| Insanity | 29.11.2014 11:23 |
Hallo nochmal!
Danke für die fixe Antwort! Habe alle deine Schritte nun befolgt.
FRST.txt
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by HP (administrator) on HP-HP on 29-11-2014 11:17:00
Running from C:\Users\HP\Desktop
Loaded Profile: HP (Available profiles: HP)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-09] (Easybits)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-103338945-1238456750-4109559014-1000\...\Run: [Google Update] => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-22] (Google Inc.)
HKU\S-1-5-21-103338945-1238456750-4109559014-1000\...\Run: [GoogleChromeAutoLaunch_AF07ADB424B82216064A05A2CAB71EA4] => C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)
HKU\S-1-5-21-103338945-1238456750-4109559014-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-103338945-1238456750-4109559014-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-103338945-1238456750-4109559014-1000\...\MountPoints2: {09aec094-49e6-11e3-8ab2-101f7413ec3f} - G:\Startme.exe
HKU\S-1-5-21-103338945-1238456750-4109559014-1000\...\MountPoints2: {f581b329-370a-11e4-9c1d-101f7413ec3f} - G:\HTC_Sync_Manager_PC.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-103338945-1238456750-4109559014-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c485b621-f2ab-fd40-523d-60a88218c75f&searchtype=hp&fr=linkury-tb&installDate=26/01/2014&type=hp1000
HKU\S-1-5-21-103338945-1238456750-4109559014-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKU\S-1-5-21-103338945-1238456750-4109559014-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c485b621-f2ab-fd40-523d-60a88218c75f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=26/01/2014&type=hp1000
HKU\S-1-5-21-103338945-1238456750-4109559014-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c485b621-f2ab-fd40-523d-60a88218c75f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=26/01/2014&type=hp1000
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {4EDB00EC-0CC1-4936-908F-4BE8AAD778DB} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c485b621-f2ab-fd40-523d-60a88218c75f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=26/01/2014&type=hp1000
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c485b621-f2ab-fd40-523d-60a88218c75f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=26/01/2014&type=hp1000
SearchScopes: HKU\S-1-5-21-103338945-1238456750-4109559014-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c485b621-f2ab-fd40-523d-60a88218c75f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=26/01/2014&type=hp1000
SearchScopes: HKU\S-1-5-21-103338945-1238456750-4109559014-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c485b621-f2ab-fd40-523d-60a88218c75f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=26/01/2014&type=hp1000
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-03-31] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ezc3k48b.default
FF NewTab: about:blank
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c485b621-f2ab-fd40-523d-60a88218c75f&searchtype=hp&fr=linkury-tb&installDate=26/01/2014&type=hp1000
FF Keyword.URL: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c485b621-f2ab-fd40-523d-60a88218c75f&searchtype=ds&fr=linkury-tb&installDate=26/01/2014&type=hp1000&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-103338945-1238456750-4109559014-1000: @tools.google.com/Google Update;version=3 -> C:\Users\HP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-103338945-1238456750-4109559014-1000: @tools.google.com/Google Update;version=9 -> C:\Users\HP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-103338945-1238456750-4109559014-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\HP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-103338945-1238456750-4109559014-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ezc3k48b.default\searchplugins\Web Search.xml
FF Extension: Avira Browser Safety - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ezc3k48b.default\Extensions\abs@avira.com [2014-11-19]
Chrome:
=======
CHR HomePage: Default -> hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c485b621-f2ab-fd40-523d-60a88218c75f&searchtype=hp&fr=linkury-tb&installDate={installDate}&type=hp1000
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (New Tab Page) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2014-01-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (Google Wallet) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-19] (TuneUp Software)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-29 11:17 - 2014-11-29 11:18 - 00020707 _____ () C:\Users\HP\Desktop\FRST.txt
2014-11-29 11:16 - 2014-11-29 11:17 - 00000000 ____D () C:\FRST
2014-11-29 11:15 - 2014-11-29 11:15 - 02117632 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2014-11-29 11:13 - 2014-11-29 11:13 - 01109504 _____ (Farbar) C:\Users\HP\Desktop\FRST.exe
2014-11-25 21:28 - 2014-11-25 21:28 - 00055823 _____ () C:\Users\HP\AppData\Local\recently-used.xbel
2014-11-22 23:43 - 2014-11-22 23:43 - 00657597 _____ () C:\Users\HP\Downloads\Blog_Angels_Gimp_Wing_Brushes_by_blog_angel.zip
