| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Notebook mit Windows Vista wird immer langsamerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.04.2015, 17:06
| #1 |
 |  Notebook mit Windows Vista wird immer langsamer Guten Tag, mein Notebook ist inzwischen extrem langsam geworden, so dass ich mich frage, ob ich mir nicht vielleicht ein paar Schädlinge eingefangen habe. Den CC-Cleaner habe ich schon angewendet, ebenso den Spybot. Mein Problem bei der ganzen Sache ist allerdings, daß ich von Technik so gut wie keine Ahnung habe. Ich bin 74 Jahre alt und mein Enkel, der mir das Notebook gegeben hat und den ich sonst immer fragen konnte, ist zum Austausch in Australien und daher nicht greifbar. Er hat zwar versucht, mir am Telefon zu erklären, was ich tun soll, aber ich hab's nicht so ganz begriffen - leider... Dann meinte er, ich solle mein Problem hier schildern. Das Notebook ist etwa 5 Jahre alt und von Compaq. Folgende Systemdaten habe ich gefunden: Windows Vista. 4 GB RAM. 32 Bit-Betriebssystem. Athlon Dual-Core QL-65 2.10 GHz. Mein Virenscanner ist von Avira und aktualisiert sich selbständig. Ich würde mich sehr freuen, wenn mir jemand weiterhelfen könnte. Allerdings fürchte ich, daß ich allzu technische Begriffe nicht verstehen werde. Es wäre daher schön, wenn die Anleitung sozusagen "Oma-freundlich" wäre... Herzlichen Dank im Voraus!!! Hier nun die in der Anleitung geforderten Daten. Ich hoffe, ich habe die richtigen gefunden: defogger_disable by jpshortstuff (23.02.10.1) Log created at 17:35 on 04/04/2015 (COMPAQ) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by COMPAQ (administrator) on COMPAQ-PC on 04-04-2015 17:49:04 Running from C:\Users\COMPAQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29A3S3VZ Loaded Profiles: COMPAQ (Available profiles: COMPAQ) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\Program Files\SMINST\BLService.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard) HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [hpqSRMon] => [X] HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-21] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-1856033268-2380134389-1329949605-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1856033268-2380134389-1329949605-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1856033268-2380134389-1329949605-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) HKU\S-1-5-21-1856033268-2380134389-1329949605-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd) HKU\S-1-5-21-1856033268-2380134389-1329949605-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe [960688 2015-02-05] (Adobe Systems Incorporated) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb HKU\S-1-5-21-1856033268-2380134389-1329949605-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/ HKU\S-1-5-21-1856033268-2380134389-1329949605-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKLM -> {02BEB76C-FD85-488D-824A-490C9D3C0896} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 SearchScopes: HKLM -> {1893805B-1D90-4ACF-BD58-FA96CA693B42} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de SearchScopes: HKLM -> {F984C8C7-0FB4-4E22-AC3F-507BBA566358} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 SearchScopes: HKU\S-1-5-21-1856033268-2380134389-1329949605-1000 -> DefaultScope F7B7846F6FD142C988F9AAAC5202D175 URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_deDE355 SearchScopes: HKU\S-1-5-21-1856033268-2380134389-1329949605-1000 -> F7B7846F6FD142C988F9AAAC5202D175 URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_deDE355 SearchScopes: HKU\S-1-5-21-1856033268-2380134389-1329949605-1000 -> {02BEB76C-FD85-488D-824A-490C9D3C0896} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 SearchScopes: HKU\S-1-5-21-1856033268-2380134389-1329949605-1000 -> {1893805B-1D90-4ACF-BD58-FA96CA693B42} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de SearchScopes: HKU\S-1-5-21-1856033268-2380134389-1329949605-1000 -> {9122BE4A-A717-4D62-AB26-E01C0BEF14B5} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1856033268-2380134389-1329949605-1000 -> {C4638BAF-ACFB-4A4F-9E4E-D47382F4C43E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=d6c715e3-52b8-4672-ac74-fb52753f9418&apn_sauid=059F45F1-1C47-4892-899D-8775DEDD662B SearchScopes: HKU\S-1-5-21-1856033268-2380134389-1329949605-1000 -> {F984C8C7-0FB4-4E22-AC3F-507BBA566358} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Avira SearchFree Toolbar plus Web Protection -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27] (Hewlett-Packard Co.) Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File Toolbar: HKU\S-1-5-21-1856033268-2380134389-1329949605-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-1856033268-2380134389-1329949605-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1856033268-2380134389-1329949605-1000 -> Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\COMPAQ\AppData\Roaming\Mozilla\Firefox\Profiles\xsafpu49.default-1422819849905 FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF DefaultSearchEngine: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.spiegel.