Ich hoffe, dass alles richtig ist.
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Lydia (administrator) on LYD on 29-12-2014 13:02:13
Running from C:\Users\Lydia\Downloads
Loaded Profile: Lydia (Available profiles: Lydia)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ClickCaption) C:\Program Files (x86)\ClickCaption_1.10.0.5\Service\ccsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe
() C:\Program Files (x86)\DigiHelp\updateDigiHelp.exe
() C:\Program Files (x86)\DigiHelp\bin\utilDigiHelp.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Rational Thought Solutions) C:\ProgramData\vEjkPsYEX\qwAIjlQHm.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\StormWatch.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
() C:\Program Files (x86)\StormWatch\StormWatchApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\msm\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcupdmgr.exe
(McAfee, Inc.) C:\Program Files\mcafee\mqs\QcShm.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7535832 2014-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [gmsd_de_44] => [X]
HKLM-x32\...\Run: [gmsd_de_43] => [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
ShortcutTarget: StormWatch.lnk -> C:\Program Files (x86)\StormWatch\StormWatch.exe (Weather Protector LLC)
Startup: C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
ShortcutTarget: StormWatchApp.lnk -> C:\Program Files (x86)\StormWatch\StormWatchApp.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2795809158-1142320454-300564429-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49172;https=127.0.0.1:49172
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1419699829&from=tugs&uid=HGSTXHTS545050A7E680_TM8514GL285PLR285PLRX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1419699829&from=tugs&uid=HGSTXHTS545050A7E680_TM8514GL285PLR285PLRX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419699829&from=tugs&uid=HGSTXHTS545050A7E680_TM8514GL285PLR285PLRX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419699829&from=tugs&uid=HGSTXHTS545050A7E680_TM8514GL285PLR285PLRX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1419699829&from=tugs&uid=HGSTXHTS545050A7E680_TM8514GL285PLR285PLRX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1419699829&from=tugs&uid=HGSTXHTS545050A7E680_TM8514GL285PLR285PLRX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419699829&from=tugs&uid=HGSTXHTS545050A7E680_TM8514GL285PLR285PLRX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419699829&from=tugs&uid=HGSTXHTS545050A7E680_TM8514GL285PLR285PLRX&q={searchTerms}
HKU\S-1-5-21-2795809158-1142320454-300564429-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2795809158-1142320454-300564429-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1419699829&from=tugs&uid=HGSTXHTS545050A7E680_TM8514GL285PLR285PLRX
HKU\S-1-5-21-2795809158-1142320454-300564429-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_GbHG1dd3_ZUO7tkuhcO4Hq0dBdUXyykHoLPxYCPaBa-H441RduCI-wrFpWSpgMeFi5h9_HRz6KmN-GHmOMx9GIwCW0pf1xOGkySip0Nbe9nk_yT2UyGM6XDHSvAX_myy_hKGA5CHjWrX__bQJEnEmSSZNBKXdhi5A,,&q={searchTerms}
HKU\S-1-5-21-2795809158-1142320454-300564429-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_GbHG1dd3_ZUO7tkuhcO4Hq0dBdUXyykHoLPxYCPaBa-H441RduCI-wrFpWSpgMeFi5h9_HRz6KmN-GHmOMx9GIwCW0pf1xOGkySip0Nbe9nk_yT2UyGM6XDHSvAX_myy_hKGA5CHjWrX__bQJEnEmSSZNBKXdhi5A,,&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419699829&from=tugs&uid=HGSTXHTS545050A7E680_TM8514GL285PLR285PLRX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419699829&from=tugs&uid=HGSTXHTS545050A7E680_TM8514GL285PLR285PLRX&q={searchTerms}