2014-11-19 12:37 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 12:37 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 12:37 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 12:37 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 15:56 - 2014-11-18 15:56 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-12 21:41 - 2014-11-12 21:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-12 07:31 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 07:31 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 07:31 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 07:31 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 07:31 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 07:31 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 07:31 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 07:31 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 07:31 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 07:31 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 07:31 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 07:31 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 07:31 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 07:31 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 07:31 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 07:31 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 07:31 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 07:31 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 07:31 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 07:31 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 07:31 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 07:31 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 07:31 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 07:31 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 07:31 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 07:31 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 07:31 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 07:31 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 07:31 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 07:31 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 07:31 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 07:31 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 07:31 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 07:31 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 07:31 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 07:31 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 07:31 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 07:31 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 07:31 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 07:31 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 07:31 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 07:31 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 07:31 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 07:31 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 07:31 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 07:31 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 07:31 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 07:31 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 07:31 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 07:31 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 07:31 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 07:31 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 07:31 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 07:31 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 07:31 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 07:31 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 07:31 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 07:31 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 07:31 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 07:31 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 07:31 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 07:31 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 07:31 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 07:31 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 07:31 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 07:30 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 07:30 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 07:30 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 07:30 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 07:30 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 07:30 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 07:30 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 07:30 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 07:30 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 07:30 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 07:30 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 07:30 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 07:30 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 07:30 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 07:30 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 07:30 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 07:30 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 07:30 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 07:30 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 07:30 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 07:30 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 07:30 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 07:30 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 07:30 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 07:30 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 07:30 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 07:30 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 07:30 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 07:30 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 07:30 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 07:30 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 07:30 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 07:30 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-09 18:43 - 2014-11-09 18:43 - 00041034 _____ () C:\Users\HP\Downloads\kaiserzeit_gotisch.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-29 10:55 - 2009-07-14 05:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-29 10:55 - 2009-07-14 05:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-29 10:54 - 2012-08-22 19:58 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-103338945-1238456750-4109559014-1000UA.job
