| |
| |||||||
Log-Analyse und Auswertung: Fehler bei Windowsstart: RegWvr32Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.09.2014, 23:21
| #1 |
 |  Fehler bei Windowsstart: RegWvr32 Hallo liebe Helferlein  .Seit eineigen Tagen (2-4???) kommt bei jedem Start die Meldung: "RegSvr32 Fehler beim Laden des Moduls "C:\ProgramData\UyhoSpeaks.dat". Stellen sie sicher, dass die Binärdatei am angegebenen Pfad gespeichert ist, debuggen Sie die Datei, um Probleme mit der binären Datei oder abhängigen DLL-Dateinen auszuschließen. Unzulässiger Zugriff auf einen Speicherbereich" Da ich auf eigene Faust lieber nichts versuchen möchte und es vermutlich auch besser ist, wenn ich nichts ausprobiere, was hier in den Foren gepostet wurde, richte ich mich lieber direkt an die Experten.  Ich habe mir schon mal die Anleitung durchgelesen und habe deswegen auch schon ein paar logs, die ich posten kann: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:51 on 09/09/2014 (HP)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
hier die FRST FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by HP (administrator) on HP-PC on 09-09-2014 23:53:08
Running from C:\Users\HP\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Tor\tor.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Razer USA Ltd) D:\Razer\Nostromo\RazerNostromoSysTray.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Apple Inc.) D:\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(SRWare) D:\SRWare Iron\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SRWare) D:\SRWare Iron\chrome.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(SRWare) D:\SRWare Iron\chrome.exe
(SRWare) D:\SRWare Iron\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-11-13] (Sun Microsystems, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [136472 2008-04-21] (Acronis)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-22] (IDT, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622296 2008-04-21] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [911168 2008-04-21] (Acronis)
HKLM-x32\...\Run: [Razer Nostromo Driver] => D:\Razer\Nostromo\RazerNostromoSysTray.exe [978840 2011-07-19] (Razer USA Ltd)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-10] (Easybits)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => D:\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAA0ADUAMQA3ADIANAA4ADAALQBGAEwAKwA5AC0ARgA5AE0ANgArADEALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBYAE8AOQArADEALQBGADkATQAzACsAMQA"&"prod=90"&"ver=9.0.894
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Security Task Manager <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\G DATA <====== ATTENTION
HKU\S-1-5-21-2555088232-885827233-2013826137-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-2555088232-885827233-2013826137-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-2555088232-885827233-2013826137-1000\...\Run: [Google Update] => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-02] (Google Inc.)
HKU\S-1-5-21-2555088232-885827233-2013826137-1000\...\Run: [UyhoSpeks] => regsvr32.exe "C:\ProgramData\UyhoSpeks\UyhoSpeks.dat"
HKU\S-1-5-21-2555088232-885827233-2013826137-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2555088232-885827233-2013826137-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2555088232-885827233-2013826137-1000\...\MountPoints2: {bd9ff9f5-656f-11e3-9795-00269edb553a} - G:\Startme.exe
Lsa: [Authentication Packages] msv1_0 relog_ap
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {C7189C49-7D73-48F0-B558-CBBD6EB82C3B} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: G Data WebFilter -> {0124123D-61B4-456f-AF86-78C53A0790C5} -> C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: G Data WebFilter -> {0124123D-61B4-456f-AF86-78C53A0790C5} -> C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-11-13] (EasyBits Software Corp.)