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2008-08-06] (Adobe Systems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-07-17] (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-07-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-07-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-07-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-07-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-07-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-07-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-07-16] (Apple Inc.) FF Extension: WEB.DE MailCheck - C:\Users\COMPAQ\AppData\Roaming\Mozilla\Firefox\Profiles\xsafpu49.default-1422819849905\Extensions\toolbar@web.de [2015-02-01] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-21] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009-09-25] FF HKU\S-1-5-21-1856033268-2380134389-1329949605-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-21] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-21] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG) R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed] R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed] R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] () R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed] S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG) S3 GigasetGenericUSB; C:\Windows\System32\DRIVERS\GigasetGenericUSB.sys [44032 2013-04-25] (Siemens Home and Office Communication Devices GmbH & Co. KG) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-04 17:48 - 2015-04-04 17:49 - 00000000 ____D () C:\FRST 2015-04-04 15:57 - 2015-04-04 15:57 - 00000000 ____D () C:\ProgramData\Gigaset QuickSync 2015-04-04 15:52 - 2015-04-04 15:52 - 00000000 ____D () C:\Users\COMPAQ\AppData\Local\Gigaset_Communications_Gm 2015-04-04 15:50 - 2015-04-04 15:50 - 00000000 ____D () C:\Windows\LastGood 2015-04-04 15:49 - 2015-04-04 15:49 - 00001821 _____ () C:\Users\Public\Desktop\Gigaset QuickSync.lnk 2015-04-04 15:49 - 2015-04-04 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigaset QuickSync 2015-04-04 15:49 - 2015-04-04 15:49 - 00000000 ____D () C:\Program Files\Gigaset QuickSync 2015-04-04 15:43 - 2015-04-04 15:43 - 00000000 ____D () C:\Users\COMPAQ\AppData\Local\Downloaded Installations 2015-03-17 00:18 - 2012-07-13 19:47 - 00443459 _____ () C:\Windows\system32\Drivers\etc\hosts.20150316-231835.backup 2015-03-16 23:50 - 2015-03-16 23:50 - 00000764 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-03-16 23:50 - 2015-03-16 23:50 - 00000000 ____D () C:\Program Files\CCleaner 2015-03-11 21:14 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 21:14 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 21:13 - 2015-02-26 02:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 21:05 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 21:05 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 21:04 - 2015-02-26 04:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-11 21:04 - 2015-02-26 04:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 21:04 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 21:04 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 21:04 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 21:02 - 2015-03-06 06:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 21:01 - 2014-10-13 03:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-03-11 21:00 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 20:17 - 2015-02-21 19:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 20:17 - 2015-02-21 19:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-03-11 20:17 - 2015-02-21 19:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 20:17 - 2015-02-21 19:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 20:17 - 2015-02-21 19:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 20:17 - 2015-02-21 19:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 20:17 - 2015-02-21 19:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 20:17 - 2015-02-21 19:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-03-11 20:17 - 2015-02-21 19:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 20:17 - 2015-02-21 19:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 20:17 - 2015-02-21 19:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-03-11 20:17 - 2015-02-21 19:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 20:17 - 2015-02-21 19:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 20:17 - 2015-02-21 19:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 20:17 - 2015-02-21 19:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 20:17 - 2015-02-21 19:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 