SearchScopes: HKLM -> {BE8DD934-3264-4C52-847D-B7ED7C851A0B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_GbHG1dd3_ZUO7tkuhcO4Hq0dBdUXyykHoLPxYCPaBa-H441RduCI-wrFpWSpgMeFi5h9_HRz6KmN-GHmOMx9GIwCW0pf1xOGkySip0Nbe9nk_yT2UyGM6XDHSvAX_myy_hKGA5CHjWsP4gkxkKfmUzY3dwWzDXT8Q,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_GbHG1dd3_ZUO7tkuhcO4Hq0dBdUXyykHoLPxYCPaBa-H441RduCI-wrFpWSpgMeFi5h9_HRz6KmN-GHmOMx9GIwCW0pf1xOGkySip0Nbe9nk_yT2UyGM6XDHSvAX_myy_hKGA5CHjWsP4gkxkKfmUzY3dwWzDXT8Q,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2795809158-1142320454-300564429-1002 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_52_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtA0DtD0E0C0Fzz0EyDtAtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtAyCtB0A0FyByDtG0DyCtBtAtG0ByC0DzytGtD0Czz0CtGtD0E0EtCzztBtB0B0F0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtCtB0EyDzy0DtBtG0BtDtDtBtGyEzyyE0CtG0BtA0C0AtGzyyByDyDtDtC0EtD0CtAyBtB2Q&cr=2063728965&ir=
SearchScopes: HKU\S-1-5-21-2795809158-1142320454-300564429-1002 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_52_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtA0DtD0E0C0Fzz0EyDtAtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtAyCtB0A0FyByDtG0DyCtBtAtG0ByC0DzytGtD0Czz0CtGtD0E0EtCzztBtB0B0F0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtCtB0EyDzy0DtBtG0BtDtDtBtGyEzyyE0CtG0BtA0C0AtGzyyByDyDtDtC0EtD0CtAyBtB2Q&cr=2063728965&ir=
SearchScopes: HKU\S-1-5-21-2795809158-1142320454-300564429-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M3E14D039-4F4D-466C-85BC-5121F86C28AE&SearchSource=58&CUI=&UM=8&UP=SP82C0F8BE-5565-4BA1-A217-632D77222099&q={searchTerms}&SSPV=T221911_sp_ie
SearchScopes: HKU\S-1-5-21-2795809158-1142320454-300564429-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_GbHG1dd3_ZUO7tkuhcO4Hq0dBdUXyykHoLPxYCPaBa-H441RduCI-wrFpWSpgMeFi5h9_HRz6KmN-GHmOMx9GIwCW0pf1xOGkySip0Nbe9nk_yT2UyGM6XDHSvAX_myy_hKGA5CHjWsP4gkxkKfmUzY3dwWzDXT8Q,,&q={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: DigiHelp 1.0.0.6 -> {5bee7be9-df29-4c14-a18e-2bdd06205e29} -> C:\Program Files (x86)\DigiHelp\DigiHelpbho.dll (DigiHelp)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-08-30]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default ->
CHR RestoreOnStartup: Default -> ""
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-27]
CHR Extension: (Google Docs) - C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-27]
CHR Extension: (Google Drive) - C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-27]
CHR Extension: (YouTube) - C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-27]
CHR Extension: (Google-Suche) - C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-27]
CHR Extension: (Google Tabellen) - C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-27]
CHR Extension: (AdBlock) - C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2014-12-27]
CHR Extension: (Google Wallet) - C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-27]
CHR Extension: (Google Mail) - C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-17] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 ccsvc_1.10.0.5; C:\Program Files (x86)\ClickCaption_1.10.0.5\Service\ccsvc.exe [277584 2014-12-12] (ClickCaption)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 qwAIjlQHm; C:\ProgramData\vEjkPsYEX\qwAIjlQHm.exe [2734464 2014-12-27] (Rational Thought Solutions)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-13] (Realtek Semiconductor)
R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-22] (Weather Protector LLC)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-25] (Advanced Micro Devices, Inc.)