ShellExecuteHooks-x32: - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\nfhafob6.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Mozilla Plugins\npitunes.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\HP\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\HP\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\HP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Re-markit - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\nfhafob6.default\Extensions\150 [2014-01-14]
FF Extension: Greasemonkey - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\nfhafob6.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011-11-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [Not Found]
FF Extension: No Name - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\nfhafob6.default\extensions\e9043bba-bb1e-4491-8ff2-1ba673d54856@1d3800b4-5ed5-4f67-bf08-0d0c43a7b67b.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR DefaultSearchKeyword: Default -> 65002E7A8295926ED283821900605209A8E78E4EEEB83EFEC65F73E863EDF185
CHR DefaultSearchURL: Default -> 067C995647CA24149D46BC4C9FCAC8EE37AB41BB548F93B79CEC11D3EDF63E90
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\HP\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\HP\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\HP\AppData\Local\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Harmony Firefox Plugin) - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Unity Player) - C:\Users\HP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\HP\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Google Update) - C:\Users\HP\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (npuplaypc.dll) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoilcbjfkbdplcfglkiedhefcomondlk [2014-01-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (GeoGebra) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-01-14]
CHR Extension: (Google-Suche) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Grepolis) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog [2012-02-22]
CHR Extension: (Google Wallet) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (Google Mail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR StartMenuInternet: Google Chrome - C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2007-03-09] () [File not signed]
S4 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1178184 2010-08-27] (G Data Software AG)
S4 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [410696 2010-03-31] (G Data Software AG)
S4 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [1865344 2010-08-26] ()
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
S3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [1718608 1937-11-25] (G Data Software AG)
S3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [340552 2010-08-25] (G Data Software AG)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-15] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-22] (IDT, Inc.)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-06-12] (soft Xpansion)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-13] () [File not signed]
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498952 2008-04-21] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S3 OverwolfUpdaterService; No ImagePath
S2 Windows Internet Name Service; No ImagePath
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-05-07] ()
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [40392 2011-02-20] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [85960 2011-02-20] (G Data Software AG)
S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [57288 2011-02-20] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [48584 2011-02-20] (G DATA Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106224 2011-02-20] (G Data Software)
R1 GRD; C:\Windows\SysWOW64\drivers\GRD.sys [106224 2011-06-29] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [49096 2011-02-20] (G Data Software AG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-05-07] ()
R3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 23:53 - 2014-09-09 23:53 - 00024590 _____ () C:\Users\HP\Desktop\FRST.txt
2014-09-09 23:53 - 2014-09-09 23:53 - 00000000 ____D () C:\FRST
2014-09-09 23:51 - 2014-09-09 23:52 - 02105344 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2014-09-09 23:51 - 2014-09-09 23:51 - 00000466 _____ () C:\Users\HP\Desktop\defogger_disable.log
2014-09-09 23:51 - 2014-09-09 23:51 - 00000000 _____ () C:\Users\HP\defogger_reenable
2014-09-09 23:46 - 2014-09-09 23:46 - 00050477 _____ () C:\Users\HP\Desktop\Defogger.exe
2014-09-09 10:53 - 2014-09-09 11:04 - 00000000 ____D () C:\Users\HP\AppData\Roaming\.minecraft
2014-09-08 21:28 - 2014-09-08 21:28 - 00274824 _____ () C:\Windows\Minidump\090814-26020-01.dmp
2014-09-06 20:33 - 2014-09-06 20:33 - 00000550 _____ () C:\Users\Public\Desktop\SRWare Iron.lnk
2014-09-06 20:33 - 2014-09-06 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2014-09-06 20:32 - 2014-09-06 20:32 - 42019725 _____ (SRWare ) C:\Users\HP\Downloads\srware_iron_36.0.1950.0.exe
2014-09-06 12:35 - 2014-09-06 12:35 - 00000000 ____D () C:\ProgramData\UyhoSpeks