20:17 - 2015-02-21 19:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 20:17 - 2015-02-21 19:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 20:17 - 2015-02-21 19:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-03-11 20:17 - 2015-02-21 19:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-03-11 20:17 - 2015-02-21 19:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-03-11 20:17 - 2015-02-21 19:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-04 17:44 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-04 17:44 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-04 17:40 - 2011-01-01 19:00 - 00000000 ____D () C:\Users\COMPAQ\AppData\Roaming\Skype 2015-04-04 17:36 - 2009-09-07 11:58 - 00000000 ____D () C:\Users\COMPAQ 2015-04-04 17:25 - 2012-09-10 22:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-04 16:39 - 2009-09-07 11:13 - 01925059 ____N () C:\Windows\WindowsUpdate.log 2015-04-04 16:36 - 2009-10-17 17:04 - 00000052 _____ () C:\Windows\system32\DOErrors.log 2015-04-04 16:08 - 2009-09-22 20:16 - 00012800 _____ () C:\Users\COMPAQ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-04-04 15:44 - 2006-11-02 12:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-04 15:38 - 2014-11-15 21:06 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job 2015-04-04 15:34 - 2009-09-14 18:58 - 00031966 _____ () C:\ProgramData\nvModes.dat 2015-04-04 15:34 - 2009-09-14 18:58 - 00031966 _____ () C:\ProgramData\nvModes.001 2015-04-04 15:33 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-02 17:43 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-16 23:56 - 2009-09-29 22:07 - 00000000 ____D () C:\Users\COMPAQ\Tracing 2015-03-16 23:56 - 2008-10-26 23:27 - 00000000 ____D () C:\Windows\panther 2015-03-16 23:55 - 2009-09-07 14:30 - 00000000 ____D () C:\Windows\Minidump 2015-03-13 12:27 - 2006-11-02 14:47 - 00355232 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 21:13 - 2013-08-15 14:56 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 21:06 - 2006-11-02 12:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-03-06 20:50 - 2013-03-10 11:00 - 00000000 ____D () C:\Users\COMPAQ\AppData\Local\Deployment 2015-03-05 12:21 - 2012-12-17 14:47 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-05 12:21 - 2012-12-17 14:47 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-05 12:18 - 2014-10-20 11:10 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-05 12:17 - 2012-12-18 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-05 12:17 - 2012-12-17 14:47 - 00000000 ____D () C:\Program Files\Avira ==================== Files in the root of some directories ======= 2012-03-28 22:44 - 2012-03-28 22:44 - 3993600 _____ () C:\Program Files\GUT7C59.tmp 2010-07-16 17:15 - 2010-07-16 17:15 - 0000268 ___RH () C:\Users\COMPAQ\AppData\Roaming\Textures 2010-07-16 17:19 - 2010-07-16 17:19 - 0000268 ___RH () C:\Users\COMPAQ\AppData\Roaming\Track Settings 2009-09-09 17:08 - 2013-12-04 00:36 - 0000392 _____ () C:\Users\COMPAQ\AppData\Roaming\wklnhst.dat 2009-09-07 12:14 - 2009-09-07 12:14 - 0000000 _____ () C:\Users\COMPAQ\AppData\Local\AtStart.txt 2010-03-05 20:53 - 2012-12-15 00:39 - 0007808 _____ () C:\Users\COMPAQ\AppData\Local\d3d9caps.dat 2009-09-22 20:16 - 2015-04-04 16:08 - 0012800 _____ () C:\Users\COMPAQ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-09-07 12:14 - 2009-09-07 12:14 - 0000000 _____ () C:\Users\COMPAQ\AppData\Local\DSwitch.txt 2011-02-10 22:30 - 2014-03-03 20:58 - 0000600 _____ () C:\Users\COMPAQ\AppData\Local\PUTTY.RND 2009-09-07 12:14 - 2009-09-07 12:14 - 0000000 _____ () C:\Users\COMPAQ\AppData\Local\QSwitch.txt 2011-07-25 00:58 - 2011-07-25 00:58 - 0000000 _____ () C:\Users\COMPAQ\AppData\Local\{D41DDEB0-E855-4C54-B9AB-B9F40547BA67} 2009-09-07 11:28 - 2013-03-23 16:40 - 0000248 _____ () C:\ProgramData\hpqp.ini 2009-11-02 12:43 - 2013-05-13 19:55 - 0000021 _____ () C:\ProgramData\hpqp.txt 2009-09-25 19:25 - 2012-02-02 14:52 - 0004978 _____ () C:\ProgramData\hpzinstall.log 2009-09-14 18:58 - 2015-04-04 15:34 - 0031966 _____ () C:\ProgramData\nvModes.001 2009-09-14 18:58 - 2015-04-04 15:34 - 0031966 _____ () C:\ProgramData\nvModes.dat 2010-07-16 17:15 - 2013-03-04 16:04 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT 2010-07-16 17:19 - 2012-09-24 18:43 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT 2010-07-16 17:15 - 2010-07-16 17:15 - 0000268 ___RH () C:\ProgramData\Transportation 2010-07-16 17:19 - 2010-07-16 17:19 - 0000268 ___RH () C:\ProgramData\Tremolo 2010-07-16 17:15 - 2010-07-16 17:15 - 0000012 ___RH () C:\ProgramData\URLs 2010-07-16 17:19 - 2010-07-16 17:19 - 0000012 ___RH () C:\ProgramData\Vocal Transformer 2009-09-07 11:32 - 2009-09-07 11:32 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log 2008-10-26 16:52 - 2008-10-26 16:52 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2009-09-07 11:31 - 2009-09-07 11:31 