2014-11-29 10:50 - 2012-08-15 23:56 - 01203306 _____ () C:\Windows\WindowsUpdate.log
2014-11-29 10:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-29 10:47 - 2009-07-14 05:51 - 00185889 _____ () C:\Windows\setupact.log
2014-11-29 10:32 - 2012-08-22 20:12 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype
2014-11-29 10:08 - 2011-04-01 00:27 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-11-29 10:08 - 2011-04-01 00:27 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-11-29 10:08 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-29 09:45 - 2012-09-07 21:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-28 21:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-28 21:43 - 2010-11-21 04:47 - 01522764 _____ () C:\Windows\PFRO.log
2014-11-28 21:31 - 2012-08-26 15:52 - 00000000 ____D () C:\Users\HP\.gimp-2.8
2014-11-28 20:54 - 2012-08-22 19:58 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-103338945-1238456750-4109559014-1000Core.job
2014-11-28 19:39 - 2012-08-16 00:54 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{766793D5-AAD2-4734-9670-74D70CF5837A}
2014-11-28 18:30 - 2013-01-30 20:01 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHP
2014-11-28 18:30 - 2013-01-30 20:01 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForHP.job
2014-11-27 12:38 - 2012-08-22 20:03 - 00002338 _____ () C:\Users\HP\Desktop\Google Chrome.lnk
2014-11-26 21:02 - 2012-08-23 18:01 - 00000000 ____D () C:\Users\HP\AppData\Local\CrashDumps
2014-11-26 20:38 - 2013-12-30 19:14 - 00000000 ____D () C:\Users\HP\Downloads\PaintToolSAI
2014-11-26 19:45 - 2012-09-07 21:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 19:45 - 2012-09-07 21:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 19:45 - 2012-09-07 21:32 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-24 18:30 - 2014-02-03 18:10 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-24 18:30 - 2012-08-27 15:12 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-23 15:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-21 18:16 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-18 15:56 - 2014-08-07 12:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-18 15:56 - 2013-08-05 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-16 13:45 - 2014-06-27 12:45 - 00000000 ____D () C:\Users\HP\Documents\Shingeki no Kyojin
2014-11-15 20:49 - 2012-08-22 19:58 - 00004072 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-103338945-1238456750-4109559014-1000UA
2014-11-15 20:49 - 2012-08-22 19:58 - 00003676 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-103338945-1238456750-4109559014-1000Core
2014-11-13 18:26 - 2013-08-18 12:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-12 12:14 - 2012-08-16 00:54 - 00086160 _____ () C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 12:13 - 2009-07-14 05:45 - 00342920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 08:40 - 2012-08-22 16:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 08:37 - 2013-07-18 05:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 08:34 - 2012-08-23 12:39 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-09 13:05 - 2012-08-16 01:19 - 00000000 ____D () C:\Users\HP\Documents\Youcam
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\APNSetup.exe
C:\Users\HP\AppData\Local\Temp\APNStub.exe
C:\Users\HP\AppData\Local\Temp\AskSLib.dll
C:\Users\HP\AppData\Local\Temp\avgnt.exe
C:\Users\HP\AppData\Local\Temp\ej5e4gmi.dll
C:\Users\HP\AppData\Local\Temp\Extract.exe
C:\Users\HP\AppData\Local\Temp\ICQInetInstaller.exe
C:\Users\HP\AppData\Local\Temp\JavaRa.exe
C:\Users\HP\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\HP\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\HP\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\HP\AppData\Local\Temp\jre-7u45-windows-i586.exe
C:\Users\HP\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\HP\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\HP\AppData\Local\Temp\onbmmkkq.dll
C:\Users\HP\AppData\Local\Temp\ose00000.exe
C:\Users\HP\AppData\Local\Temp\SkypeSetup.exe
C:\Users\HP\AppData\Local\Temp\SP52407.exe
C:\Users\HP\AppData\Local\Temp\SP52509.exe
C:\Users\HP\AppData\Local\Temp\SP53462.exe
C:\Users\HP\AppData\Local\Temp\SP54714.exe
C:\Users\HP\AppData\Local\Temp\SP55094.exe
C:\Users\HP\AppData\Local\Temp\SP55101.exe
C:\Users\HP\AppData\Local\Temp\SP55150.exe
C:\Users\HP\AppData\Local\Temp\SP55151.exe
C:\Users\HP\AppData\Local\Temp\sp58915.exe
C:\Users\HP\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\HP\AppData\Local\Temp\UninstallHPTCA.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-27 07:36
==================== End Of Log ============================
--- --- ---
Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by HP at 2014-11-29 11:18:14