2014-09-05 14:48 - 2014-09-05 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-05 14:48 - 2014-09-05 14:48 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-08-13 15:46 - 2014-08-13 15:46 - 00000000 ____D () C:\Users\HP\AppData\Local\Adobe
2014-08-12 19:51 - 2014-08-12 19:51 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-12 19:51 - 2014-08-12 19:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-12 19:51 - 2014-08-12 19:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-12 19:51 - 2014-08-12 19:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 23:53 - 2014-09-09 23:53 - 00024590 _____ () C:\Users\HP\Desktop\FRST.txt
2014-09-09 23:53 - 2014-09-09 23:53 - 00000000 ____D () C:\FRST
2014-09-09 23:52 - 2014-09-09 23:51 - 02105344 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2014-09-09 23:51 - 2014-09-09 23:51 - 00000466 _____ () C:\Users\HP\Desktop\defogger_disable.log
2014-09-09 23:51 - 2014-09-09 23:51 - 00000000 _____ () C:\Users\HP\defogger_reenable
2014-09-09 23:51 - 2010-03-31 18:41 - 01452483 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 23:51 - 2010-03-31 15:41 - 00000000 ____D () C:\Users\HP
2014-09-09 23:50 - 2011-06-24 17:56 - 00000000 ____D () C:\Users\HP\AppData\Local\LogMeIn Hamachi
2014-09-09 23:48 - 2014-05-03 12:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 23:48 - 2014-01-14 22:25 - 00001322 _____ () C:\Windows\Tasks\Plus-HD-5.5-updater.job
2014-09-09 23:48 - 2014-01-14 22:25 - 00001272 _____ () C:\Windows\Tasks\Plus-HD-5.5-codedownloader.job
2014-09-09 23:48 - 2014-01-14 22:25 - 00001144 _____ () C:\Windows\Tasks\Plus-HD-5.5-enabler.job
2014-09-09 23:48 - 2014-01-14 22:24 - 00002118 _____ () C:\Windows\Tasks\Plus-HD-5.5-firefoxinstaller.job
2014-09-09 23:48 - 2014-01-14 22:24 - 00002112 _____ () C:\Windows\Tasks\Plus-HD-5.5-chromeinstaller.job
2014-09-09 23:48 - 2010-04-06 23:50 - 00509026 _____ () C:\Windows\setupact.log
2014-09-09 23:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 23:46 - 2014-09-09 23:46 - 00050477 _____ () C:\Users\HP\Desktop\Defogger.exe
2014-09-09 23:43 - 2014-05-03 12:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 23:43 - 2012-04-01 20:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 23:43 - 2011-05-31 19:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 23:41 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 23:41 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 23:38 - 2009-11-14 01:29 - 00833052 _____ () C:\Windows\system32\perfh007.dat
2014-09-09 23:38 - 2009-11-14 01:29 - 00190294 _____ () C:\Windows\system32\perfc007.dat
2014-09-09 23:38 - 2009-07-14 07:13 - 00005370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-09 23:11 - 2014-01-19 23:44 - 00000000 ____D () C:\AdwCleaner
2014-09-09 23:11 - 2010-03-31 18:43 - 00630472 _____ () C:\Windows\PFRO.log
2014-09-09 23:09 - 2012-02-18 19:52 - 00000000 ____D () C:\Users\HP\Downloads\EXE
2014-09-09 22:58 - 2011-08-02 08:47 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555088232-885827233-2013826137-1000UA.job
2014-09-09 22:32 - 2010-04-23 13:46 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9948BC0E-D1B8-4573-B207-DF40C55D8788}
2014-09-09 20:43 - 2011-08-02 08:47 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555088232-885827233-2013826137-1000Core.job
2014-09-09 16:28 - 2011-03-15 13:55 - 00000000 ____D () C:\Users\HP\Documents\Schule
2014-09-09 15:40 - 2013-05-18 15:28 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Spotify
2014-09-09 15:40 - 2010-04-07 12:54 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype
2014-09-09 13:22 - 2013-05-18 15:29 - 00000000 ____D () C:\Users\HP\AppData\Local\Spotify
2014-09-09 11:04 - 2014-09-09 10:53 - 00000000 ____D () C:\Users\HP\AppData\Roaming\.minecraft
2014-09-08 21:28 - 2014-09-08 21:28 - 00274824 _____ () C:\Windows\Minidump\090814-26020-01.dmp
2014-09-08 21:28 - 2010-05-12 09:19 - 00000000 ____D () C:\Windows\Minidump
2014-09-07 10:09 - 2011-03-16 17:07 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-06 20:33 - 2014-09-06 20:33 - 00000550 _____ () C:\Users\Public\Desktop\SRWare Iron.lnk
2014-09-06 20:33 - 2014-09-06 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2014-09-06 20:32 - 2014-09-06 20:32 - 42019725 _____ (SRWare ) C:\Users\HP\Downloads\srware_iron_36.0.1950.0.exe
2014-09-06 16:30 - 2010-04-07 12:54 - 00000000 ____D () C:\ProgramData\Skype
2014-09-06 12:35 - 2014-09-06 12:35 - 00000000 ____D () C:\ProgramData\UyhoSpeks
2014-09-06 10:52 - 2012-10-26 15:05 - 00000000 ____D () C:\Users\HP\Downloads\Mods
2014-09-05 14:54 - 2011-08-02 08:49 - 00002346 _____ () C:\Users\HP\Desktop\Google Chrome.lnk
2014-09-05 14:48 - 2014-09-05 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-05 14:48 - 2014-09-05 14:48 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-08-13 15:46 - 2014-08-13 15:46 - 00000000 ____D () C:\Users\HP\AppData\Local\Adobe
2014-08-12 19:51 - 2014-08-12 19:51 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-12 19:51 - 2014-08-12 19:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-12 19:51 - 2014-08-12 19:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-12 19:51 - 2014-08-12 19:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-12 19:51 - 2013-09-11 10:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-12 19:51 - 2009-11-13 19:21 - 00000000 ____D () C:\Program Files (x86)\Java
Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\AutoRun.exe
C:\Users\HP\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\HP\AppData\Local\Temp\eauninstall.exe
C:\Users\HP\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\HP\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\HP\AppData\Local\Temp\Quarantine.exe
C:\Users\HP\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\HP\AppData\Local\Temp\ubi7DA8.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-07 13:21
==================== End Of Log ============================
--- --- --- --- --- --- --------------------- die Additon Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by HP at 2014-09-09 23:54:16
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G Data InternetSecurity 2011 (Disabled - Up to date) {54ACC2FC-837E-E665-7A92-5352D560D5EF}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Disabled) {6C9743D9-C911-E73D-51CD-FA672BB39294}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Acronis*Disk Director Suite (HKLM-x32\...\{2300EE96-0A41-4FAB-BD03-989EC44577A0}) (Version: 10.0.2161 - Acronis)
Acronis*True*Image*Home (HKLM-x32\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8105 - Acronis)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD USB Filter Driver (HKLM-x32\...\{5271C0D4-24E4-4C3D-A782-C012033FD3CF}) (Version: 1.0.10.84 - Advanced Micro Devices, Inc.)
Anno 1701 - Der Fluch des Drachen (HKLM-x32\...\{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}) (Version: 2.03 - Sunflowers)
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed(R) III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0804.2223.38385 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0804.2223.38385 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0804.2223.38385 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0804.2223.38385 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0804.2223.38385 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0804.2223.38385 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0804.2223.38385 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0804.2223.38385 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help English (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help French (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help German (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0804.2223.38385 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.0804.2223.38385 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2111 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.2111 - CyberLink Corp.) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
EE-ZDE (HKLM-x32\...\{B49C924C-A651-4378-94F6-5D9BF44A959F}) (Version: - )
Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version: - )
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
G Data InternetSecurity 2011 (HKLM-x32\...\{C670480D-10CE-4E2E-929E-EE453EDE6BE2}) (Version: 21.0.0.0 - G Data Software AG)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP 3D DriveGuard (HKLM\...\{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3402 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.1.3402 - Hewlett-Packard) Hidden
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.1.2125 - Hewlett-Packard)
HP MediaSmart Internet TV (x32 Version: 3.1.2125 - Hewlett-Packard) Hidden
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.1.2206 - Hewlett-Packard)
HP MediaSmart Live TV (x32 Version: 3.1.2206 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3405 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3405 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.2207 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 3.1.2207 - Hewlett-Packard) Hidden
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) 6 Update 15 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
Java(TM) SE Development Kit 6 Update 15 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160150}) (Version: 1.6.0.150 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2111 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2111 - CyberLink Corp.) Hidden
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: - EasyBits Software AS)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3311 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3311 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3311 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3311 - CyberLink Corp.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Razer Nostromo (HKLM-x32\...\{0214578F-4888-43FB-9E34-C14FCFDEDDEB}) (Version: 2.02.08 - Razer USA Ltd.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Recovery Manager (x32 Version: 5.5.2202 - CyberLink Corp.) Hidden
Security Task Manager 1.8c (HKLM-x32\...\Security Task Manager) (Version: 1.8c - Neuber Software)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SLOW-PCfighter (HKLM\...\SLOW-PCfighter) (Version: 1.4.95 - SPAMfighter ApS.)