R2 Update DigiHelp; C:\Program Files (x86)\DigiHelp\updateDigiHelp.exe [524520 2014-12-27] ()
R2 Util DigiHelp; C:\Program Files (x86)\DigiHelp\bin\utilDigiHelp.exe [524520 2014-12-27] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-08-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-08-31] (Microsoft Corporation)
S4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-27] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-25] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-25] (Advanced Micro Devices, Inc. )
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R1 ccnfd_1_10_0_5; C:\Windows\System32\drivers\ccnfd_1_10_0_5.sys [58232 2014-12-12] (ClickCaption)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-08-31] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R1 {2b4f8230-394e-4951-9495-bafd44d837da}Gw64; C:\Windows\System32\drivers\{2b4f8230-394e-4951-9495-bafd44d837da}Gw64.sys [48776 2014-12-27] (StdLib)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-29 13:02 - 2014-12-29 13:03 - 00023407 _____ () C:\Users\Lydia\Downloads\FRST.txt
2014-12-29 13:01 - 2014-12-29 13:02 - 00000000 ____D () C:\FRST
2014-12-29 13:01 - 2014-12-29 13:01 - 02123264 _____ (Farbar) C:\Users\Lydia\Downloads\FRST64.exe
2014-12-28 21:57 - 2014-12-28 21:57 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-28 12:22 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-12-27 23:07 - 2014-12-27 23:07 - 00001484 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-12-27 23:07 - 2014-12-27 23:07 - 00000000 ____D () C:\Users\Lydia\AppData\Roaming\LibreOffice
2014-12-27 23:07 - 2014-12-27 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-12-27 23:05 - 2014-12-27 23:07 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-12-27 22:41 - 2014-12-27 22:52 - 220569600 _____ () C:\Users\Lydia\Downloads\LibreOffice_4.2.8_Win_x86.msi
2014-12-27 21:59 - 2014-12-27 21:59 - 00001050 _____ () C:\Users\Lydia\Desktop\PhotoScape.lnk
2014-12-27 21:59 - 2014-12-27 21:59 - 00000000 ____D () C:\Users\Lydia\AppData\Roaming\PhotoScape
2014-12-27 21:59 - 2014-12-27 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2014-12-27 21:58 - 2014-12-27 21:59 - 00000000 ____D () C:\Program Files (x86)\PhotoScape
2014-12-27 21:57 - 2014-12-27 21:58 - 21360800 _____ (Mooii) C:\Users\Lydia\Downloads\PhotoScape_V3.7.exe
2014-12-27 21:46 - 2014-12-27 21:46 - 00000000 _____ () C:\autoexec.bat
2014-12-27 21:45 - 2014-12-27 21:48 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-12-27 21:45 - 2014-12-27 21:45 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-12-27 21:42 - 2014-12-27 21:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Lydia\Downloads\SpyHunter-installer.exe
2014-12-27 21:09 - 2014-12-27 21:09 - 00000917 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-12-27 21:04 - 2014-12-27 21:08 - 00000000 ____D () C:\Program Files\GIMP 2
2014-12-27 20:55 - 2014-12-27 21:02 - 91670064 _____ (The GIMP Team ) C:\Users\Lydia\Downloads\gimp-2.8.14-setup.exe
2014-12-27 20:53 - 2014-12-29 12:27 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-27 20:53 - 2014-12-28 23:07 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-27 20:53 - 2014-12-27 21:16 - 00002202 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-27 20:53 - 2014-12-27 21:02 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-27 20:53 - 2014-12-27 21:02 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-27 20:53 - 2014-12-27 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-27 20:45 - 2014-12-27 20:45 - 00000000 ____D () C:\Users\Lydia\AppData\Roaming\hpqlog
