Bildschirm flimmert in verschiedenen Farben!

ttom12 · 14.05.2015, 22:38

Hallo guten Abend,

Ich habe ein Problem mit meinem Laptop. Er geht zwar an, melde mich an und dann aber fängt das Bild an Streifen zu zeigen und viele verschiedene Farben, die da nicht sein sollten, oder es wird schwarz und ich kann in beiden Fällen nichts mehr machen, aber an sich ist der laptop trotzdem noch an. Poste die File und würde mich über Hilfe sehr freuen!

Lg Lisa

Code:

ATTFilter

OTL logfile created on: 14.05.2015 22:54:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 79,88% Memory free
4,23 Gb Paging File | 4,00 Gb Available in Paging File | 94,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,35 Gb Total Space | 60,94 Gb Free Space | 27,04% Space Free | Partition Type: NTFS
Drive D: | 7,54 Gb Total Space | 2,22 Gb Free Space | 29,49% Space Free | Partition Type: NTFS
Drive F: | 28,80 Gb Total Space | 13,73 Gb Free Space | 47,66% Space Free | Partition Type: FAT32
 
Computer Name: ROMAN-PC | User Name: hp | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (Util BatBrowse) -- C:\Program Files\BatBrowse\bin\utilBatBrowse.exe File not found
SRV - (LiveUpdate Notice Ex) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE File not found
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.)
SRV - (AvastVBoxSvc) -- C:\Programme\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Avast Software)
SRV - (ZSWTCTAZBTJS) -- C:\Users\hp\AppData\Local\Temp\ZSWTCTAZBTJS.exe (Sysinternals - www.sysinternals.com)
SRV - (MBAMService) -- C:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (Vogel.USBSpider) -- C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe (Verlag Heinrich Vogel in der Springer Transport Media GmbH)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (CodeMeter.exe) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (KMWDSERVICE) -- C:\Programme\Mouse Driver\KMWDSrv.exe (UASSOFT.COM)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (CLSched) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (ASBroker) -- c:\Programme\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (usnjsvc) -- C:\Programme\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ASChannel) -- c:\Programme\Bioscrypt\VeriSoft\Bin\ASChnl.dll (Cognizance Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (Avast Software s.r.o.)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (Avast Software s.r.o.)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (Avast Software s.r.o.)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (Avast Software s.r.o.)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswHwid) -- C:\Windows\System32\drivers\aswHwid.sys ()
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (Avast Software s.r.o.)
DRV - (VBoxAswDrv) -- C:\Programme\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys (Avast Software)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV - (MBAMWebAccessControl) -- C:\Windows\System32\drivers\mwac.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (mv2) -- C:\Windows\System32\drivers\mv2.sys (UVNC BVBA)
DRV - (KMWDFilter) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (dfmirage) -- C:\Windows\System32\drivers\dfmirage.sys (DemoForge, LLC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2087834869-41306806-706425095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-2087834869-41306806-706425095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2087834869-41306806-706425095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2087834869-41306806-706425095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2087834869-41306806-706425095-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-2087834869-41306806-706425095-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-2087834869-41306806-706425095-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2087834869-41306806-706425095-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2087834869-41306806-706425095-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015.05.15 02:15:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.04 13:26:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.04 13:26:23 | 000,000,000 | ---D | M]
 
[2009.10.31 13:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Extensions
[2013.11.05 22:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\tgl3lw7g.default\extensions
[2013.06.09 14:17:19 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\tgl3lw7g.default\extensions\{0aa0c8f1-8479-4867-bf2c-20c9e71eae53}
[2009.10.31 19:51:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\tgl3lw7g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.06.09 14:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\tgl3lw7g.default\extensions\staged
[2013.02.05 21:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TGL3LW7G.DEFAULT\EXTENSIONS\{F9D03C26-0575-497E-821D-F7956D23E0CA}
File not found (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TGL3LW7G.DEFAULT\EXTENSIONS\HELPERBAR@HELPERBAR.COM
 
========== Chrome  ==========
 
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0aa0c8f1-8479-4867-bf2c-20c9e71eae53&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll
CHR - plugin: Application Manager (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: GoogleChromeRemotePlugin (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Wallet = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2015.05.15 03:56:16 | 000,000,855 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-2087834869-41306806-706425095-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\Telekom\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [SpiderService] C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe (Verlag Heinrich Vogel in der Springer Transport Media GmbH)
O4 - HKU\S-1-5-21-2087834869-41306806-706425095-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-2087834869-41306806-706425095-1000..\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] C:\Program Files\Telekom\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-2087834869-41306806-706425095-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-2087834869-41306806-706425095-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-2087834869-41306806-706425095-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-2087834869-41306806-706425095-1000..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2087834869-41306806-706425095-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: Deployer hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11A70BE0-DE2A-45BA-A6D0-5158C6886427}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C22F5D9-E176-4E64-9285-12ED6479DE08}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CF141E4-0D24-464B-A005-573590131AFB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B185506F-767A-4CAB-A7B6-0E658EB4BB48}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2010.04.14 22:54:30 | 000,000,166 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2012.04.03 18:02:42 | 000,000,000 | ---D | M] - F:\Automatisch zu iTunes hinzufügen -- [ FAT32 ]
O33 - MountPoints2\{56446993-e327-11dd-9135-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{56446993-e327-11dd-9135-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{820671ce-2786-11e0-a7f9-001e376a4906}\Shell - "" = AutoRun
O33 - MountPoints2\{820671ce-2786-11e0-a7f9-001e376a4906}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{aa71761d-abdc-11e0-9dc7-001e376a4906}\Shell - "" = AutoRun
O33 - MountPoints2\{aa71761d-abdc-11e0-9dc7-001e376a4906}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e0ee698b-ea0e-11e1-91fc-001e376a4906}\Shell - "" = AutoRun
O33 - MountPoints2\{e0ee698b-ea0e-11e1-91fc-001e376a4906}\Shell\AutoRun\command - "" = F:\SETUP.EXE -autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

cosinus · 14.05.2015, 22:41

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

ttom12 · 14.05.2015, 22:42

Code:

ATTFilter

 
========== Files/Folders - Created Within 30 Days ==========
 
[2015.05.15 04:06:25 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2015.05.15 03:04:51 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015.05.15 02:33:23 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\AVAST Software
[2015.05.15 02:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015.05.15 02:15:25 | 000,057,888 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswTdi.sys
[2015.05.15 02:15:24 | 000,427,992 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswSP.sys
[2015.05.15 02:15:23 | 000,074,976 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2015.05.15 02:15:21 | 000,055,200 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswRdr.sys
[2015.05.15 02:15:18 | 000,787,760 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswSnx.sys
[2015.05.15 02:15:12 | 000,291,312 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\aswBoot.exe
[2015.05.15 02:14:58 | 000,043,112 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr
[2015.05.15 02:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015.05.15 02:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2015.05.15 00:39:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015.05.15 00:17:50 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.05.14 22:22:26 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.05.14 22:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2015.05.14 22:22:06 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015.05.14 22:22:06 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2015.05.14 22:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\ Malwarebytes Anti-Malware 
[2015.05.14 22:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015.05.14 22:12:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015.05.14 22:10:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015.05.14 22:10:46 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2015.05.14 21:24:39 | 000,000,000 | ---D | C] -- C:\FRST
[2015.05.14 21:07:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\hp\AppData\Local\*.tmp files -> C:\Users\hp\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015.05.15 04:05:54 | 000,426,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015.05.15 03:56:16 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2015.05.15 03:05:05 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ROMAN-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
[2015.05.15 02:36:45 | 000,000,680 | ---- | M] () -- C:\Users\hp\AppData\Local\d3d9caps.dat
[2015.05.15 02:16:04 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015.05.15 02:16:03 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2015.05.15 02:15:09 | 000,209,048 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2015.05.15 02:15:09 | 000,057,888 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswTdi.sys
[2015.05.15 02:15:08 | 000,427,992 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswSP.sys
[2015.05.15 02:15:08 | 000,074,976 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2015.05.15 02:15:08 | 000,055,200 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswRdr.sys
[2015.05.15 02:15:08 | 000,049,904 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2015.05.15 02:15:08 | 000,024,144 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2015.05.15 02:14:58 | 000,291,312 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\aswBoot.exe
[2015.05.15 02:14:58 | 000,043,112 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr
[2015.05.15 02:14:43 | 000,787,760 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswSnx.sys
[2015.05.15 00:43:16 | 000,001,035 | ---- | M] () -- C:\Users\hp\Desktop\Search.lnk
[2015.05.15 00:16:55 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2015.05.14 22:53:50 | 000,649,662 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2015.05.14 22:53:50 | 000,621,570 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015.05.14 22:53:50 | 000,136,884 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2015.05.14 22:53:50 | 000,111,906 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015.05.14 22:46:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.05.14 22:22:26 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.05.14 22:22:13 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2015.05.14 22:15:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.05.14 22:13:19 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015.05.14 22:13:19 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015.05.10 14:21:43 | 000,000,000 | ---- | M] () -- C:\Users\hp\AppData\Local\{7FD46037-1682-4D96-8119-B3A1438B79CE}
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\hp\AppData\Local\*.tmp files -> C:\Users\hp\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015.05.15 03:05:05 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ROMAN-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
[2015.05.15 02:16:04 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015.05.15 02:16:03 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2015.05.15 02:15:25 | 000,209,048 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2015.05.15 02:15:24 | 000,049,904 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2015.05.15 02:15:22 | 000,024,144 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2015.05.15 02:14:53 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2015.05.15 00:16:55 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2015.05.14 22:22:13 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2015.05.10 14:21:40 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\{7FD46037-1682-4D96-8119-B3A1438B79CE}
[2015.05.10 13:52:09 | 000,000,680 | ---- | C] () -- C:\Users\hp\AppData\Local\d3d9caps.dat
[2013.12.22 12:35:06 | 000,000,150 | ---- | C] () -- C:\Users\hp\AppData\Roaming\WB.CFG
[2013.11.06 19:56:40 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2010.07.13 18:43:44 | 000,000,102 | ---- | C] () -- C:\Users\hp\AppData\Roaming\wklnhst.dat
[2010.01.25 11:52:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.01.15 12:48:47 | 000,172,258 | ---- | C] () -- C:\Users\hp\AppData\Roaming\nvModes.001
[2009.01.15 12:48:35 | 000,172,258 | ---- | C] () -- C:\Users\hp\AppData\Roaming\nvModes.dat
[2009.01.15 11:02:18 | 000,005,120 | ---- | C] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011.03.20 22:05:33 | 000,039,513 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2087834869-41306806-706425095-1000\$R2OLQ14\l.jpg
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.04.18 18:39:23 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Afcyqu
[2009.01.29 10:17:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PeerNetworking
[2011.04.11 18:37:55 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Reum
[2009.05.10 10:15:36 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Sigel