SLOW-PCfighter (Version: 1.4.95 - SPAMfighter ApS) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
SRWare Iron Version SRWare Iron 36.0.1950.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 36.0.1950.0 - SRWare)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
Uniblue SystemTweaker (HKLM-x32\...\{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1) (Version: - Uniblue Systems Ltd)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Toolbar (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2555088232-885827233-2013826137-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2555088232-885827233-2013826137-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2555088232-885827233-2013826137-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2555088232-885827233-2013826137-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0880124E-4937-4932-9D98-AC8B7A2B3A64} - System32\Tasks\{B2D3A34C-86FF-45F7-BC4D-8D388138A2D9} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {0C979265-7CC7-4A13-A721-4DF94FD99B31} - System32\Tasks\{6DD300DC-EC90-40AF-AF83-5CF947A00189} => C:\Sierra\Empire Earth\Empire Earth.exe
Task: {0FD80024-F8F3-411B-8382-AE6296295A66} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {11C60855-9535-40EC-B29E-77ECF80EEE78} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555088232-885827233-2013826137-1000Core => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02] (Google Inc.)
Task: {136204FA-5016-4028-9F2B-A2404DDBA2DB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1A758814-B546-49DF-837B-F5FAB84F732E} - System32\Tasks\{31F0D5AA-327A-493C-8178-82BB7F8CB8B1} => C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.EXE
Task: {1C8C62AB-6A6B-46A0-8452-248A6A19236C} - System32\Tasks\{04D4A287-96C9-413F-BC9F-F827B554A9C7} => C:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\lotrbfme2.exe
Task: {1CB2F6FB-4FE5-40E4-BD3C-0108A35405D7} - System32\Tasks\{D52123DD-D8C0-466F-9C06-83EAF115EC8C} => H:\Support\DrvSetup_x64.exe
Task: {25B083B7-2295-46DE-9000-4AF8D5ECBA8D} - System32\Tasks\Plus-HD-5.5-updater => C:\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-updater.exe
Task: {2D1D8681-1C80-4E98-A6A6-9D40F6DE7655} - System32\Tasks\{743D39DD-A7F9-465D-9034-5AD2C5C2042E} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {384557D7-D099-468F-82A9-9B2101FB211C} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {3F6F6C18-F3B3-43E6-884B-C6839A80A107} - System32\Tasks\{81080432-3C78-4AB7-AF15-076FA7A3E99B} => C:\Sierra\Empire Earth\Empire Earth.exe
Task: {427F9053-EA3A-433D-9154-9E6A2DF3E2D5} - System32\Tasks\{1B6DB235-878E-4189-9634-2110E4E571CE} => C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.EXE
Task: {456D478C-0AEC-4C76-B327-B525C30A70B0} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-10-06] (CL)
Task: {5A35D325-4EFB-4D89-9FB4-B79EE680EFF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-08-19] (Microsoft)
Task: {67A7177E-72D1-4B90-B83B-091688170E93} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555088232-885827233-2013826137-1000UA => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02] (Google Inc.)
Task: {6BB0DD93-986F-458F-88E4-BC1C166100AD} - System32\Tasks\{1889CBBA-87E2-41A7-A257-D0CBB5DFC6FC} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {76DFF63E-5B36-4037-A371-C5EF40B8414B} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {895E588F-F1EF-4B1D-964A-64A210866D07} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-08-19] (Microsoft)
Task: {924DA0B2-4137-4DC8-9ED9-36B0E50C71D4} - System32\Tasks\Plus-HD-5.5-firefoxinstaller => C:\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-firefoxinstaller.exe
Task: {9D02358B-DA82-4EAE-A89A-CEE16A02D99D} - System32\Tasks\{5BF03ACA-D10F-446F-B9AA-060BA0C981A4} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {A8419652-1F96-4279-A4BD-D27BAE0C8263} - System32\Tasks\Plus-HD-5.5-chromeinstaller => C:\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-chromeinstaller.exe
Task: {B29F8B10-A7C0-4354-B98F-89DC91B742E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {B5618F5E-39FF-4286-ADFE-D2D43FB1FD0B} - System32\Tasks\{9A3B6E89-D6A0-47B0-A547-64A6AFC95553} => C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.EXE
Task: {B620DB24-4A9A-437B-AD9E-62E17597F1E6} - System32\Tasks\Plus-HD-5.5-enabler => C:\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-enabler.exe
Task: {B87B6DEF-6FE2-455A-AA35-7F4E405976C8} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-10-06] (CyberLink Corp.)