2014-12-27 20:45 - 2014-12-27 20:45 - 00000000 ____D () C:\Users\Lydia\AppData\Local\Hewlett-Packard
2014-12-27 20:39 - 2014-12-27 21:36 - 00000000 ____D () C:\Users\Lydia\.gimp-2.8
2014-12-27 20:39 - 2014-12-27 20:39 - 00000000 ____D () C:\Users\Lydia\AppData\Local\gegl-0.2
2014-12-27 19:21 - 2014-12-27 19:21 - 00689152 _____ (The Chromium Authors) C:\Users\Lydia\Downloads\chrome.exe
2014-12-27 19:20 - 2014-12-27 01:23 - 00048776 _____ (StdLib) C:\Windows\system32\Drivers\{2b4f8230-394e-4951-9495-bafd44d837da}Gw64.sys
2014-12-27 19:18 - 2014-12-27 19:18 - 76880312 _____ (The GIMP Team ) C:\Users\Lydia\Downloads\gimp.exe
2014-12-27 19:18 - 2014-12-27 19:18 - 00003238 _____ () C:\Windows\System32\Tasks\PC Speed Maximizer Schedule
2014-12-27 19:18 - 2014-12-27 19:18 - 00000000 ____D () C:\Users\Lydia\Documents\PC Speed Maximizer
2014-12-27 19:17 - 2014-12-27 20:25 - 00000000 ____D () C:\Users\Lydia\AppData\Local\Vosteran
2014-12-27 19:17 - 2014-12-27 19:31 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-12-27 19:17 - 2014-12-27 19:17 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-12-27 19:17 - 2014-12-27 19:17 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-12-27 19:12 - 2014-12-27 20:27 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-12-27 19:12 - 2014-12-27 19:18 - 00000000 ____D () C:\Program Files (x86)\DigiHelp
2014-12-27 19:12 - 2014-12-27 19:11 - 00613057 _____ (CMI Limited) C:\Users\Lydia\AppData\Local\nspA1A2.tmp
2014-12-27 19:09 - 2014-12-27 19:09 - 00803768 _____ ( ) C:\Users\Lydia\Downloads\gimp_setup.exe
2014-12-27 19:05 - 2014-12-27 19:05 - 00613057 _____ (CMI Limited) C:\Users\Lydia\AppData\Local\nsf1645.tmp
2014-12-27 18:57 - 2014-12-27 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-27 18:56 - 2014-12-27 18:56 - 00000000 ____D () C:\Program Files (x86)\predm
2014-12-27 18:56 - 2014-12-27 18:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-27 18:52 - 2014-12-27 18:52 - 00003094 _____ () C:\Windows\System32\Tasks\{1D69E84D-6DE1-4C24-9C3D-B41E8AF7475C}
2014-12-27 18:51 - 2014-12-28 23:05 - 00000000 ____D () C:\Users\Lydia\AppData\Local\HealthAlert
2014-12-27 18:51 - 2014-12-27 18:51 - 00000000 ____D () C:\ProgramData\1078601655
2014-12-27 18:50 - 2014-12-27 19:37 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-12-27 18:50 - 2014-12-27 19:31 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-12-27 18:50 - 2014-12-27 19:17 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-12-27 18:48 - 2014-12-27 18:48 - 00000000 __SHD () C:\Users\Lydia\AppData\Roaming\AnyProtectEx
2014-12-27 18:48 - 2014-12-27 18:47 - 00613057 _____ (CMI Limited) C:\Users\Lydia\AppData\Local\nsaC429.tmp
2014-12-27 18:47 - 2014-12-27 20:34 - 00000000 ____D () C:\ProgramData\HealthAlert
2014-12-27 18:47 - 2014-12-27 18:47 - 00000000 ____D () C:\ProgramData\vEjkPsYEX
2014-12-27 18:44 - 2014-12-27 20:43 - 00000000 ____D () C:\Users\Lydia\AppData\Local\Chrome
2014-12-27 18:43 - 2014-12-27 18:43 - 00000000 ____D () C:\Users\Lydia\Documents\Optimizer Pro
2014-12-27 18:40 - 2014-12-27 18:40 - 00003790 _____ () C:\Windows\System32\Tasks\Chrome
2014-12-27 18:37 - 2014-12-27 18:37 - 00000000 ____D () C:\Program Files (x86)\ClickCaption_1.10.0.5
2014-12-27 18:15 - 2014-12-27 18:51 - 00000000 ____D () C:\ProgramData\2355320829
2014-12-27 18:10 - 2014-12-27 18:10 - 00004014 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder
2014-12-27 18:06 - 2014-12-27 20:53 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-27 18:06 - 2014-12-27 18:07 - 00000000 ____D () C:\Users\Lydia\AppData\Local\Google