[2011.01.24 09:14:15 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Telekom
[2011.10.24 19:45:39 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Telekom Internet Manager
[2009.11.21 20:47:50 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Template
[2009.01.26 21:16:27 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vogel Verlag
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.11.27 21:07:26 | 106,469,527 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\渀疽ᴼ“
[2013.11.27 20:26:39 | 106,469,527 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\渀疽ᴼ“
[2013.11.19 20:44:29 | 000,000,000 | ---D | M](C:\ProgramData\?÷?÷0) -- C:\ProgramData\䑈÷䃸÷0
[2013.11.19 20:44:29 | 000,000,000 | ---D | M](C:\ProgramData\?÷?÷0) -- C:\ProgramData\䑈÷䃸÷0
[2013.11.17 12:46:35 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䑈Ǡ䃸Ǡ0
[2013.11.17 12:46:35 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䑈Ǡ䃸Ǡ0
[2013.11.08 19:53:56 | 000,000,000 | ---D | M](C:\ProgramData\?È?È0) -- C:\ProgramData\䑈È䃸È0
[2013.11.08 19:53:56 | 000,000,000 | ---D | M](C:\ProgramData\?È?È0) -- C:\ProgramData\䑈È䃸È0
[2013.11.08 19:52:43 | 103,316,092 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\ᴼ–
[2013.11.08 19:52:43 | 103,316,092 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\ᴼ–
[2013.11.07 20:58:02 | 000,000,000 | ---D | M](C:\ProgramData\?o?o0) -- C:\ProgramData\䑈ǫ䃸ǫ0
[2013.11.07 20:58:02 | 000,000,000 | ---D | M](C:\ProgramData\?o?o0) -- C:\ProgramData\䑈ǫ䃸ǫ0
[2013.11.06 19:56:04 | 000,000,000 | ---D | M](C:\ProgramData\?U?U0) -- C:\ProgramData\䑈Ǔ䃸Ǔ0
[2013.11.06 19:56:04 | 000,000,000 | ---D | M](C:\ProgramData\?U?U0) -- C:\ProgramData\䑈Ǔ䃸Ǔ0
[2013.11.05 22:24:40 | 000,000,000 | ---D | M](C:\ProgramData\?e?e0) -- C:\ProgramData\䑈ė䃸ė0
[2013.11.05 22:24:40 | 000,000,000 | ---D | M](C:\ProgramData\?e?e0) -- C:\ProgramData\䑈ė䃸ė0
[2013.10.30 20:22:07 | 000,000,000 | ---D | M](C:\ProgramData\?±?±0) -- C:\ProgramData\䑈±䃸±0
[2013.10.30 20:22:07 | 000,000,000 | ---D | M](C:\ProgramData\?±?±0) -- C:\ProgramData\䑈±䃸±0
[2013.10.29 19:40:10 | 000,000,000 | ---D | M](C:\ProgramData\?þ?þ0) -- C:\ProgramData\䑈þ䃸þ0
[2013.10.29 19:40:10 | 000,000,000 | ---D | M](C:\ProgramData\?þ?þ0) -- C:\ProgramData\䑈þ䃸þ0
[2013.10.27 21:23:43 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䑈Š䃸Š0
[2013.10.27 21:23:43 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䑈Š䃸Š0
[2013.10.27 19:14:47 | 103,533,600 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\⿬ᓙᴼœ
[2013.10.27 19:14:47 | 103,533,600 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\⿬ᓙᴼœ
[2013.10.24 20:59:55 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䑈ǳ䃸ǳ0
[2013.10.24 20:59:55 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䑈ǳ䃸ǳ0
[2013.10.22 19:12:39 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䑈Ȉ䃸Ȉ0
[2013.10.22 19:12:39 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䑈Ȉ䃸Ȉ0
[2013.10.14 21:50:47 | 000,000,000 | ---D | M](C:\ProgramData\?5?50) -- C:\ProgramData\䑈5䃸50
[2013.10.14 21:50:47 | 000,000,000 | ---D | M](C:\ProgramData\?5?50) -- C:\ProgramData\䑈5䃸50
[2013.10.13 19:58:23 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䑈ǈ䃸ǈ0
[2013.10.13 19:58:23 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䑈ǈ䃸ǈ0
[2013.10.12 17:51:35 | 000,000,000 | ---D | M](C:\ProgramData\?K?K0) -- C:\ProgramData\䑈Ǩ䃸Ǩ0
[2013.10.12 17:51:35 | 000,000,000 | ---D | M](C:\ProgramData\?K?K0) -- C:\ProgramData\䑈Ǩ䃸Ǩ0
[2013.10.12 12:51:25 | 000,000,000 | ---D | M](C:\ProgramData\?E?E0) -- C:\ProgramData\䑈Ē䃸Ē0
[2013.10.12 12:51:25 | 000,000,000 | ---D | M](C:\ProgramData\?E?E0) -- C:\ProgramData\䑈Ē䃸Ē0
[2013.10.08 18:21:30 | 000,000,000 | ---D | M](C:\ProgramData\?A?A0) -- C:\ProgramData\䑈Ă䃸Ă0
[2013.10.08 18:21:30 | 000,000,000 | ---D | M](C:\ProgramData\?A?A0) -- C:\ProgramData\䑈Ă䃸Ă0
[2013.10.07 19:04:24 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䑈ǯ䃸ǯ0
[2013.10.07 19:04:24 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䑈ǯ䃸ǯ0
[2013.10.05 07:54:43 | 000,000,000 | ---D | M](C:\ProgramData\?Ò?Ò0) -- C:\ProgramData\䑈Ò䃸Ò0
[2013.10.05 07:54:43 | 000,000,000 | ---D | M](C:\ProgramData\?Ò?Ò0) -- C:\ProgramData\䑈Ò䃸Ò0
[2013.09.29 16:09:55 | 000,000,000 | ---D | M](C:\ProgramData\?T?T0) -- C:\ProgramData\䑈Ʈ䃸Ʈ0
[2013.09.29 16:09:55 | 000,000,000 | ---D | M](C:\ProgramData\?T?T0) -- C:\ProgramData\䑈Ʈ䃸Ʈ0
[2013.09.29 12:17:16 | 000,000,000 | ---D | M](C:\ProgramData\?z?z0) -- C:\ProgramData\䑈ƶ䃸ƶ0
[2013.09.29 12:17:16 | 000,000,000 | ---D | M](C:\ProgramData\?z?z0) -- C:\ProgramData\䑈ƶ䃸ƶ0
[2013.09.28 15:27:19 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䑈Ǽ䃸Ǽ0
[2013.09.28 15:27:19 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䑈Ǽ䃸Ǽ0
[2013.09.26 15:58:29 | 000,000,000 | ---D | M](C:\ProgramData\?u?u0) -- C:\ProgramData\䑈ǚ䃸ǚ0
[2013.09.26 15:58:29 | 000,000,000 | ---D | M](C:\ProgramData\?u?u0) -- C:\ProgramData\䑈ǚ䃸ǚ0
[2013.09.25 21:52:23 | 000,000,000 | ---D | M](C:\ProgramData\?æ?æ0) -- C:\ProgramData\䑈æ䃸æ0
[2013.09.25 21:52:23 | 000,000,000 | ---D | M](C:\ProgramData\?æ?æ0) -- C:\ProgramData\䑈æ䃸æ0
[2013.09.24 19:44:46 | 000,000,000 | ---D | M](C:\ProgramData\?c?c0) -- C:\ProgramData\䑈ć䃸ć0
[2013.09.24 19:44:46 | 000,000,000 | ---D | M](C:\ProgramData\?c?c0) -- C:\ProgramData\䑈ć䃸ć0
[2013.09.23 19:05:23 | 000,000,000 | ---D | M](C:\ProgramData\?°?°0) -- C:\ProgramData\䑈°䃸°0
[2013.09.23 19:05:23 | 000,000,000 | ---D | M](C:\ProgramData\?°?°0) -- C:\ProgramData\䑈°䃸°0
[2013.09.12 19:08:53 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䑈ȇ䃸ȇ0
[2013.09.12 19:08:53 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䑈ȇ䃸ȇ0
(C:\ProgramData\?z?z0) -- C:\ProgramData\䑈ƶ䃸ƶ0
(C:\ProgramData\?u?u0) -- C:\ProgramData\䑈ǚ䃸ǚ0
(C:\ProgramData\?U?U0) -- C:\ProgramData\䑈Ǔ䃸Ǔ0
(C:\ProgramData\?þ?þ0) -- C:\ProgramData\䑈þ䃸þ0
(C:\ProgramData\?T?T0) -- C:\ProgramData\䑈Ʈ䃸Ʈ0
(C:\ProgramData\?Ò?Ò0) -- C:\ProgramData\䑈Ò䃸Ò0
(C:\ProgramData\?o?o0) -- C:\ProgramData\䑈ǫ䃸ǫ0
(C:\ProgramData\?K?K0) -- C:\ProgramData\䑈Ǩ䃸Ǩ0
(C:\ProgramData\?È?È0) -- C:\ProgramData\䑈È䃸È0
(C:\ProgramData\?E?E0) -- C:\ProgramData\䑈Ē䃸Ē0
(C:\ProgramData\?e?e0) -- C:\ProgramData\䑈ė䃸ė0
(C:\ProgramData\?c?c0) -- C:\ProgramData\䑈ć䃸ć0
(C:\ProgramData\?æ?æ0) -- C:\ProgramData\䑈æ䃸æ0
(C:\ProgramData\?A?A0) -- C:\ProgramData\䑈Ă䃸Ă0
(C:\ProgramData\?5?50) -- C:\ProgramData\䑈5䃸50
(C:\ProgramData\?°?°0) -- C:\ProgramData\䑈°䃸°0
(C:\ProgramData\?÷?÷0) -- C:\ProgramData\䑈÷䃸÷0
(C:\ProgramData\?±?±0) -- C:\ProgramData\䑈±䃸±0
(C:\ProgramData\????0) -- C:\ProgramData\䑈ǯ䃸ǯ0
(C:\ProgramData\????0) -- C:\ProgramData\䑈ǈ䃸ǈ0
(C:\ProgramData\????0) -- C:\ProgramData\䑈Ȉ䃸Ȉ0
(C:\ProgramData\????0) -- C:\ProgramData\䑈ȇ䃸ȇ0
(C:\ProgramData\????0) -- C:\ProgramData\䑈ǳ䃸ǳ0
(C:\ProgramData\????0) -- C:\ProgramData\䑈Ǡ䃸Ǡ0
(C:\ProgramData\????0) -- C:\ProgramData\䑈Ǽ䃸Ǽ0
(C:\ProgramData\????0) -- C:\ProgramData\䑈Š䃸Š0
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

