: 1.02.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H2 - Hewlett-Packard)
IncrediMail (Version: 6.6.0.5288 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM\...\IncrediMail) (Version: 6.6.0.5288 - IncrediMail Ltd.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2128 - CyberLink Corp.)
LightScribe System Software 1.10.13.1 (Version: 1.10.13.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSCU for Microsoft Vista (HKLM\...\{3D356AA9-2D0C-4373-A762-B42F1A289233}) (Version: 1.0.1.9 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.46 - BVRP Software, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.6796 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Photo Notifier and Animation Creator (HKLM\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3327 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2129 - CyberLink Corp.)
PowerDirector (Version: 6.5.2129 - CyberLink Corp.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickPlay SlingPlayer 0.4.4 (HKLM\...\SlingMedia.QPSlingPlayer_is1) (Version: 0.4.4 - SlingMedia)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Secunia PSI (3.0.0.7011) (HKLM\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Secure Eraser (HKLM\...\Secure Eraser_is1) (Version: 4.2.0.1 - ASCOMP Software GmbH)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Deployment Tools (HKLM\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows PE x86 x64 wims (HKLM\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.5.2015.3 - Ruiware LLC)
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
01-01-2007 02:46:48 Revo Uninstaller's restore point - Java 7 Update 76
01-01-2007 02:47:16 Removed Java 7 Update 76
01-01-2007 02:56:32 Revo Uninstaller's restore point - SlimDrivers
01-01-2007 02:56:48 Removed SlimDrivers
16-04-2015 19:13:54 Windows Update
17-04-2015 09:13:51 Installed HP Update.
19-04-2015 16:57:29 Windows Update
19-04-2015 17:15:42 Windows Update
21-04-2015 20:44:39 Windows Update
23-04-2015 19:37:18 avast! antivirus system restore point
24-04-2015 16:33:11 Revo Uninstaller's restore point - Secunia PSI (3.0.0.10004)
28-04-2015 14:53:43 Windows Update
01-05-2015 13:28:31 Windows Update
05-05-2015 09:58:26 Windows Update
08-05-2015 18:05:56 Windows Update
12-05-2015 17:00:38 Windows Update
14-05-2015 12:53:51 Windows Update
18-05-2015 11:54:14 Geplanter Prüfpunkt
19-05-2015 20:13:32 Windows Update
28-05-2015 13:07:30 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2014-09-04 10:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {062C896E-32DF-46E4-91F9-EE09DF7A6C94} - System32\Tasks\{DC25FB37-6C71-4F17-A8F7-A2A945F598F7} => Firefox.exe http://ui.skype.com/ui/0/7.0.0.102/de/abandoninstall?page=tsMain
Task: {149E66AE-FCC4-41D3-9B13-AD7D8DC73AB2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-23] (Avast Software s.r.o.)
Task: {3C234C55-AE0C-4D27-BBAC-5181D7D17E94} - System32\Tasks\{745EB0D1-041B-4041-806B-AB0C7940F41F} => pcalua.exe -a C:\Users\Männi\Downloads\im_dict_uk.exe -d C:\Users\Männi\Downloads
Task: {4DB82DCB-15E1-4BCF-96D2-552FB215BA84} - System32\Tasks\{FF789E3E-4146-433F-A95E-863420039E1D} => pcalua.exe -a "F:\3rd party\Adorage\setup.exe" -d "F:\3rd party\Adorage"
Task: {5905B529-409A-4927-B164-C95EFAB7E128} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-08] (Piriform Ltd)
Task: {5A0B7191-037F-40F3-B7E0-B887BD9420E1} - System32\Tasks\{530A5B59-11AB-47FD-A101-7B280A8592AB} => pcalua.exe -a G:\INSTALL.EXE -d G:\
Task: {70892038-2FD6-4995-8A28-714F3A18FFFD} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {BE2ECE0F-E419-416D-83FD-6C5D8466E0C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-18] (Adobe Systems Incorporated)
Task: {CCB33123-040E-4A3A-8CB7-AF64E87A4138} - System32\Tasks\{E6A45C5C-3014-4907-9AD9-7BC375279425} => Firefox.exe http://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1603
Task: {CF862239-7043-4CBF-B574-FF92D6318519} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Männi => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2007-01-01 01:10 - 2015-04-23 19:39 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2007-01-01 01:10 - 2015-04-23 19:38 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-28 13:00 - 2015-05-28 13:00 - 02950656 _____ () C:\Program Files\AVAST Software\Avast\defs\15052800\algo.dll
2007-12-24 22:52 - 2007-09-30 20:34 - 00271760 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2007-12-24 22:52 - 2007-09-30 20:34 - 00255384 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2012-11-13 17:00 - 2012-09-07 17:57 - 00452592 _____ () C:\Program Files\ASCOMP Software\Secure Eraser\SecEraser32.dll