Task: {BEF35883-0312-4E59-A1C6-06F5F60FA220} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {CF2084D2-37B7-4F4D-852E-EDD02F1AC34A} - System32\Tasks\{8E748638-C9DF-456B-B9E5-71912446AAFD} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {CF55E90B-43C2-47AA-9527-70615924C943} - System32\Tasks\Plus-HD-5.5-codedownloader => C:\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-codedownloader.exe
Task: {D92EB706-FA80-4DDF-9BF4-8CE1C386A3AB} - System32\Tasks\{F7A33FB2-0B5A-4BCB-A428-872307A0081E} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {D99D298F-5E8E-4D72-B674-D565096E3EF3} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-10-06] (CL)
Task: {E10E6777-1A8B-4558-9680-758B0F6C4B9F} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-05] (CyberLink)
Task: {E8EA2483-F194-443E-B3D4-5DCB5E6FC50E} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {EA4ADC4B-94B5-4C25-9606-7DE641E16FAD} - System32\Tasks\{DBC10D2D-315B-40F7-B2E5-C4397E67DA3C} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {ECC7017F-15FD-414C-B4A6-1C669C895931} - System32\Tasks\{AB63DF2A-642E-4E3F-BE16-000D035A8181} => C:\Program Files (x86)\Anno 1701\Anno1701.exe [2007-10-20] (Related Designs Software GmbH)
Task: {F417D375-81F2-42EB-BA17-099D3E82FF9D} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-10-06] (CL)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555088232-885827233-2013826137-1000Core.job => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555088232-885827233-2013826137-1000UA.job => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-5.5-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-5.5-codedownloader.job => C:\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-5.5-enabler.job => C:\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-5.5-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-5.5-updater.job => C:\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-updater.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-05-14 18:36 - 2014-05-15 15:08 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-11-13 18:47 - 2009-07-06 21:20 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-08-22 11:31 - 2013-09-13 13:40 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
2008-04-21 23:27 - 2008-04-21 23:27 - 00498952 _____ () C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2009-07-01 16:44 - 2009-07-01 16:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2009-08-20 12:35 - 2009-08-20 12:35 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2008-04-21 22:43 - 2008-04-21 22:43 - 01336600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
2009-10-05 23:08 - 2009-10-05 23:08 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-09-06 20:33 - 2014-05-26 16:34 - 00870912 _____ () D:\SRWare Iron\libglesv2.dll
2014-09-06 20:33 - 2014-05-26 16:35 - 00128512 _____ () D:\SRWare Iron\libegl.dll
2014-09-06 20:33 - 2014-05-26 16:34 - 00950272 _____ () D:\SRWare Iron\ffmpegsumo.dll
2014-09-09 23:43 - 2014-09-09 23:43 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: avg9emc => 2
MSCONFIG\Services: avg9wd => 2
MSCONFIG\Services: AVKProxy => 2
MSCONFIG\Services: AVKService => 2
MSCONFIG\Services: AVKWCtl => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^phase-6 Reminder.lnk => C:\Windows\pss\phase-6 Reminder.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: AVG9_TRAY => C:\PROGRA~2\AVG\AVG9\avgtray.exe
MSCONFIG\startupreg: G Data AntiVirus Tray Application => C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
MSCONFIG\startupreg: GDFirewallTray => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/09/2014 11:38:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (09/09/2014 11:38:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (09/09/2014 11:38:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (09/09/2014 10:36:14 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).