cosinus · 14.05.2015, 22:43

Bitte kein OTL mehr!
Wie kommst du überhaupt auf OTL, das nutzen wir schon lange nicht mehr

ttom12 · 14.05.2015, 22:45

Code:

ATTFilter

OTL Extras logfile created on: 14.05.2015 22:54:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 79,88% Memory free
4,23 Gb Paging File | 4,00 Gb Available in Paging File | 94,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,35 Gb Total Space | 60,94 Gb Free Space | 27,04% Space Free | Partition Type: NTFS
Drive D: | 7,54 Gb Total Space | 2,22 Gb Free Space | 29,49% Space Free | Partition Type: NTFS
Drive F: | 28,80 Gb Total Space | 13,73 Gb Free Space | 47,66% Space Free | Partition Type: FAT32
 
Computer Name: ROMAN-PC | User Name: hp | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2087834869-41306806-706425095-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048EC4B1-7B9B-437D-ACD9-6F0C3128D682}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1D0884F3-BA8D-494E-BA79-CB196138C420}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1DF3BDDD-E2CF-4720-B1F7-D13543F5CF54}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2AA9A8C7-2027-45DF-B42E-6AAFBBE05685}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2B213D14-A65C-46B6-B066-6C1B7843C635}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2B509689-7E74-4E43-89D7-D8A1F88C3443}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{2BA8692D-FCB0-4DD3-A2E0-19E231DC7732}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2E02E9DA-D954-4502-8331-E95B17684843}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2F71D6AB-538D-456F-8F4D-EB6E42CEC0B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{496CF423-FB8D-46B0-A63C-7B49312EC362}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5D5094FD-BC93-425D-9002-C045F1FE74D6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{69FA9359-4FD6-4D79-94A4-4114EDA3DB7D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{70CF4561-E1B3-4FBA-B14C-90523A30E461}" = rport=445 | protocol=6 | dir=out | app=system | 
"{76544880-0E14-4795-8690-7CD119A457EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8201BB12-54D5-462C-9936-82DEE7D4AF12}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{83AE70A8-2B2B-4624-A3D7-98720DC5C269}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{84DA6371-4B4B-4895-ACD5-534A93783944}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{883C697A-E730-4AAE-9981-35C7C807E97D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A1731AD0-8757-48BB-9F18-E192F2D10CE1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A29311A4-8CB9-47C7-A56C-C339A6C6C50B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{ABFBD873-ECEF-4F44-A905-152111FA2731}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AE1EBFCD-3117-4EB4-BDCE-313F967BFDDE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B0521DA2-FCC7-4E60-BCE5-9FD36223CA8F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B469F11E-301D-4A50-832B-A58131370C97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BD65D623-9B21-453A-B488-A27759D41511}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BDF430FD-B21A-4D1C-885C-5555463D2AED}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BECCB79F-00EF-4F88-88CD-4E51344C7518}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C38B8A92-E272-4691-BA2C-EB84F9C7EAB2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C8063DE6-5240-498E-AB58-52DBF402D1F8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DA546AB9-3098-4805-A138-E77E85AD1612}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E8F16498-9DF3-4453-979D-1C5C3F6F7001}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EB6EB3E0-DF7A-452B-965A-548971C6A386}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EF865607-324A-4F83-A40E-B1FA6DB570CE}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AD7DA0-9ED0-47F9-ADBE-954DBFB00220}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{031E2438-B146-4A4E-9F4B-BD1F891AF659}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{04A0DE97-38D6-4854-919C-F1FC34667BE1}" = protocol=17 | dir=in | app=c:\program files\vogel verlag\pc-professional\fsm_winvnc.exe | 
"{05740BE2-72EF-429B-9E5D-2B6FEECA0B28}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{05BDDA5F-4286-4DFC-B442-95E340ADA878}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{061E4FC6-39BD-4A70-ADA1-DF3C8D4467F2}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{068B69BF-2995-4DC9-A386-56D065F78C68}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0D1DA389-1F60-4641-A4C4-46751ABD8F02}" = protocol=17 | dir=in | app=c:\program files\vogel verlag\pc-professional\fsm_winvnc.exe | 
"{0D773D39-B32C-447B-9CC4-A32354C8ECD6}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{13352222-CB9A-4F74-B0B2-1ED6BD48139B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1A9F57E6-5CB8-4076-91B6-80412766B67C}" = protocol=17 | dir=in | app=c:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe | 
"{2371A715-2D00-42B3-BE50-F6311CF55160}" = protocol=6 | dir=in | app=c:\program files\vogel verlag\fahren lernen verwaltung\vogel.fahrenlernenmax.admin.exe | 
"{2E1DB27C-BCA8-466E-9212-CAA1C0EDEC5C}" = protocol=6 | dir=in | app=c:\program files\vogel verlag\pc-professional\fernwartung.exe | 
"{309A8461-DE35-4F96-BA9D-4DF07BD00038}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{366AEAD6-DA18-49EA-A355-6F05F218445B}" = protocol=6 | dir=in | app=c:\program files\vogel verlag\pc-professional\fernwartung.exe | 
"{3AABD80B-337E-4F0D-813A-D7118F789BD3}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{47168574-D071-40AC-9D4D-F2CB875D16DC}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{4F1A15C6-14B4-4776-9EE5-90854AB95751}" = protocol=6 | dir=in | app=c:\program files\vogel verlag\pc-professional\fsm_winvnc.exe | 
"{5405AEAF-96EA-4A19-81C5-3B2BD989F470}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5CB3601E-4303-4859-BBCD-198C6E2FABF5}" = protocol=17 | dir=in | app=c:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe | 
"{62880775-348C-4D0A-B8C5-68FC74B6D00C}" = protocol=17 | dir=in | app=c:\program files\vogel verlag\fahren lernen verwaltung\vogel.fahrenlernenmax.admin.exe | 
"{663E77E6-59D9-45E9-A3F5-DB2D6EA3298C}" = protocol=17 | dir=in | app=c:\program files\vogel verlag\pc-professional\pc_professional.exe | 
"{67C0D799-9A12-4798-ACAF-6487F55C684F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6BF6E91B-D3CA-4849-972C-C97B97D22447}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6CF09865-16E8-4D90-93A6-55020D7F2443}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{6FFD73E5-A029-4EC2-AD3C-B7A38BF62F27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7169267E-6CB3-456E-BCE0-540E67EFF381}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7634ADE5-DE5C-48CA-B166-94911CBD3E27}" = protocol=6 | dir=in | app=c:\program files\vogel verlag\pc-professional\pc_professional.exe | 
"{78E51E29-DC1E-41E9-B9C8-B7E78758C101}" = protocol=6 | dir=in | app=c:\program files\vogel verlag\pc-professional\pc_professional.exe | 
"{7BA80829-DAEF-48CC-90EB-88C8E8DB3603}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{7EBDCEDB-3F52-4967-B9F1-635E2B4F366B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{823814E8-50BE-4495-83E6-0F4BF0E62763}" = protocol=17 | dir=in | app=c:\program files\vogel verlag\pc-professional\fernwartung.exe | 
"{84A6B385-7143-42FC-8CE0-893372F40F71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{88711B07-9086-4443-ADE0-7C01EFCF5D81}" = protocol=17 | dir=in | app=c:\program files\vogel verlag\fahren lernen verwaltung\vogel.fahrenlernenmax.admin.exe | 
"{908429A4-4E2A-44A3-B1FF-60B6B1307594}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{9A4BE4E0-6660-4163-B282-3B3B3C9E5DDD}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{A6790671-C896-495F-A8E2-A9952EFD431E}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{A6BE6B39-57A0-4DF2-9B49-4EDBAB89DFFF}" = protocol=6 | dir=in | app=c:\program files\vogel verlag\fahren lernen verwaltung\vogel.fahrenlernenmax.admin.exe | 
"{A9DF8B6C-4950-4DB4-96D1-E9B0F45E75BD}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{B4911FB6-2F9A-4F89-8149-E90FF5CD829C}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{B6F833CC-8FF0-438B-A6C0-73DA28D8DDFC}" = protocol=6 | dir=in | app=c:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe | 
"{BC1B1361-C492-4FB9-B7AA-280429BA44A7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C49042FD-0CB2-4AD2-9420-685F12AA14E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D243203B-5D8C-4C0D-B3EA-33E9AD6724DC}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{D255B24A-80D0-4962-9082-2F1A33E8376A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D5D2C593-7C37-4852-8635-C9460666493D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D6B33A5A-2C18-42AF-8221-BCD378312417}" = protocol=6 | dir=in | app=c:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe | 
"{D6FDF186-2C86-49F1-9F88-6ECD28864EE9}" = protocol=17 | dir=in | app=c:\program files\vogel verlag\pc-professional\fernwartung.exe | 
"{DF30A205-732C-458A-9107-571894027560}" = protocol=17 | dir=in | app=c:\program files\vogel verlag\pc-professional\pc_professional.exe | 
"{E36A9C37-40FE-466D-AF45-0DA902F6240A}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{E8D70A83-D6DA-46E6-9E98-65313E129BF8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{EB89D978-7A63-4CA1-BFDB-3F459F389C4E}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{F0C5310B-AAF2-442B-A283-CEA8070B8393}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F451DF2B-2F11-43FA-95E5-91068CD1A62F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F772C099-2565-4888-A7E6-F554D0AD0418}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{F8C53B59-2100-4584-96F2-B56478AA776A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F920AB3D-52A9-49B0-9508-0EEB2265C4A6}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{FEDEA407-751F-42D0-AF9C-00FCC82EF4A0}" = protocol=6 | dir=in | app=c:\program files\vogel verlag\pc-professional\fsm_winvnc.exe | 
"TCP Query User{08C6CC39-A699-415F-8388-AED3E290C51E}C:\drisc\programme\fsm_winvnc.exe" = protocol=6 | dir=in | app=c:\drisc\programme\fsm_winvnc.exe | 
"TCP Query User{4748B723-092A-400A-A6EC-E375B81F1BDF}C:\drisc\programme\fsm_winvnc.exe" = protocol=6 | dir=in | app=c:\drisc\programme\fsm_winvnc.exe | 
"TCP Query User{6088709B-8FB8-41D9-83A2-C11CCD59DB7F}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{7203B5F9-EAB8-49EA-8468-69823F4E30F2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{7C51C5EB-8D0F-465B-A35E-BDA29B71217B}C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe" = protocol=6 | dir=in | app=c:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe | 
"TCP Query User{8E02DC7C-DE75-421C-BECF-5978BE26F742}C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe" = protocol=6 | dir=in | app=c:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe | 
"TCP Query User{9A3A58F3-A466-494C-84B7-A5700BAE3D19}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{C17A2C84-F259-414A-AE05-9C7E8414CF6A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{C5801744-471B-488C-BE91-103B901C8BFB}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"TCP Query User{DAFD5ACD-4E46-40FF-A64A-DB202CB68AB3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{27084DFB-F357-49E6-B814-381DC98EA5BA}C:\drisc\programme\fsm_winvnc.exe" = protocol=17 | dir=in | app=c:\drisc\programme\fsm_winvnc.exe | 
"UDP Query User{4CB27430-1891-4735-BB8B-39DA6918DFB5}C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe" = protocol=17 | dir=in | app=c:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe | 
"UDP Query User{52468090-D9DA-463D-B934-4EABC238E1A6}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{6531FBF9-BF11-43E2-AB70-7222518AECB0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{7BBAD1D6-CAEE-458A-B1F4-2217274BF4AB}C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe" = protocol=17 | dir=in | app=c:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe | 
"UDP Query User{841514AF-F047-4366-B599-285576448BB2}C:\drisc\programme\fsm_winvnc.exe" = protocol=17 | dir=in | app=c:\drisc\programme\fsm_winvnc.exe | 
"UDP Query User{9499FEDD-34AC-41F4-9485-DF7EE079F8DE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{9DA453AB-F5F1-4FE3-AC42-7D19C62A611A}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{AAC3A01D-0AA2-404D-A899-C111E99A70BE}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"UDP Query User{E2970C9F-6304-4276-82AC-F96060B80771}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F4B50E-C3B4-4E41-8334-042DF54A0AB3}_is1" = PC-Professional Klasse A 2011
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0ABA40AF-288D-41F1-B735-C5155692CD7D}" = VeriSoft Access Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{108DF49C-3AB4-4A7D-B6FD-8B6286B317FA}" = CodeMeter Tools Merge Module
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2D9D5712-150B-4826-BFF3-07E4C4EBEBE6}_is1" = PC-Professional Modul Weiterbildung LKW: Schaltstelle Fahrer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30ABD2DC-8B23-4BB2-84AD-DF8DCFF2B75D}" = Brother HL-2035
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3D86163C-6E2A-4C00-A7C0-FB794D6BF476}" = CodeMeter Runtime Kit v4.20a
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"{5AB56552-6938-4686-9F87-DB0ED8D1E06B}" = HP User Guides 0056
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68E9010A-98DF-44B0-A7AB-3CE36ACA5263}_is1" = PC-Professional Klasse D 2011
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{7339E5F7-32DE-45CD-995E-A795494A4082}_is1" = FahrenLernenSync 1.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{776CCBE6-CB5F-4CCB-B364-5937CA2AB0F0}_is1" = PC-Professional
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{791E2D38-210B-4622-8C57-512520D9F4EF}_is1" = PC-Professional Klasse B 2011
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8CC5F040-44F2-4FB7-9720-47F53F96D180}" = MSCU for Microsoft Vista
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU)
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A961A077-4BD0-4C98-86BC-EE4A98CE550D}" = CodeMeter Runtime Merge Module (Win32)
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B61B6668-A674-4A06-8405-51944D5CCDDD}" = AuthenTec Fingerprint Sensor Minimum Install
"{B76A76EB-BCCA-4625-9C4C-1FFAE19E4772}" = ESU for Microsoft Vista
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C53E8248-AB7C-41EA-98E3-BF54B0559AC3}_is1" = Fahrschulmanager 9.2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0CAA2F0-A08E-42DD-815F-1691A684D39E}_is1" = PC-Professional Klasse C 2011
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe  1.6.43.1
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA863E91-B793-4D1B-BF04-97DB395E74C5}_is1" = Fahren Lernen Verwaltung 1.5
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3F84B3D0CF7723323F1B217C178C4C4BDC5BA436" = Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/11/2009 2.0.0010.00002)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Avast" = Avast Free Antivirus
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"foxtab" = Foxtab
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.1.6.1022
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mirage Driver_is1" = Mirage Driver 1.1
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"NVIDIA Drivers" = NVIDIA Drivers
"Sigel Label- und Barcode Software" = Sigel Label- und Barcode Software
"SmartAudio" = SmartAudio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Telekom Internet Manager" = Telekom Internet Manager
"UltraVNC VideoDriver_is1" = UltraVNC VideoDriver
"WinRAR archiver" = WinRAR 5.10 (32-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2087834869-41306806-706425095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{665f828d-0390-4867-8e22-03a531074fc2}" = Linkury Smartbar Engine
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.05.2015 21:58:38 | Computer Name = Roman-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 14.05.2015 21:58:38 | Computer Name = Roman-PC | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
 ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.  
 