2007-10-26 19:11 - 2007-01-09 12:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2013-10-20 14:33 - 2007-01-01 01:10 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2007-07-12 13:55 - 2007-07-12 13:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 15:43 - 2007-08-14 15:43 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 13:55 - 2007-07-12 13:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2008-12-18 12:05 - 2008-12-18 12:05 - 00457248 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2008-12-18 12:04 - 2008-12-18 12:04 - 00109088 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2008-12-18 12:05 - 2008-12-18 12:05 - 00191008 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7865 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1328458002-1274361104-3696180445-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Männi\Pictures\Picasa\Hintergründe\picasabackground.bmp
DNS Servers: 192.168.192.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{2480B806-1935-4B6E-BCDC-05DF9A143333}] => (Allow) C:\Program Files\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [{B08343D0-B114-4EBB-B8C3-972FA2FBCF98}] => (Allow) svchost.exe
FirewallRules: [{0AEF6770-FE8E-4665-B879-2667240F0C32}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
FirewallRules: [{E4E32A29-29B1-4EED-9C8A-71C00CF3B447}] => (Allow) C:\Program Files\HP\QuickPlay\QPService.exe
FirewallRules: [{E329AA39-CBFD-4E27-9831-A65552F8EC11}] => (Allow) LPort=80
FirewallRules: [{7E2D3D28-F1D4-43A7-98DE-2FFAEBC92124}] => (Allow) LPort=80
FirewallRules: [{1A3D9ED3-47D6-4033-B395-6BAFB6B7AED5}] => (Allow) LPort=80
FirewallRules: [{0695F92B-C621-4F1D-B009-C9184A9A2594}] => (Allow) C:\WINDOWS\System32\dmwu.exe
FirewallRules: [{36EBF961-1EA0-49FD-9272-1BEC402FE2E7}] => (Allow) C:\WINDOWS\System32\dmwu.exe
FirewallRules: [{4B1EA54F-4637-44A1-8CE1-DE45DBCCE199}] => (Allow) C:\WINDOWS\System32\ARFC\wrtc.exe
FirewallRules: [{2C73C4CB-FF0D-44E4-9933-9EE59271F86B}] => (Allow) C:\WINDOWS\System32\ARFC\wrtc.exe
FirewallRules: [{F5EB40AF-582A-4DD6-B183-A623F34DDDB2}] => (Allow) C:\WINDOWS\System32\dmwu.exe
FirewallRules: [{EDB0AB27-5209-463B-ACA0-D82B6C5CC19B}] => (Allow) C:\WINDOWS\System32\dmwu.exe
FirewallRules: [{A3C73994-9A18-4B57-863E-DADD2F492A81}] => (Allow) C:\WINDOWS\System32\ARFC\wrtc.exe
FirewallRules: [{71BC79AB-ADBD-40CD-8CD7-FE1AE5CAA535}] => (Allow) C:\WINDOWS\System32\ARFC\wrtc.exe
FirewallRules: [{29D9FD11-BE7A-4B3B-B62A-46BC106BC2FB}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{47EA4131-210D-48AB-92D0-985DC7131F47}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{2741FCA7-9757-40BC-8F77-57EA8962A51D}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{A08779AE-10F3-4787-88A8-2A0FDC1E6BAA}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{33FC415A-3722-4A51-B8F1-61A8DD36602B}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{C392BD47-020D-42F2-8370-E2591F936A88}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{B7B1BB8A-F7C6-45B5-AA2E-FF9022FB8B47}] => (Allow) C:\Users\Männi\AppData\Local\IM\Runtime\IncrediMail_Install.exe
FirewallRules: [{C3CED88D-BF41-466E-B531-7917C8D59B2E}] => (Allow) C:\Users\Männi\AppData\Local\IM\Runtime\IncrediMail_Install.exe
FirewallRules: [{39796209-DE8A-4F53-9E8F-D6C4281E8F12}] => (Allow) C:\Users\Männi\Downloads\incredimail_install(1).exe
FirewallRules: [{16DC6828-49B4-4160-9723-2E8F7BBD9478}] => (Allow) C:\Users\Männi\Downloads\incredimail_install(1).exe
FirewallRules: [{209C9706-B006-4740-A507-948E4BE8AB7F}] => (Allow) C:\Users\Männi\Downloads\incredimail_install(3).exe
FirewallRules: [{703113E8-8A79-493A-A6B1-F6553D9740F1}] => (Allow) C:\Users\Männi\Downloads\incredimail_install(3).exe
FirewallRules: [{42403DC7-E476-4F2E-925A-1A49EFDC7603}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{C8A88B64-38C9-408A-AD78-D4A23BAE96AC}C:\program files\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{1DE742E2-67F8-4DEE-B38A-7A83F942D588}C:\program files\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [{B1DEE316-6057-4EEF-8DA4-B8CEA965BBEF}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1EF7D205-A799-4B02-AFED-1A98C73248B8}] => (Allow) LPort=2869
FirewallRules: [{B37CF022-6F7D-47B0-812E-65C23F41BAFC}] => (Allow) LPort=1900
FirewallRules: [{1F8E81C1-DB0B-48DF-91CD-E9565078E13F}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D1CC42A4-8921-44A0-9429-850552A2FCFB}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{E546F264-ACD4-4B42-8C4B-EF53F769BB10}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{23B91123-4643-4DFC-9308-395BA89303CE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{158B5110-26F7-4E61-9D25-79A094F96F00}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{96CEC3E2-7420-44D7-A765-17B43E36A519}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{BDCAA844-99A2-48A2-B3B3-AC08EB229B9E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A815C14B-7F21-487F-B73C-ED49D162BB47}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{5E633699-3110-47B3-B02A-E11ED601BECF}] => (Allow) C:\Program Files\MSN Messenger\livecall.exe