2014-12-27 18:05 - 2014-12-27 18:06 - 00000000 ____D () C:\Users\Lydia\AppData\Local\Deployment
2014-12-27 18:05 - 2014-12-27 18:05 - 00000000 ____D () C:\Users\Lydia\AppData\Local\Apps\2.0
2014-12-27 18:05 - 2014-12-27 18:05 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-27 18:05 - 2014-12-27 18:05 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-12-27 18:04 - 2014-12-27 18:36 - 00002183 _____ () C:\Windows\patsearch.bin
2014-12-27 18:04 - 2014-12-27 18:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-27 18:03 - 2014-12-27 18:19 - 00000000 ____D () C:\Users\Lydia\AppData\Roaming\omiga-plus
2014-12-27 18:03 - 2014-12-27 18:03 - 00000000 ____D () C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-12-27 18:03 - 2014-12-27 18:03 - 00000000 ____D () C:\Users\Lydia\AppData\Local\Weather_Protector_LLC
2014-12-27 18:02 - 2014-12-27 20:44 - 00000000 ____D () C:\Users\Lydia\AppData\Local\StormWatch
2014-12-27 18:02 - 2014-12-27 18:54 - 00000000 ____D () C:\Users\Lydia\AppData\Roaming\InetStat
2014-12-27 18:02 - 2014-12-27 18:02 - 00000000 ____D () C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
2014-12-27 18:02 - 2014-12-27 18:02 - 00000000 ____D () C:\Program Files (x86)\StormWatch
2014-12-27 18:00 - 2014-12-28 21:53 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9D2852DD-2883-40F6-84A5-9A1950E888B6}
2014-12-27 18:00 - 2014-12-27 18:00 - 00000000 __SHD () C:\Users\Lydia\AppData\Local\EmieUserList
2014-12-27 18:00 - 2014-12-27 18:00 - 00000000 __SHD () C:\Users\Lydia\AppData\Local\EmieSiteList
2014-12-27 17:51 - 2014-12-29 12:32 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2795809158-1142320454-300564429-1002
2014-12-27 17:51 - 2014-12-27 17:51 - 00000000 ____D () C:\Users\Lydia\AppData\Roaming\Macromedia
2014-12-27 17:50 - 2014-12-27 18:10 - 00000000 ____D () C:\Users\Lydia\AppData\Roaming\Hewlett-Packard
2014-12-27 17:50 - 2014-12-27 17:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-12-27 17:48 - 2014-12-29 12:29 - 00000000 ____D () C:\Users\Lydia\Documents\Youcam
2014-12-27 17:48 - 2014-12-27 17:48 - 00000000 __RDO () C:\Users\Lydia\OneDrive
2014-12-27 17:48 - 2014-12-27 17:48 - 00000000 ____D () C:\Users\Lydia\AppData\Local\CyberLink
2014-12-27 17:46 - 2014-12-27 18:03 - 00001689 _____ () C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-27 17:46 - 2014-12-27 17:46 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-27 17:46 - 2014-12-27 17:46 - 00000000 ____D () C:\Users\Lydia\AppData\Roaming\Synaptics
2014-12-27 17:46 - 2014-12-27 17:46 - 00000000 ____D () C:\Users\Lydia\AppData\Roaming\Adobe
2014-12-27 17:46 - 2014-12-27 17:46 - 00000000 ____D () C:\Users\Lydia\AppData\Local\VirtualStore
2014-12-27 17:46 - 2014-12-27 17:46 - 00000000 ____D () C:\Users\Lydia\AppData\Local\Power2Go8
2014-12-27 17:46 - 2014-08-30 14:34 - 00002245 _____ () C:\Users\Public\Desktop\Snapfish Fotos.lnk
2014-12-27 17:45 - 2014-12-27 20:39 - 00000000 ____D () C:\Users\Lydia
2014-12-27 17:45 - 2014-12-27 18:59 - 00000000 ____D () C:\Users\Lydia\AppData\Local\Packages
2014-12-27 17:45 - 2014-12-27 17:45 - 00000020 ___SH () C:\Users\Lydia\ntuser.ini
2014-12-27 17:45 - 2014-12-27 17:45 - 00000000 _SHDL () C:\Users\Lydia\Vorlagen
2014-12-27 17:45 - 2014-12-27 17:45 - 00000000 _SHDL () C:\Users\Lydia\Startmenü
2014-12-27 17:45 - 2014-12-27 17:45 - 00000000 _SHDL () C:\Users\Lydia\Netzwerkumgebung
2014-12-27 17:45 - 2014-12-27 17:45 - 00000000 _SHDL () C:\Users\Lydia\Lokale Einstellungen
2014-12-27 17:45 - 2014-12-27 17:45 - 00000000 _SHDL () C:\Users\Lydia\Eigene Dateien