Error - 14.05.2015 22:00:02 | Computer Name = Roman-PC | Source = LoadPerf | ID = 3009
Description = 
 
Error - 14.05.2015 15:12:46 | Computer Name = Roman-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AsGHost.exe, Version 2.5.0.57, Zeitstempel 0x45c99c4a,
 fehlerhaftes Modul ItVCard.dll, Version 1.1.0.173, Zeitstempel 0x45a756c6, Ausnahmecode
 0xc0000005, Fehleroffset 0x00010412,  Prozess-ID 0x90c, Anwendungsstartzeit 01d08e79f068a13d.
 
Error - 14.05.2015 15:59:30 | Computer Name = Roman-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 14.05.2015 16:00:14 | Computer Name = Roman-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\HitmanPro_x64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.05.2015 16:21:05 | Computer Name = Roman-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 14.05.2015 16:21:39 | Computer Name = Roman-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\HitmanPro_x64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.05.2015 16:47:42 | Computer Name = Roman-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 14.05.2015 16:52:42 | Computer Name = Roman-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\HitmanPro_x64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Media Center Events ]
Error - 21.06.2009 14:43:03 | Computer Name = Roman-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
[ System Events ]
Error - 14.05.2015 16:48:09 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 14.05.2015 16:48:09 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 14.05.2015 16:48:09 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 14.05.2015 16:48:09 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 14.05.2015 16:48:09 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 14.05.2015 16:48:09 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 14.05.2015 16:48:09 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 14.05.2015 16:48:24 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 14.05.2015 16:48:35 | Computer Name = Roman-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.05.2015 16:48:41 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7001
Description = 
 
[ VeriSoft Events ]
Error - 22.11.2011 13:38:01 | Computer Name = Roman-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Roman@Roman-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 23.01.2012 11:51:35 | Computer Name = Roman-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: hp@HP-PC Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 23.01.2012 11:51:52 | Computer Name = Roman-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Roman@Roman-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 23.01.2012 11:58:14 | Computer Name = Roman-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Roman@Roman-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 24.01.2012 04:06:08 | Computer Name = Roman-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Roman@Roman-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 14.02.2012 18:18:43 | Computer Name = Roman-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Roman@Roman-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 12.08.2013 12:27:57 | Computer Name = Roman-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Roman@Roman-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 12.08.2013 12:28:03 | Computer Name = Roman-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Roman@Roman-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 27.04.2014 05:54:40 | Computer Name = Roman-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Roman@Roman-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 14.05.2015 18:45:11 | Computer Name = Roman-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Roman@Roman-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
 