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log 2008-10-26 16:45 - 2008-10-26 16:46 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2009-09-07 11:29 - 2009-09-07 11:29 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log 2009-09-07 11:32 - 2009-09-07 11:32 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log 2008-10-26 16:43 - 2008-10-26 16:44 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2008-10-26 16:46 - 2008-10-26 16:52 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2009-09-07 11:32 - 2009-09-07 11:33 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log Some content of TEMP: ==================== C:\Users\COMPAQ\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-04 16:10 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015 Ran by COMPAQ at 2015-04-04 17:50:13 Running from C:\Users\COMPAQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29A3S3VZ Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden Adblock Plus für IE (32-Bit) (HKLM\...\{A2C33E25-4A8E-43F7-8998-BBEB690F1AB1}) (Version: 1.3 - Eyeo GmbH) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.) ArcSoft Panorama Maker 4 (HKLM\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version: - ArcSoft) Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros) Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG) Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira) Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-1856033268-2380134389-1329949605-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.45268 - Ask.com) <==== ATTENTION BufferChm (Version: 110.0.180.000 - Hewlett-Packard) Hidden Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform) Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.0.0 - Conexant) CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.) CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.) Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden DJ_AIO_03_F4200_Software (Version: 110.0.238.000 - Hewlett-Packard) Hidden DJ_AIO_03_F4200_Software_Min (Version: 110.0.238.000 - Hewlett-Packard) Hidden DJ_AIO_03_F4220_ProductContext (Version: 110.0.238.000 - Hewlett-Packard) Hidden ElsterFormular (HKLM\...\ElsterFormular 11.4.1.4323) (Version: 11.4.1.4323 - Landesfinanzdirektion Thüringen) ElsterFormular-Upgrade (HKLM\...\ElsterFormular für Privatanwender 12.3.2.6814p) (Version: 14.3.11574 - Landesfinanzdirektion Thüringen) ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden F4200 (Version: 110.0.238.000 - Ihr Firmenname) Hidden F4210_Help (Version: 110.0.238.000 - Hewlett-Packard) Hidden File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.1 - Nikon) Gigaset QuickSync (HKLM\...\{b49e8cfb-f094-4467-925a-97c23972cb50}) (Version: 8.3.0868.3 - Gigaset Communications GmbH) GPBaseService (Version: 110.0.180.000 - Hewlett-Packard) Hidden GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - ) HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard) HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard) HP Customer Participation Program 11.0 (HKLM\...\HPExtendedCapabilities) (Version: 11.0 - HP) HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 (HKLM\...\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}) (Version: 11.0 - HP) HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard) HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard) HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.1.0 - Hewlett-Packard Company) HP Imaging Device Functions 11.0 (HKLM\...\HP Imaging Device Functions) (Version: 11.0 - HP) HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP) HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard) HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.0 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard) HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard) HP User Guides 0118 (HKLM\...\{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}) (Version: 1.00.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard) HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (Version: 110.0.180.000 - Hewlett-Packard) Hidden HPTCSSetup (HKLM\...\{846DDADA-0239-4B67-A6B1-33658863793B}) (Version: 1.1.1963.2799 - Hewlett-Packard Company) Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0926 - CyberLink Corp.) LabelPrint (Version: 2.5.0926 - CyberLink Corp.) Hidden Lager (Version: 1.0.0.0 - Hewlett-Packard) Hidden LightScribe System Software 1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe) MarketResearch (Version: 110.0.180.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 33.1.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCSetup (Version: 1.00.0000 - HP) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) muvee Reveal (HKLM\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd) NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc) Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon) Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.0 - Nikon) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.6 - Nikon) Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.) Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.) PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden PSSWCORE (Version: 2.03.0000 - Hewlett-Packard) Hidden PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime (HKLM\...\{E0D51394-1D45-460A-B62D-383BC4F8B335}) (Version: 7.3.1.70 - Apple Inc.) Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.) Scan (Version: 11.0.0.0 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 11.0 - HP) Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) SmartWebPrinting (Version: 110.0.182.000 - Hewlett-Packard) Hidden SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics) Toolbox (Version: 110.0.180.000 - Hewlett-Packard) Hidden TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden VideoToolkit01 (Version: 110.0.171.000 - Hewlett-Packard) Hidden ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.4.0 - Nikon) Web Launcher (HKU\S-1-5-21-1856033268-2380134389-1329949605-1000\...\fc3ac04dc8eedef7) (Version: 1.0.0.20 - ShowMyPC) WebReg (Version: 110.0.180.000 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live ID-Anmelde-Assistent (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1856033268-2380134389-1329949605-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1856033268-2380134389-1329949605-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1856033268-2380134389-1329949605-1000_Classes\CLSID\{80A95F12-94C2-4B1D-8AE3-F0CBE5E96E85}\InprocServer32 -> C:\Users\COMPAQ\AppData\Local\AskToolbar\Downloaded Program Files\AviraWebSecurityBrowser.dll (Ask.com) CustomCLSID: HKU\S-1-5-21-1856033268-2380134389-1329949605-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1856033268-2380134389-1329949605-1000_Classes\CLSID\{EB959CA4-408B-4465-9CF5-7EBA7B885153}\InprocServer32 -> C:\Users\COMPAQ\AppData\Local\AskToolbar\Downloaded Program Files\AviraSafetyPrivacy.dll (Ask.com) ==================== Restore Points ========================= 30-01-2015 22:12:17 Windows Update 01-02-2015 19:13:23 Installed Adblock Plus for IE (32-bit) 05-02-2015 14:53:51 Windows Update 12-02-2015 15:37:35 Windows Update 12-02-2015 15:58:39 Windows Update 16-02-2015 15:17:20 Windows Update 16-02-2015 15:48:54 Windows Update 20-02-2015 19:17:30 Windows Update 24-02-2015 19:34:39 Windows Update 27-02-2015 19:42:18 Windows Update 03-03-2015 15:48:33 Windows Update 05-03-2015 13:11:32 Geplanter Prüfpunkt 06-03-2015 20:39:08 Windows Update 11-03-2015 20:02:10 Windows Update 11-03-2015 20:58:54 Windows Update 17-03-2015 01:00:55 Geplanter Prüfpunkt 17-03-2015 19:44:24 Windows Update 21-03-2015 18:09:10 Windows Update 27-03-2015 19:18:43 Windows Update 31-03-2015 21:45:50 Windows Update 04-04-2015 15:43:50 Installed Gigaset QuickSync. 04-04-2015 15:59:47 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 12:23 - 2012-07-13 19:47 - 00443459 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {069573E5-2D93-49E5-AE1E-B0FDFD50E00C} - System32\Tasks\{53B1A1CC-B9A7-4F7F-8D2B-ED3D11FC8932} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.156.259/de/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome  ffered-installed;madedefaultTask: {0ECD0360-2D32-4D6F-8CF4-3F401236EDEB} - System32\Tasks\{20BFD99F-D596-4D96-8DB7-F97DB4F9A1B0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.259/en/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered Task: {21F694FE-2A6D-4B2B-A697-15DA44680B37} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd) Task: {2784FBC6-7CDB-423E-A8F1-6ED990FF8D02} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard) Task: {28C3BA5F-E093-459A-8251-2A700D96F18E} - System32\Tasks\{1AE98456-DAD8-4A8E-AE0B-9B41A96CF8A5} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered Task: {2BB980C4-66AD-45CE-AA65-9C28740CBE5F} - System32\Tasks\{2EBC2EB7-BF3D-4F83-B086-2A7C253842B7} => pcalua.exe -a "C:\Users\COMPAQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D650QA4N\msvbvm50[1].exe" -d C:\Users\COMPAQ\Desktop\Desktop Task: {37ECF2E5-4175-4A42-83C8-6FB3605ADBDC} - System32\Tasks\{594F396F-1B8A-4C15-8883-708DE1A5572E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/privacy Task: {3CC5237E-5EF8-43C1-B327-DF3C11F8C05D} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: {3E3376A3-17EA-45A4-A122-65B92B31EFDC} - System32\Tasks\{0E45A6AC-6249-4417-8E9A-FA8F59C5B602} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/eula Task: {5C6E0410-D563-4D33-A139-B19AA9E6556A} - System32\Tasks\{A403AAF8-6BF2-4AA4-9BAE-181E99DF7C0D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.152.259/de/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome ffered-installed;madedefaultTask: {7089947B-2359-4472-8784-8CFB49534457} - System32\Tasks\{CEA72B26-C555-48E2-B25E-4DEFFCD80F70} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.156.259/de/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome ffered-installed;madedefaultTask: {7347E749-993E-4DB4-8D9E-BC81E3244EDA} - System32\Tasks\{E4A09C9B-6AFD-4455-9058-D3E4EF85BE63} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.156.259/de/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar ffered-installed,google-chrome:notoffered;toolbarofferedTask: {8242393F-2DF5-49DC-8F06-9F1F4192A971} - System32\Tasks\{D724DEF5-8284-4D19-A176-B22C73AFD1F1} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.156.259/de/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered Task: {8B0048CE-6320-4537-884F-F40822239591} - System32\Tasks\{8F63F147-4622-4745-9078-7A635D250201} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.156.259/de/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered Task: {966DE398-118A-472C-92C7-17367C4B6A6E} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: {A80BE85D-DBBD-4D6A-803E-F8544CEE71A1} - System32\Tasks\{A3DDBBDF-D5B8-43C5-9D85-5B89D7A053A9} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?page=tsMain Task: {B2D27570-1B75-4983-9C7C-7BEB9FA2A574} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {B9CD596B-8652-4CBE-9D9E-B07EEA450E65} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: {C595BB96-C42B-4304-832A-89F2955AEFCE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {CDB5D68F-55FF-4158-9284-D4A5E7D64042} - System32\Tasks\{36E6A434-A4C2-455D-9E59-243CF0C89458} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.156.259/de/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered Task: {D4F918C4-09E9-4990-BAC0-FCDD0C6ABD59} - System32\Tasks\{6161185A-D5E9-41AC-9CAC-D17E38A806F6} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.156.259/de/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:notoffered;alreadyoffered Task: {DB6F04E1-8CD5-4372-9C61-A7DC5B18D3F1} - System32\Tasks\{9D4CC22C-0D91-48E7-9752-41093BB3C19D} => C:\Program Files\Skype\\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.) Task: {DC44E2FE-D436-4E0E-A2E6-427D8F0336B9} - System32\Tasks\{87010094-4D74-481D-BE13-33B8C56116CD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/eula Task: {DE6C246D-F16E-47DF-A024-85FC3376B725} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - COMPAQ => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {EB32A578-D9F1-422B-8230-7D3FF262B8BC} - System32\Tasks\{0ED92DB1-958D-426D-97B7-E258304BEC31} => pcalua.exe -a E:\setup.exe -d E:\ Task: {F08EABE8-10BF-4684-8E67-05B2EC8CCB2F} - System32\Tasks\{9A2C7FC4-E4F5-48F6-A403-3F8E0ADD7E40} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.156.259/de/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe ==================== Loaded Modules (whitelisted) ============== 2008-10-26 16:59 - 2008-10-06 10:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe 2008-10-26 16:59 - 2008-10-06 10:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll 2008-10-26 16:52 - 2008-09-15 16:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe 2014-11-15 21:04 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-11-15 21:04 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2014-11-15 21:04 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2009-09-07 11:27 - 2008-09-23 17:21 - 00066856 _____ () C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll 2015-02-19 23:40 - 2015-02-19 23:40 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2008-10-26 15:51 - 2008-04-11 10:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1856033268-2380134389-1329949605-1000\Control Panel\Desktop\\Wallpaper -> C:\ALLES, was wir haben\Fotos\2010-12 Argentinien-Fotos Andrea\P1020742.JPG DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: BBSvc => 2 MSCONFIG\Services: BBUpdate => 3 MSCONFIG\Services: GameConsoleService => 3 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: TabletInputService => 2 MSCONFIG\Services: THREADORDER => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" MSCONFIG\startupreg: WEB.DE Update => C:\Program Files\WEB.DE\LiveUpdate\m2LUTray.exe ==================== Accounts: ============================= Administrator (S-1-5-21-1856033268-2380134389-1329949605-500 - Administrator - Disabled) COMPAQ (S-1-5-21-1856033268-2380134389-1329949605-1000 - Administrator - Enabled) => C:\Users\COMPAQ Gast (S-1-5-21-1856033268-2380134389-1329949605-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/04/2015 03:56:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm OUTLOOK.EXE, Version 11.0.8326.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1564 Anfangszeit: 01d06ede78d01ad4 Zeitpunkt der Beendigung: 29 Error: (04/04/2015 03:46:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung ezKidsReady.exe, Version 3.0.0.8, Zeitstempel 0x2a425e19, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x03622944, Prozess-ID 0xb1c, Anwendungsstartzeit ezKidsReady.exe0. Error: (04/04/2015 03:44:33 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm OUTLOOK.EXE, Version 11.0.8326.