Error: (09/09/2014 10:31:43 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (09/09/2014 10:30:32 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (09/07/2014 06:58:02 PM) (Source: Google Update) (EventID: 1) (User: HP-PC)
Description: Google Update has encountered a fatal error.
ver=1.3.24.15;lang=de;guid=;is_machine=0;oop=0;upload=0;minidump=C:\Users\HP\AppData\Local\Google\CrashReports\5d5f1700-f2c8-4bd4-bfad-c97a6e1fd3f3.dmp
Error: (09/07/2014 01:28:44 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).
Error: (09/07/2014 01:25:10 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (09/07/2014 01:23:37 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (09/09/2014 11:49:44 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/09/2014 11:48:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Internet Name Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (09/09/2014 11:48:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LiveUpdate" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/09/2014 11:48:16 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (09/09/2014 11:34:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/09/2014 11:33:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Internet Name Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (09/09/2014 11:33:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LiveUpdate" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/09/2014 11:33:13 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (09/09/2014 11:13:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/09/2014 11:12:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Internet Name Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Microsoft Office Sessions:
=========================
Error: (09/09/2014 11:38:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (09/09/2014 11:38:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (09/09/2014 11:38:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (09/09/2014 10:36:14 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422
Error: (09/09/2014 10:31:43 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll2
Error: (09/09/2014 10:30:32 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (09/07/2014 06:58:02 PM) (Source: Google Update) (EventID: 1) (User: HP-PC)
Description: Google Update has encountered a fatal error.
ver=1.3.24.15;lang=de;guid=;is_machine=0;oop=0;upload=0;minidump=C:\Users\HP\AppData\Local\Google\CrashReports\5d5f1700-f2c8-4bd4-bfad-c97a6e1fd3f3.dmp
Error: (09/07/2014 01:28:44 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422
Error: (09/07/2014 01:25:10 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll2
Error: (09/07/2014 01:23:37 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
CodeIntegrity Errors:
===================================
Date: 2011-05-06 23:56:48.697
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-05-06 23:56:48.666
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-05-06 23:56:48.276
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-05-06 23:56:48.260
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-04-30 16:50:02.057
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-04-30 16:50:02.025
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-04-30 16:49:58.188
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-04-30 16:49:58.157
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-04-30 16:40:50.625
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-04-30 16:40:50.593
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD Turion(tm) II Dual-Core Mobile M520
Percentage of memory in use: 33%
Total physical RAM: 4092.2 MB
Available physical RAM: 2736.39 MB
Total Pagefile: 10228.34 MB
Available Pagefile: 8657.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows 7) (Fixed) (Total:93.1 GB) (Free:12.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Dateien) (Fixed) (Total:358.68 GB) (Free:326.61 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:13.78 GB) (Free:2.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 726396AC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=93.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=358.7 GB) - (Type=05)
Partition 4: (Not Active) - (Size=13.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
------------ und die Gmer Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-10 00:04:46
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725050A9A364 rev.PC4OC72E 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\HP\AppData\Local\Temp\pgldipoc.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000191f00 7 bytes [00, A9, F3, FF, 01, B4, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000191f08 3 bytes [00, 07, 02]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077931465 2 bytes [93, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000779314bb 2 bytes [93, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1900] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077931465 2 bytes [93, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1900] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000779314bb 2 bytes [93, 77]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073391a22 2 bytes [39, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073391ad0 2 bytes [39, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073391b08 2 bytes [39, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073391bba 2 bytes [39, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073391bda 2 bytes [39, 73]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [4880:5000] 000007fef0849688
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
P.S: den adwarecleaner habe ich auch schon drüber laufen lassen, aber die logs nicht geschpeichert   |
|
09.09.2014, 23:27
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Fehler bei Windowsstart: RegWvr32 Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zitat:
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
10.09.2014, 10:38
| #3 |
| | Fehler bei Windowsstart: RegWvr32 Hey Cosinus, danke für die schnelle Antwort.