< End of report >

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2015 01
Ran by hp (administrator) on ROMAN-PC on 14-05-2015 22:05:34
Running from F:\
Loaded Profiles: hp (Available profiles: hp & Roman)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\HelpPane.exe
(Trend Micro Inc.) F:\HijackThis.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SpiderService] => C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe [324096 2011-10-11] (Verlag Heinrich Vogel in der Springer Transport Media GmbH)
HKLM\...\Run: [DataCardMonitor] => C:\Program Files\Telekom\InternetManager_H\DataCardMonitor.exe [253952 2011-01-24] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [KMCONFIG] => C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-15] (Avast Software s.r.o.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] => C:\Program Files\Telekom\InternetManager_H\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-10-30] (Samsung Electronics)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [29833 2015-05-15] ()
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\MountPoints2: {56446993-e327-11dd-9135-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\MountPoints2: {820671ce-2786-11e0-a7f9-001e376a4906} - F:\AutoRun.exe
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\MountPoints2: {aa71761d-abdc-11e0-9dc7-001e376a4906} - F:\AutoRun.exe
HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\MountPoints2: {e0ee698b-ea0e-11e1-91fc-001e376a4906} - F:\SETUP.EXE -autorun
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2009-02-16]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2009-02-17]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-15] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2087834869-41306806-706425095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Clips -> {053F9267-DC04-4294-A72C-58F732D338C0} -> C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02] (Hewlett-Packard Co.)
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-25] (Sun Microsystems, Inc.)
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-15] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar1.dll [2007-08-20] (Google Germany GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-25] (Sun Microsystems, Inc.)
BHO: VeriSoft Access Manager -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll [2006-11-21] (Bioscrypt Inc.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2007-08-20] (Google Germany GmbH)
Toolbar: HKU\.DEFAULT -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2007-08-20] (Google Germany GmbH)
Toolbar: HKU\S-1-5-21-2087834869-41306806-706425095-1000 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2007-08-20] (Google Germany GmbH)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll [2007-01-19] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll [2007-01-19] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2011-12-02] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2011-12-21] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-01-04] (Apple Inc.)
FF Extension: Linkury Smartbar - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\Extensions\{0aa0c8f1-8479-4867-bf2c-20c9e71eae53} [2013-06-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-10-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-15]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [Not Found]
FF Extension: No Name - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\extensions\helperbar@helperbar.com [Not Found]
FF Extension: No Name - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASBroker; c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
S2 ASChannel; c:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll [131584 2006-06-22] (Cognizance Corporation) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-15] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-15] (Avast Software)
S2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243 2007-04-24] () [File not signed]
S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [106593 2007-04-24] () [File not signed]
S2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2067344 2010-06-30] (WIBU-SYSTEMS AG)
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-01-09] (Hewlett-Packard Development Company, L.P.) [File not signed]
S2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] () [File not signed]
S2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-02-05] (Teruten) [File not signed]
S2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed]
S2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 KMWDSERVICE; C:\Program Files\Mouse Driver\KMWDSrv.exe [208896 2008-03-29] (UASSOFT.COM) [File not signed]
S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-02-12] (Sonic Solutions) [File not signed]
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S2 Vogel.USBSpider; C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe [324096 2011-10-11] (Verlag Heinrich Vogel in der Springer Transport Media GmbH) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S3 ZSWTCTAZBTJS; C:\Users\hp\AppData\Local\Temp\ZSWTCTAZBTJS.exe [486272 2015-05-14] (Sysinternals - www.sysinternals.com) [File not signed]
S4 AntiVirWebService; "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S2 bonanzadealslive; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe /svc [X]
S3 bonanzadealslivem; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe /medsvc [X]
S2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S2 Update BatBrowse; "C:\Program Files\BatBrowse\updateBatBrowse.exe" [X]
S2 Util BatBrowse; "C:\Program Files\BatBrowse\bin\utilBatBrowse.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-15] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-15] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-05-15] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-15] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-15] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-15] (Avast Software s.r.o.)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-05-15] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-15] ()
S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140424 2007-03-28] (AuthenTec, Inc.)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [13184 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [31896 2005-11-25] (DemoForge, LLC)
S1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [160768 2007-04-12] (Conexant Systems Inc.)
S3 KMWDFilter; C:\Windows\System32\Drivers\KMWDFilter.SYS [17024 2008-03-22] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 mv2; C:\Windows\System32\DRIVERS\mv2.sys [11712 2008-10-05] (UVNC BVBA)
S1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [24192 2009-12-15] (Bytemobile, Inc.) [File not signed]
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-15] (Avast Software)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [113664 2009-12-08] (Huawei Technologies Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 03:05 - 2015-05-15 03:05 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ROMAN-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-05-15 03:04 - 2015-05-15 03:04 - 00000000 ____D () C:\RegBackup
2015-05-15 02:33 - 2015-05-15 02:33 - 00000000 ____D () C:\Users\hp\AppData\Roaming\AVAST Software
2015-05-15 02:16 - 2015-05-15 02:16 - 00001829 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-15 02:16 - 2015-05-15 02:16 - 00000350 _____ () C:\Windows\Tasks\avast! Emergency Update.job
2015-05-15 02:16 - 2015-05-15 02:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-15 02:15 - 2015-05-15 02:15 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-15 02:15 - 2015-05-15 02:15 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-15 02:15 - 2015-05-15 02:14 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-15 02:15 - 2015-05-15 02:14 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-15 02:14 - 2015-05-15 02:14 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-15 02:14 - 2014-02-11 20:00 - 00000426 _____ () C:\AVScanner.ini
2015-05-15 02:13 - 2015-05-15 02:13 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-15 02:11 - 2015-05-15 02:12 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-15 00:39 - 2015-05-15 01:57 - 00000000 ____D () C:\AdwCleaner
2015-05-15 00:17 - 2015-05-15 00:20 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-15 00:16 - 2015-05-15 00:16 - 00000820 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2015-05-15 00:16 - 2015-05-15 00:16 - 00000814 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2015-05-14 21:53 - 2015-05-14 21:54 - 00000000 ____D () C:\Program Files\GUMDD72.tmp
2015-05-14 21:53 - 2015-05-14 21:53 - 06103040 _____ () C:\Program Files\GUTDDB2.tmp
2015-05-14 21:24 - 2015-05-14 22:05 - 00000000 ____D () C:\FRST
2015-05-10 14:21 - 2015-05-10 14:21 - 00000000 _____ () C:\Users\hp\AppData\Local\BIT78AB.tmp
2015-05-10 14:21 - 2015-05-10 14:21 - 00000000 _____ () C:\Users\hp\AppData\Local\{7FD46037-1682-4D96-8119-B3A1438B79CE}
2015-05-10 13:52 - 2015-05-15 02:36 - 00000680 _____ () C:\Users\hp\AppData\Local\d3d9caps.dat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 04:05 - 2007-08-20 11:11 - 00000000 ____D () C:\Windows\SMINST
2015-05-15 04:05 - 2006-11-02 14:47 - 00426712 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-15 04:04 - 2012-02-02 20:04 - 00112646 _____ () C:\Windows\PFRO.log
2015-05-15 02:15 - 2011-02-10 21:04 - 00000000 ____D () C:\ProgramData\Avira
2015-05-15 02:14 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-05-15 00:44 - 2010-11-04 19:41 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-15 00:43 - 2013-06-09 14:18 - 00001065 _____ () C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-05-15 00:43 - 2013-06-09 14:18 - 00001035 _____ () C:\Users\hp\Desktop\Search.lnk
2015-05-15 00:16 - 2010-11-04 19:41 - 00000000 ____D () C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-15 00:16 - 2010-11-04 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-14 22:01 - 2006-11-02 12:33 - 01539966 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 21:54 - 2010-09-08 13:24 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-14 21:53 - 2011-11-22 19:38 - 00020267 _____ () C:\Windows\setupact.log
2015-05-14 21:50 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 21:50 - 2006-11-02 14:47 - 00003168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 21:50 - 2006-11-02 14:47 - 00003168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 21:50 - 2006-11-02 14:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-05-14 21:41 - 2006-11-02 15:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-10 15:43 - 2009-01-21 13:49 - 00000000 ____D () C:\Users\Roman
2015-05-10 15:43 - 2006-11-02 12:22 - 63176704 _____ () C:\Windows\system32\config\software_previous
2015-05-10 15:42 - 2013-11-05 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-10 15:42 - 2013-03-04 21:59 - 00000000 ___RD () C:\Program Files\Skype
2015-05-10 15:42 - 2011-08-13 16:38 - 00000000 ____D () C:\Users\hp\AppData\Roaming\Telekom Internet Manager
2015-05-10 15:42 - 2010-09-08 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-10 15:42 - 2009-01-15 10:23 - 00000000 ____D () C:\Users\hp
2015-05-10 15:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2015-05-10 15:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-05-10 15:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2015-05-10 15:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-10 15:41 - 2013-11-05 23:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-05-10 15:41 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-05-10 15:41 - 2006-11-02 12:22 - 28311552 _____ () C:\Windows\system32\config\system_previous
2015-05-10 14:21 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-05-10 14:20 - 2009-01-15 17:52 - 01854642 _____ () C:\Windows\WindowsUpdate.log
2015-05-10 14:11 - 2006-11-02 12:22 - 39583744 _____ () C:\Windows\system32\config\components_previous
2015-05-10 14:11 - 2006-11-02 12:22 - 00786432 _____ () C:\Windows\system32\config\default_previous
2015-05-10 14:11 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-05-10 12:46 - 2011-02-10 09:58 - 00000000 ____D () C:\Windows\Minidump