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: - Gameforge)
ATI Catalyst Install Manager (HKLM\...\{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
AuraKingdom (HKLM-x32\...\{6CD3E7DA-5C23-48BD-8FC5-B269A89F06F0}) (Version: 1.1.0 - aurakingdom.to)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.3.0-3 - Wacom Technology Corp.)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Rig Europe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.61 - Broadcom Corporation)
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Crazy Chicken Kart 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elsword_DE (HKLM-x32\...\Elsword_DE_is1) (Version: - )
Elsword_EN (HKLM-x32\...\Elsword_EN_is1) (Version: - )
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Gameforge Live 1.10.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.0 - Gameforge)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKU\S-1-5-21-103338945-1238456750-4109559014-1000\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{3623E33A-6E9A-442F-9628-570C28E01EDF}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{8F4884F1-488D-4738-8F71-65A378BB484C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Hilfe (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{AF6EB833-D48A-49AC-9394-4C57489FDFF2}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6329.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java(TM) 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216034FF}) (Version: 6.0.350 - Oracle)
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Manga Studio Debut 4.0 (HKLM-x32\...\Manga Studio Debut 4.0) (Version: - )
Marketsplash Schnellzugriffe (HKLM-x32\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten (HKLM\...\{8DB5B8FE-3F8A-4D9F-911C-F85473400859}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.2020.4 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.2020.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.2020.4 - TuneUp Software) Hidden
Unity Web Player (HKU\S-1-5-21-103338945-1238456750-4109559014-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-103338945-1238456750-4109559014-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-103338945-1238456750-4109559014-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-103338945-1238456750-4109559014-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-103338945-1238456750-4109559014-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-103338945-1238456750-4109559014-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-103338945-1238456750-4109559014-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-103338945-1238456750-4109559014-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
04-11-2014 14:52:06 Windows Update
12-11-2014 06:30:27 Windows Update
12-11-2014 07:33:17 Windows Update
18-11-2014 14:54:50 Windows Update
19-11-2014 12:01:02 Windows Update
25-11-2014 14:50:49 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {009D8D1F-9D12-42BC-8577-B41CE6647527} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {08EC9B9F-7AA9-46A5-BED6-E9652B5CD1DF} - System32\Tasks\{7335D78F-45A6-4EF4-89E4-E50E47D34192} => C:\Program Files (x86)\aurakingdom.to\AuraKingdom\Launcher.exe [2014-05-29] (AuraKingdom.To)
Task: {0C4E0DA1-141C-49A8-B8E9-698037D2B6EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2B0CEDDD-C4D4-455A-B936-CBA77944AA6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard)
Task: {2D7EFE2B-ED6F-4EEF-94AB-4E50F6A3545E} - System32\Tasks\{E9974613-EC9A-4FD4-818F-7FEF451111A5} => C:\Program Files (x86)\aurakingdom.to\AuraKingdom\Launcher.exe [2014-05-29] (AuraKingdom.To)
Task: {2DADF5B0-A08B-4930-8FF5-094B6E468818} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2012-09-19] (TuneUp Software)
Task: {34251546-C06D-4B06-8C18-3E7C0B89828B} - System32\Tasks\{73909410-4DE3-4529-8B57-07C7D64D6E7D} => C:\Program Files (x86)\aurakingdom.to\AuraKingdom\Launcher.exe [2014-05-29] (AuraKingdom.To)
Task: {3603044C-F241-4B50-A08E-F52580B2F704} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-11-11] (Microsoft)
Task: {429D45BE-6C07-433D-95DD-21D086F673BB} - System32\Tasks\HPCeeScheduleForHP => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {4701EE93-7304-4A34-BFBB-36A09ED2886E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-103338945-1238456750-4109559014-1000UA => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22] (Google Inc.)
Task: {4B2FF3B3-2945-437C-8D5C-075107EB84C6} - System32\Tasks\{FFFD8D40-F30E-4352-8C5C-5F1926C514E8} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {4E430423-1580-47F2-8E28-99C8DE8040BD} - System32\Tasks\{4FD2D2DE-EBA6-4996-8A15-2916E58EF441} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {549DE434-A814-467C-B302-B6C86C76F825} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {715C8F25-60AD-4B9F-A117-FC11A257F3F0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {8A0B637E-CF66-4FAC-B4D6-BA29CE63FE6E} - System32\Tasks\{45F7D9A6-66F1-454C-B58A-5212946E3DD3} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {8BF10709-7B7A-4282-B26D-8A20BF6FA745} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2013-01-09] (Hewlett-Packard)
Task: {9268E22B-5824-4449-B1F4-478C3B872F0B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {94CC3D5D-12D7-43CA-841A-4E7D9BEE2DAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {A258EBA9-A1A3-4FD0-9CD9-C1545481AC1D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-103338945-1238456750-4109559014-1000Core => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22] (Google Inc.)