2014-12-27 17:45 - 2014-12-27 17:45 - 00000000 _SHDL () C:\Users\Lydia\Druckumgebung
2014-12-27 17:45 - 2014-12-27 17:45 - 00000000 _SHDL () C:\Users\Lydia\Documents\Eigene Musik
2014-12-27 17:45 - 2014-12-27 17:45 - 00000000 _SHDL () C:\Users\Lydia\Documents\Eigene Bilder
2014-12-27 17:45 - 2014-12-27 17:45 - 00000000 _SHDL () C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-27 17:45 - 2014-12-27 17:45 - 00000000 _SHDL () C:\Users\Lydia\AppData\Local\Verlauf
2014-12-27 17:45 - 2014-12-27 17:45 - 00000000 _SHDL () C:\Users\Lydia\AppData\Local\Anwendungsdaten
2014-12-27 17:45 - 2014-12-27 17:45 - 00000000 _SHDL () C:\Users\Lydia\Anwendungsdaten
2014-12-27 17:45 - 2014-08-31 00:01 - 00000000 ___RD () C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-27 17:45 - 2014-05-06 18:42 - 00000000 ___HD () C:\Users\Lydia\Documents\hp.system.package.metadata
2014-12-27 17:45 - 2014-03-18 11:06 - 00000000 ___RD () C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-27 17:45 - 2014-03-18 10:54 - 00000369 _____ () C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-27 17:45 - 2014-03-18 10:54 - 00000369 _____ () C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-27 17:45 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-27 17:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-27 17:42 - 2014-12-29 13:02 - 01257910 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Programme
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-12-12 00:53 - 2014-12-12 00:53 - 00058232 _____ (ClickCaption) C:\Windows\system32\Drivers\ccnfd_1_10_0_5.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-29 13:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-29 12:58 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-29 12:29 - 2014-08-30 14:28 - 00001867 _____ () C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2014-12-29 12:29 - 2014-05-06 18:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-12-28 22:15 - 2014-05-07 03:46 - 00800954 _____ () C:\Windows\system32\perfh007.dat
2014-12-28 22:15 - 2014-05-07 03:46 - 00174458 _____ () C:\Windows\system32\perfc007.dat
2014-12-28 22:15 - 2014-03-18 10:53 - 01921090 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-28 22:09 - 2014-08-30 14:26 - 00369772 _____ () C:\Windows\SysWOW64\rootpa.e2e
2014-12-28 22:09 - 2014-08-30 14:17 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-12-28 22:09 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-28 22:09 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-28 21:49 - 2014-03-18 10:44 - 00028878 _____ () C:\Windows\PFRO.log
2014-12-28 21:49 - 2013-08-22 15:44 - 00397856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-28 13:18 - 2014-05-06 18:47 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-12-28 12:21 - 2014-08-30 14:26 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-12-28 12:20 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-12-28 12:18 - 2014-08-30 14:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-27 23:21 - 2014-08-30 14:35 - 00000000 ____D () C:\Users\Public\CyberLink
2014-12-27 20:44 - 2013-08-22 14:25 - 00000226 _____ () C:\Windows\win.ini
2014-12-27 19:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-27 18:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\restore
2014-12-27 18:36 - 2013-08-22 15:46 - 00025210 _____ () C:\Windows\setupact.log