==================== Files in the root of some directories =======

2015-05-14 21:53 - 2015-05-14 21:53 - 6103040 _____ () C:\Program Files\GUTDDB2.tmp
2009-01-15 12:48 - 2014-04-27 13:52 - 0172258 _____ () C:\Users\hp\AppData\Roaming\nvModes.001
2009-01-15 12:48 - 2010-07-10 01:18 - 0172258 _____ () C:\Users\hp\AppData\Roaming\nvModes.dat
2013-12-22 12:35 - 2014-03-02 20:36 - 0000150 _____ () C:\Users\hp\AppData\Roaming\WB.CFG
2010-07-13 18:43 - 2011-07-17 22:30 - 0000102 _____ () C:\Users\hp\AppData\Roaming\wklnhst.dat
2009-01-15 10:40 - 2009-01-15 10:40 - 0000000 _____ () C:\Users\hp\AppData\Local\AtStart.txt
2015-05-10 14:21 - 2015-05-10 14:21 - 0000000 _____ () C:\Users\hp\AppData\Local\BIT78AB.tmp
2015-05-10 13:52 - 2015-05-15 02:36 - 0000680 _____ () C:\Users\hp\AppData\Local\d3d9caps.dat
2009-01-15 11:02 - 2011-09-27 00:07 - 0005120 _____ () C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-01-15 10:40 - 2009-01-15 10:40 - 0000000 _____ () C:\Users\hp\AppData\Local\DSwitch.txt
2009-01-15 12:48 - 2009-01-16 14:47 - 0000000 _____ () C:\Users\hp\AppData\Local\FnF4.txt
2009-01-15 10:40 - 2009-01-15 10:40 - 0000000 _____ () C:\Users\hp\AppData\Local\QSwitch.txt
2015-05-10 14:21 - 2015-05-10 14:21 - 0000000 _____ () C:\Users\hp\AppData\Local\{7FD46037-1682-4D96-8119-B3A1438B79CE}
2007-08-20 11:01 - 2009-01-23 19:38 - 0001541 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\hp\AppData\Local\Temp\avgnt.exe
C:\Users\hp\AppData\Local\Temp\ZSWTCTAZBTJS.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 21:34

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-05-2015 01
Ran by hp at 2015-05-14 21:26:39
Running from F:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2087834869-41306806-706425095-500 - Administrator - Disabled)
Gast (S-1-5-21-2087834869-41306806-706425095-501 - Limited - Enabled)
hp (S-1-5-21-2087834869-41306806-706425095-1000 - Administrator - Enabled) => C:\Users\hp
Roman (S-1-5-21-2087834869-41306806-706425095-1001 - Administrator - Enabled) => C:\Users\Roman