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: db4 Anfangszeit: 01d06edcee491ca4 Zeitpunkt der Beendigung: 21931 Error: (04/04/2015 03:39:20 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm OUTLOOK.EXE, Version 11.0.8326.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: e44 Anfangszeit: 01d06edc32975674 Zeitpunkt der Beendigung: 33 Error: (03/27/2015 07:14:34 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm iexplore.exe, Version 9.0.8112.16633 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1098 Anfangszeit: 01d068b0edbe40d6 Zeitpunkt der Beendigung: 207 Error: (03/25/2015 01:02:25 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm iexplore.exe, Version 9.0.8112.16633 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 7c0 Anfangszeit: 01d066ea934acd24 Zeitpunkt der Beendigung: 175 Error: (03/25/2015 00:58:07 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm iexplore.exe, Version 9.0.8112.16633 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 16e0 Anfangszeit: 01d066ea6e721f84 Zeitpunkt der Beendigung: 32 Error: (03/18/2015 08:56:29 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\COMPAQ\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012015031820150319> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (03/18/2015 08:56:29 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\COMPAQ\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\DESKTOP.INI> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (03/18/2015 08:48:34 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\COMPAQ\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012015031820150319> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) System errors: ============= Error: (04/04/2015 03:38:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Spybot-S&D 2 Scanner Service%%1053 Error: (04/04/2015 03:38:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Spybot-S&D 2 Scanner Service Error: (04/04/2015 03:37:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: HP CUE DeviceDiscovery Service Error: (04/04/2015 03:34:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Spybot-S&D 2 Scanner Service%%1053 Error: (04/04/2015 03:34:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Spybot-S&D 2 Scanner Service Error: (04/04/2015 03:34:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (04/02/2015 05:42:01 PM) (Source: DCOM) (EventID: 10016) (User: COMPAQ-PC) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}COMPAQ-PCCOMPAQS-1-5-21-1856033268-2380134389-1329949605-1000LocalHost (unter Verwendung von LRPC) Error: (04/02/2015 05:42:01 PM) (Source: DCOM) (EventID: 10016) (User: COMPAQ-PC) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}COMPAQ-PCCOMPAQS-1-5-21-1856033268-2380134389-1329949605-1000LocalHost (unter Verwendung von LRPC) Error: (04/02/2015 04:37:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Spybot-S&D 2 Scanner Service%%1053 Error: (04/02/2015 04:37:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Spybot-S&D 2 Scanner Service Microsoft Office Sessions: ========================= Error: (04/04/2015 03:56:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: OUTLOOK.EXE11.0.8326.0156401d06ede78d01ad429 Error: (04/04/2015 03:46:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ezKidsReady.exe3.0.0.82a425e19unknown0.0.0.000000000c000000503622944b1c01d06edd9eb2dae4 Error: (04/04/2015 03:44:33 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: OUTLOOK.EXE11.0.8326.0db401d06edcee491ca421931 Error: (04/04/2015 03:39:20 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: OUTLOOK.EXE11.0.8326.0e4401d06edc3297567433 Error: (03/27/2015 07:14:34 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.16633109801d068b0edbe40d6207 Error: (03/25/2015 01:02:25 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.166337c001d066ea934acd24175 Error: (03/25/2015 00:58:07 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.1663316e001d066ea6e721f8432 Error: (03/18/2015 08:56:29 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\COMPAQ\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012015031820150319 Error: (03/18/2015 08:56:29 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\COMPAQ\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\DESKTOP.INI Error: (03/18/2015 08:48:34 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\COMPAQ\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012015031820150319 |
| Themen zu Notebook mit Windows Vista wird immer langsamer |
| adware, antivir, antivirus, avira, browser, defender, desktop, device driver, flash player, frage, home, homepage, internet, langsam, launch, mozilla, newtab, object, problem, refresh, registry, rundll, scan, security, services.exe, software, svchost.exe, vista, windows, windows vista |
Baum-Darstellung