2014-12-27 17:52 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-27 17:46 - 2014-08-30 14:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-12-27 17:46 - 2014-05-06 19:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-12-27 17:46 - 2014-05-06 19:07 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-12-27 17:46 - 2014-05-06 18:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-12-27 17:45 - 2014-04-01 02:07 - 00000000 ___HD () C:\SYSTEM.SAV
2014-12-27 15:42 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-27 15:39 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-12-27 15:39 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2014-12-27 15:38 - 2014-04-02 11:25 - 00000000 ____D () C:\Windows\Panther
Some content of TEMP:
====================
C:\Users\Lydia\AppData\Local\Temp\5B9DA6E7-ACA7-7F4B-9970-8F9E98DD8D7F.dll
C:\Users\Lydia\AppData\Local\Temp\5B9DA6E7-ACA7-7F4B-9970-8F9E98DD8D7F.exe
C:\Users\Lydia\AppData\Local\Temp\627C64B7-C1B6-016E-8F3B-FBBA91FFC1BA.exe
C:\Users\Lydia\AppData\Local\Temp\7B27F0A8-1CB4-C3AB-33CC-40F729B863CD.dll
C:\Users\Lydia\AppData\Local\Temp\7B27F0A8-1CB4-C3AB-33CC-40F729B863CD.exe
C:\Users\Lydia\AppData\Local\Temp\EA377C1C-9975-DE0F-7467-0BFF4BC0075E.exe
C:\Users\Lydia\AppData\Local\Temp\ICSW_0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q.exe
C:\Users\Lydia\AppData\Local\Temp\optprosetup.exe
C:\Users\Lydia\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-04-02 10:25
==================== End Of Log ============================ --- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Lydia at 2014-12-29 13:05:35
Running from C:\Users\Lydia\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{7536C341-2F7D-EFE6-F521-DEBE68B025C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DigiHelp (HKLM\...\DigiHelp) (Version: 2014.12.27.172142 - DigiHelp) <==== ATTENTION!
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2251.0 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Health Alert (HKLM-x32\...\HealthAlert) (Version: 2.7.51 - Rational Thought Solutions)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2795809158-1142320454-300564429-1002\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{F29E3AA8-CF19-4452-92B7-F1FE31CD11C5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
LibreOffice 4.2.8.2 (HKLM-x32\...\{2D3234B2-FC7B-41CD-9FC8-4F9C2C20C131}) (Version: 4.2.8.2 - The Document Foundation)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Ihr Firmenname)
omiga-plus uninstall (HKLM-x32\...\omiga-plus uninstall) (Version: - omiga-plus) <==== ATTENTION
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7164 - Realtek Semiconductor Corp.)
StormWatch (HKU\S-1-5-21-2795809158-1142320454-300564429-1002\...\StormWatch) (Version: 1.0.1.36 - StormWatch) <==== ATTENTION!
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
27-12-2014 18:53:24 Removed LPT System Updater Service
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02EDBE82-C734-4E00-A172-B9266A239819} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {16CD8C54-5EA6-4BB1-A8F1-A4DEE7A0807F} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {22DB74DA-2E0F-48F4-B374-F30B0121E831} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {24F4C239-005D-4663-852A-6962C3E5E233} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {4FC987D6-E919-4E66-AF1E-B8E0992A5B4C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {56364AEF-04EF-4A7B-A050-72A927960D0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-27] (Google Inc.)
Task: {5F45FBE5-5F11-455A-941F-9EE3986FD430} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {619071A5-B6F0-4879-BC44-0BB93D53A281} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-27] (Google Inc.)