__________________Okay den letzten Log von AdwCleaner habe ich jetzt auch gefunden. Ansonsten haben aber keine Programme etwas gefunden. Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 09/09/2014 um 23:10:58
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzername : HP - HP-PC
# Gestartet von : C:\Users\HP\Downloads\EXE\adwcleaner_3.309.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\Uniblue
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoilcbjfkbdplcfglkiedhefcomondlk
***** [ Tasks ] *****
Task Gelöscht : Re-markit Update
Task Gelöscht : Software Updater
Task Gelöscht : SpeedUpMyPC
Task Gelöscht : spmonitor
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5bcd5754-b620-4fd4-9a71-8b74378a240d}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\etype_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\etype_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\etypesetup_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\etypesetup_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\etypeuninstall_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\etypeuninstall_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\etypeupdate_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\etypeupdate_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{d18f7633-f803-4c11-8cb5-da04054532e8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d18f7633-f803-4c11-8cb5-da04054532e8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d18f7633-f803-4c11-8cb5-da04054532e8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d18f7633-f803-4c11-8cb5-da04054532e8}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markit
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16421
-\\ Mozilla Firefox v3.6.18 (de)
[ Datei : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\nfhafob6.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : aoilcbjfkbdplcfglkiedhefcomondlk
*************************
AdwCleaner[R0].txt - [14476 octets] - [19/01/2014 23:44:19]
AdwCleaner[R1].txt - [1561 octets] - [27/01/2014 18:20:18]
AdwCleaner[R2].txt - [1134 octets] - [04/02/2014 00:05:44]
AdwCleaner[R3].txt - [1258 octets] - [15/02/2014 19:28:12]
AdwCleaner[R4].txt - [1653 octets] - [20/02/2014 19:44:35]
AdwCleaner[R5].txt - [2672 octets] - [14/07/2014 19:53:06]
AdwCleaner[R6].txt - [3757 octets] - [09/09/2014 23:09:21]
AdwCleaner[S0].txt - [13115 octets] - [19/01/2014 23:45:33]
AdwCleaner[S1].txt - [1622 octets] - [27/01/2014 18:21:43]
AdwCleaner[S2].txt - [1196 octets] - [04/02/2014 00:06:53]
AdwCleaner[S3].txt - [1320 octets] - [15/02/2014 19:28:48]
AdwCleaner[S4].txt - [1729 octets] - [20/02/2014 19:45:37]
AdwCleaner[S5].txt - [2742 octets] - [14/07/2014 19:54:23]
AdwCleaner[S6].txt - [3674 octets] - [09/09/2014 23:10:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [3734 octets] ##########
P.S: Könnte sein das mein Virenschutz abgelaufen ist |
|
10.09.2014, 11:10
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fehler bei Windowsstart: RegWvr32 Selbst aktuelle Virenscanner finden neue Schädlinge nicht. Sicherheit durch Virenscanner im Hintergrund ist eine Illusion... Zitat:
SP1 fehlt, IE ist noch auf Version 9, wir sind längst beim IE11!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.09.2014, 11:17
| #5 |
| | Fehler bei Windowsstart: RegWvr32 jaaaa Mhhhhh........ bin grad am aktualisieren...Ich habe das auch gerade erst bemerkt, dass die Updates für Windows wohl deaktiviert sind...Muss mich wohl nicht wundern, dass es jetzt Probleme gibt  *inGrundundBodenschäm* |
|
10.09.2014, 11:35
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fehler bei Windowsstart: RegWvr32 Naja, bitte erstmal KEINE Updates installieren! Das machen wir zum Schluss wenn die Kiste sauber ist! Und GDATA bitte runterschmeißen!
__________________ --> Fehler bei Windowsstart: RegWvr32 |
|
10.09.2014, 11:45
| #7 |
| | Fehler bei Windowsstart: RegWvr32 Okay, verdammt. Die Warnung kam zu spät..  Die Updates sind jetzt schon drauf und GData habe ich gerade deinstalliert. Meldung an mich: nichts mehr ohne Anweisung machen  |
|
10.09.2014, 12:10
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fehler bei Windowsstart: RegWvr32 Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
Linear-Darstellung