Task: {C44497C7-230F-45ED-BD7B-3FB1E8D9A258} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {D2866782-9B17-44E5-B7A1-18670B86653D} - System32\Tasks\{442141B6-C2AA-4185-9362-51443A6C3976} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {EA7A776B-F7B0-465C-ADB1-39601EFF9614} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F4D5A294-FEDF-45D0-BE35-AB6E698DB67E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] ()
Task: {FEC5B1CE-A025-410A-A4CD-1A868C247C12} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-103338945-1238456750-4109559014-1000Core.job => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-103338945-1238456750-4109559014-1000UA.job => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHP.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2012-08-15 23:53 - 2011-01-27 17:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-16 10:39 - 2012-10-16 10:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2013-12-24 21:44 - 2012-11-14 13:45 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2011-03-14 13:21 - 2011-03-14 13:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-15 08:57 - 2011-03-15 08:57 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-24 01:21 - 2010-06-24 01:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-11-27 12:38 - 2014-11-25 07:39 - 01077064 _____ () C:\Users\HP\AppData\Local\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-27 12:38 - 2014-11-25 07:39 - 00211272 _____ () C:\Users\HP\AppData\Local\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-10-16 20:03 - 2014-10-16 20:03 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2012-08-15 23:52 - 2011-01-13 02:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-06-24 01:19 - 2010-06-24 01:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-11-27 12:38 - 2014-11-25 07:39 - 09009480 _____ () C:\Users\HP\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-27 12:38 - 2014-11-25 07:39 - 01677128 _____ () C:\Users\HP\AppData\Local\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-11-27 12:38 - 2014-11-25 07:39 - 14910280 _____ () C:\Users\HP\AppData\Local\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-103338945-1238456750-4109559014-500 - Administrator - Disabled)
Gast (S-1-5-21-103338945-1238456750-4109559014-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-103338945-1238456750-4109559014-1002 - Limited - Enabled)
HP (S-1-5-21-103338945-1238456750-4109559014-1000 - Administrator - Enabled) => C:\Users\HP
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/29/2014 10:47:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/29/2014 10:37:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/29/2014 10:32:32 AM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC
Error: (11/29/2014 10:32:30 AM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC
Error: (11/29/2014 10:32:30 AM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC
Error: (11/29/2014 10:32:30 AM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC
Error: (11/29/2014 10:32:30 AM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC
Error: (11/29/2014 10:32:30 AM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC
Error: (11/29/2014 09:34:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/28/2014 11:42:10 PM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC
System errors:
=============
Error: (11/29/2014 10:16:19 AM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/28/2014 10:43:47 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/28/2014 10:23:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Audio Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/22/2014 08:11:15 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (11/20/2014 10:39:00 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/20/2014 08:59:07 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/19/2014 00:29:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.
Error: (11/12/2014 07:32:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 12.11.2014 um 12:37:57 unerwartet heruntergefahren.
Error: (11/12/2014 00:14:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Skype Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/10/2014 01:19:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 10.11.2014 um 13:12:11 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (11/29/2014 10:47:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/29/2014 10:37:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/29/2014 10:32:32 AM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description:
Error: (11/29/2014 10:32:30 AM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description:
Error: (11/29/2014 10:32:30 AM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description:
Error: (11/29/2014 10:32:30 AM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description:
Error: (11/29/2014 10:32:30 AM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description:
Error: (11/29/2014 10:32:30 AM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description:
Error: (11/29/2014 09:34:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/28/2014 11:42:10 PM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description:
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 36%
Total physical RAM: 6091.86 MB
Available physical RAM: 3853.07 MB
Total Pagefile: 12181.9 MB
Available Pagefile: 9280.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:450.98 GB) (Free:344 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.49 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5A69E63D)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End Of Log ============================
Hoffe, dass ist alles richtig so. xD |
FRST 32-Bit | FRST 64-Bit