Task: {691E4C20-935E-4EBE-B8DD-3BB8FE60C357} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2013-12-14] ()
Task: {6D619A4E-3E98-4FFC-8295-866A52ED6E84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {8A6427F1-39E2-48F3-A33F-5473D0ED415E} - System32\Tasks\{1D69E84D-6DE1-4C24-9C3D-B41E8AF7475C} => pcalua.exe -a C:\ProgramData\HealthAlert\uninstall.exe -c /kb=y /ic=1
Task: {A9B1888F-18AB-4A71-B89B-CBBD14FFD96E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {B37E0B70-44F2-4CA9-AD12-101850DD20AC} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files (x86)\PC Speed Maximizer\SPMSchedule.exe [2014-11-14] (Avanquest Software)
Task: {C018897E-2BBF-48CF-875B-6364A59362A7} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CD6D9021-C37F-4127-9A9C-E77003CDD8F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {E52D5820-E4F1-4163-B1E0-D6AE37D30B78} - System32\Tasks\Chrome => C:\Users\Lydia\AppData\Local\Temp\Rau\PackerV2.exe [2014-12-23] (Packer Framework) <==== ATTENTION
Task: {FBF2FC47-8847-4B8E-BB23-F3DED934B9DB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-03-28 12:31 - 2014-03-28 12:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-04-17 14:38 - 2014-04-17 14:38 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-04-17 14:37 - 2014-04-17 14:37 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-27 18:21 - 2014-12-27 18:21 - 00524520 _____ () C:\Program Files (x86)\DigiHelp\updateDigiHelp.exe
2014-12-27 19:18 - 2014-12-27 19:18 - 00524520 _____ () C:\Program Files (x86)\DigiHelp\bin\utilDigiHelp.exe
2014-03-28 12:36 - 2014-03-28 12:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-11-25 20:47 - 2014-11-25 20:47 - 01465880 _____ () C:\Program Files (x86)\StormWatch\StormWatchApp.exe
2014-12-27 21:16 - 2014-12-16 18:00 - 01521992 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2251.0\libglesv2.dll
2014-12-27 21:16 - 2014-12-16 18:00 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2251.0\libegl.dll
2014-12-27 21:16 - 2014-12-16 18:00 - 11275080 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2251.0\pdf.dll
2014-12-27 21:16 - 2014-12-16 18:00 - 26725192 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2251.0\PepperFlash\pepflashplayer.dll
2014-08-30 14:36 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 14:48 - 2013-08-05 14:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Lydia\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2795809158-1142320454-300564429-500 - Administrator - Disabled)
Gast (S-1-5-21-2795809158-1142320454-300564429-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2795809158-1142320454-300564429-1004 - Limited - Enabled)
Lydia (S-1-5-21-2795809158-1142320454-300564429-1002 - Administrator - Enabled) => C:\Users\Lydia
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/29/2014 00:26:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46753656
Error: (12/29/2014 00:26:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46753656
Error: (12/29/2014 00:26:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/28/2014 00:05:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45560250
Error: (12/28/2014 00:05:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45560250
Error: (12/28/2014 00:05:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/27/2014 11:25:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 231203
Error: (12/27/2014 11:25:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 231203
Error: (12/27/2014 11:25:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/27/2014 11:21:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1500
System errors:
=============
Error: (12/29/2014 00:26:55 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "G:" können nicht gelesen werden.
Error: (12/28/2014 09:56:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (12/28/2014 04:20:57 PM) (Source: DCOM) (EventID: 10010) (User: Lyd)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (12/28/2014 04:20:57 PM) (Source: DCOM) (EventID: 10010) (User: Lyd)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (12/28/2014 00:49:20 PM) (Source: DCOM) (EventID: 10010) (User: Lyd)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (12/28/2014 00:48:50 PM) (Source: DCOM) (EventID: 10010) (User: Lyd)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (12/28/2014 00:22:40 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: 1053mcpltsvcNicht verfügbar{20966775-18A4-4299-B8E3-772C336B52A7}
Error: (12/28/2014 00:22:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/28/2014 00:22:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Platform Services erreicht.
Error: (12/28/2014 00:22:39 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: 1053mcpltsvcNicht verfügbar{20966775-18A4-4299-B8E3-772C336B52A7}
Microsoft Office Sessions:
=========================
Error: (12/29/2014 00:26:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46753656
Error: (12/29/2014 00:26:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46753656
Error: (12/29/2014 00:26:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/28/2014 00:05:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45560250
Error: (12/28/2014 00:05:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45560250
Error: (12/28/2014 00:05:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/27/2014 11:25:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 231203
Error: (12/27/2014 11:25:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 231203
Error: (12/27/2014 11:25:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/27/2014 11:21:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1500
==================== Memory info ===========================
Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 45%
Total physical RAM: 7112.98 MB
Available physical RAM: 3909.05 MB
Total Pagefile: 8904.98 MB
Available Pagefile: 5547.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:448.06 GB) (Free:414.53 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.68 GB) (Free:1.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: EAD2A2F5)
Partition: GPT Partition Type.
==================== End Of Log ============================ |