FirewallRules: [{AEB6B2CE-3ECD-4B84-B2D4-7344B4A1406E}] => (Allow) C:\Users\Männi\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{A44DEE19-CD53-4D23-BAC7-E6237CF3040F}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{C185DE23-0AD6-4127-BB0E-B75D98F1A3BB}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [TCP Query User{A72BFDF6-2F8E-4FA5-A78C-5A5DAE7E82AA}C:\program files\steam\steamapps\lauraloveskillaaj\counter-strike source\hl2.exe] => (Block) C:\program files\steam\steamapps\lauraloveskillaaj\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{C27C2079-1109-4D83-B075-F822EF9B4735}C:\program files\steam\steamapps\lauraloveskillaaj\counter-strike source\hl2.exe] => (Block) C:\program files\steam\steamapps\lauraloveskillaaj\counter-strike source\hl2.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/28/2015 01:56:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/28/2015 01:56:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/28/2015 01:56:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/28/2015 01:56:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/28/2015 01:56:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/28/2015 01:56:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/28/2015 01:56:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/28/2015 01:56:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/28/2015 01:56:01 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\CSS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/28/2015 01:56:01 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\CSS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (05/28/2015 01:51:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.199.739.0){3CCDA91F-AA19-4084-9890-F604246E5C21}200
Error: (05/28/2015 01:35:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: QuickPlay Task Scheduler (QTS)QuickPlay Background Capture Service (QBCS)%%1070
Error: (05/28/2015 01:35:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: QuickPlay Background Capture Service (QBCS)
Error: (05/28/2015 01:34:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (05/28/2015 01:16:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.199.739.0){3CCDA91F-AA19-4084-9890-F604246E5C21}200
Error: (05/28/2015 01:15:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F2F6A7B0-0E74-49BF-ABDF-8A0778554472}
Error: (05/28/2015 00:54:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: QuickPlay Task Scheduler (QTS)QuickPlay Background Capture Service (QBCS)%%1070
Error: (05/28/2015 00:54:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: QuickPlay Background Capture Service (QBCS)
Error: (05/28/2015 00:53:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (05/19/2015 08:25:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.199.48.0){1D3B7623-623F-4967-9237-810FA7D49C14}200
Microsoft Office:
=========================
Error: (05/28/2015 01:56:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES
Error: (05/28/2015 01:56:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES
Error: (05/28/2015 01:56:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS
Error: (05/28/2015 01:56:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS
Error: (05/28/2015 01:56:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES
Error: (05/28/2015 01:56:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES
Error: (05/28/2015 01:56:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS
Error: (05/28/2015 01:56:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS
Error: (05/28/2015 01:56:01 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\CSS
Error: (05/28/2015 01:56:01 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\MÄNNI\APPDATA\LOCAL\SKYPE\APPS\LOGIN\CSS
CodeIntegrity Errors:
===================================
Date: 2015-05-28 15:12:28.460
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-28 15:12:27.649
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-28 15:12:26.838
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-28 15:12:26.027
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-28 15:12:25.231
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-28 15:12:24.420
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-28 15:12:22.704
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-28 15:12:21.908
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-28 15:12:21.097
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-28 15:12:20.286
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-64
Percentage of memory in use: 60%
Total physical RAM: 2814.05 MB
Available physical RAM: 1112.75 MB
Total Pagefile: 5852.61 MB
Available Pagefile: 4199.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1878.41 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:137.55 GB) (Free:63.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:149.05 GB) (Free:111.3 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:11.5 GB) (Free:2.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (gzsz_funpack) (CDROM) (Total:0.51 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 19BF5A6A)
Partition 1: (Active) - (Size=137.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: BAB9AB7E)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End of log ============================ Danke für Deine Hilfe,
Addi ! ! ! |