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.3.183.11 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader 8 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A80000000002}) (Version: 8.0.0 - Adobe Systems Incorporated)
Age of Mythology (HKLM\...\Age of Mythology 1.0) (Version:  - )
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.7.0.62 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2035 (HKLM\...\{30ABD2DC-8B23-4BB2-84AD-DF8DCFF2B75D}) (Version: 1.00 - Brother)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.03 - Piriform)
CodeMeter Runtime Kit v4.20a (HKLM\...\{3D86163C-6E2A-4C00-A7C0-FB794D6BF476}) (Version: 4.20.282.501 - WIBU-SYSTEMS AG)
CodeMeter Runtime Merge Module (Win32) (Version: 4.10.235.503 - Alexander Schmitt) Hidden
CodeMeter Tools Merge Module (Version: 4.10.235.503 - Marc Beissmann) Hidden
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: 4.18.0.0 - Conexant)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 90.0.205.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Schlacht um Mittelerde™ II (HKLM\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
DJ_AIO_ProductContext (Version: 90.0.236.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
ESU for Microsoft Vista (HKLM\...\{B76A76EB-BCCA-4625-9C4C-1FFAE19E4772}) (Version: 2.0.5.1 - Hewlett-Packard)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100 (Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_doccd (Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_Help (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Fahren Lernen Verwaltung 1.5 (HKLM\...\{EA863E91-B793-4D1B-BF04-97DB395E74C5}_is1) (Version:  - Verlag Heinrich Vogel - Springer Transport Media GmbH)
FahrenLernenSync 1.5 (HKLM\...\{7339E5F7-32DE-45CD-995E-A795494A4082}_is1) (Version:  - Verlag Heinrich Vogel - Springer Transport Media GmbH)
Fahrschulmanager 9.2 (HKLM\...\{C53E8248-AB7C-41EA-98E3-BF54B0559AC3}_is1) (Version:  - Springer Fachmedien München GmbH - Verlag Heinrich Vogel)
ffdshow v1.1.3562 [2010-09-07] (HKLM\...\ffdshow_is1) (Version: 1.1.3562.0 - )
Foxtab (HKLM\...\foxtab) (Version:  - FoxTab) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7) (Version:  - )
Hewlett-Packard Active Check (Version: 1.1.7.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent (Version: 2.0.58.0 - HP) Hidden
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.1.0.2278 - Hewlett-Packard)
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Deskjet All-In-One Software 9.0 (HKLM\...\{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}) (Version: 9.0 - HP)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.1.0.2279 - Hewlett-Packard)
HP Help and Support (HKLM\...\{9061CEF2-51F5-42C9-8A70-9ED351C6597A}) (Version: 1.1.0 - Hewlett-Packard)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4900 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Quick Launch Buttons 6.20 B1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.20 B1 - Hewlett-Packard)
HP QuickPlay 3.2 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP Smart Web Printing (HKLM\...\{415CDA53-9100-476F-A7B2-476691E117C7}) (Version: 2.15.7.0 - Ihr Firmenname)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}) (Version: 4.000.006.003 - Hewlett-Packard)
HP User Guides 0056 (HKLM\...\{5AB56552-6938-4686-9F87-DB0ED8D1E06B}) (Version: 1.02.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Ihr Firmenname)
iCloud (HKLM\...\{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}) (Version: 1.1.0.40 - Apple Inc.)
iPhone-Konfigurationsprogramm (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{23B8A91D-680B-462B-87AD-3D70F7341731}) (Version: 10.6.1.7 - Apple Inc.)
Java(TM) 6 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
LightScribe  1.6.43.1 (Version: 1.6.43.1 - hxxp://www.lightscribe.com) Hidden
Linkury Smartbar Engine (HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\{665f828d-0390-4867-8e22-03a531074fc2}) (Version: 1.24.22.10764 - Linkury Inc.) <==== ATTENTION
LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.4.5 - Symantec Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mirage Driver 1.1 (HKLM\...\Mirage Driver_is1) (Version: 1.1 - )
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
Mouse Driver (HKLM\...\InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}) (Version: 5.1 - Driver Builder)
Mouse Driver (Version: 5.1 - Driver Builder) Hidden
Mozilla Firefox (3.6.25) (HKLM\...\Mozilla Firefox (3.6.25)) (Version: 3.6.25 (de) - Mozilla)
MSCU for Microsoft Vista (HKLM\...\{8CC5F040-44F2-4FB7-9720-47F53F96D180}) (Version: 1.0.1.3 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PC-Professional (HKLM\...\{776CCBE6-CB5F-4CCB-B364-5937CA2AB0F0}_is1) (Version:  - Verlag Heinrich Vogel)
PC-Professional Klasse A 2011 (HKLM\...\{00F4B50E-C3B4-4E41-8334-042DF54A0AB3}_is1) (Version:  - Verlag Heinrich Vogel)
PC-Professional Klasse B 2011 (HKLM\...\{791E2D38-210B-4622-8C57-512520D9F4EF}_is1) (Version:  - Verlag Heinrich Vogel)
PC-Professional Klasse C 2011 (HKLM\...\{D0CAA2F0-A08E-42DD-815F-1691A684D39E}_is1) (Version:  - Verlag Heinrich Vogel)
PC-Professional Klasse D 2011 (HKLM\...\{68E9010A-98DF-44B0-A7AB-3CE36ACA5263}_is1) (Version:  - Verlag Heinrich Vogel)
PC-Professional Modul Weiterbildung LKW: Schaltstelle Fahrer (HKLM\...\{2D9D5712-150B-4826-BFF3-07E4C4EBEBE6}_is1) (Version:  - Verlag Heinrich Vogel)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.551 - Roxio)
Safari (HKLM\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Sigel Label- und Barcode Software (HKLM\...\Sigel Label- und Barcode Software) (Version:  - )
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartAudio (HKLM\...\SmartAudio) (Version:  - Conexant)
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.11.0 - Synaptics)
Telekom Internet Manager (HKLM\...\Telekom Internet Manager) (Version: 11.301.05.05.748 - Huawei Technologies Co.,Ltd)
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
UltraVNC VideoDriver (HKLM\...\UltraVNC VideoDriver_is1) (Version: 1.0.5 - )
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VeriSoft Access Manager (HKLM\...\{0ABA40AF-288D-41F1-B735-C5155692CD7D}) (Version: 2.1.2.880.15 - Bioscrypt Inc.)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/11/2009 2.0.0010.00002) (HKLM\...\3F84B3D0CF7723323F1B217C178C4C4BDC5BA436) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-02-2014 20:05:47 Windows Update
17-02-2014 19:17:10 Windows Update
20-02-2014 23:10:39 Windows Update
02-03-2014 17:42:41 Windows Update
02-03-2014 21:14:13 DirectX wurde installiert
04-03-2014 19:21:51 Installiert Dawn of War - Dark Crusade
04-03-2014 19:45:32 Installiert DawnOfWar
06-03-2014 19:58:28 Windows Update
22-03-2014 16:03:21 Windows Update
23-03-2014 20:05:29 Windows Update
27-03-2014 19:46:33 Windows Update
04-04-2014 18:22:40 Windows Update
10-04-2014 23:05:24 Windows Update
19-04-2014 17:39:06 Windows Update
27-04-2014 12:36:52 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2015-05-15 03:56 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12A40B69-07DB-4670-96B1-B0E3DC7BD7BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-08] (Google Inc.)
Task: {229A58B3-65DF-446F-93C3-87C52715DD4B} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {45AFD6B2-9904-48B0-AD0F-712A9CAAC1D3} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {52003A4B-AEC2-44D6-B3EC-4583BEFAB06D} - System32\Tasks\YourFile Update => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {8C5F06BA-B278-45D8-9211-EA803AAED5AD} - System32\Tasks\FoxTab => C:\Users\hp\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9217FACC-D9A6-4868-A92A-8932DE021A3E} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {A728B8C0-05EC-40C7-9A56-AA26990DD191} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A7313D84-05D0-4842-B3FC-4BD07C632EF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-08] (Google Inc.)
Task: {B5030DA7-34D2-4E32-8204-907132F36225} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {CFBAFF41-2C62-43A0-A5DB-FACF4930B0E0} - System32\Tasks\EPUpdater => C:\Users\hp\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: {D50887CD-31E7-410C-B646-5062E93AA277} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: {EE259ACE-5A8E-4008-9F59-4F1DFC812828} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: {F5E0808E-BC45-4040-A19E-E10CCB0A3913} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION
Task: {FA64CC72-1509-44F5-B833-5D3925FDB9AF} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12] (Hewlett-Packard)
Task: {FE4C308E-0100-4D24-A189-ECF6F301470D} - System32\Tasks\UpdaterEX => C:\Users\hp\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2087834869-41306806-706425095-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hp\Desktop\Showpics\TUI FLUFF.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{A6790671-C896-495F-A8E2-A9952EFD431E}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{EB6EB3E0-DF7A-452B-965A-548971C6A386}] => (Allow) svchost.exe
FirewallRules: [{3AABD80B-337E-4F0D-813A-D7118F789BD3}] => (Allow) C:\Program Files\MSN Messenger\livecall.exe
FirewallRules: [{7EBDCEDB-3F52-4967-B9F1-635E2B4F366B}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
FirewallRules: [{D243203B-5D8C-4C0D-B3EA-33E9AD6724DC}] => (Allow) C:\Program Files\HP\QuickPlay\QPService.exe
FirewallRules: [{47168574-D071-40AC-9D4D-F2CB875D16DC}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F920AB3D-52A9-49B0-9508-0EEB2265C4A6}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{C5801744-471B-488C-BE91-103B901C8BFB}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
FirewallRules: [UDP Query User{AAC3A01D-0AA2-404D-A899-C111E99A70BE}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
FirewallRules: [TCP Query User{7C51C5EB-8D0F-465B-A35E-BDA29B71217B}C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe] => (Block) C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe
FirewallRules: [UDP Query User{7BBAD1D6-CAEE-458A-B1F4-2217274BF4AB}C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe] => (Block) C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe
FirewallRules: [{061E4FC6-39BD-4A70-ADA1-DF3C8D4467F2}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{EB89D978-7A63-4CA1-BFDB-3F459F389C4E}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{8E02DC7C-DE75-421C-BECF-5978BE26F742}C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe] => (Block) C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe
FirewallRules: [UDP Query User{4CB27430-1891-4735-BB8B-39DA6918DFB5}C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe] => (Block) C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe
FirewallRules: [{D07DF6EC-1E47-46C6-84CE-7759D727DBE0}] => (Allow) LPort=80
FirewallRules: [{AFB90AA4-77C5-4267-BB13-812A6B98E9C1}] => (Allow) LPort=80
FirewallRules: [{CE86704A-3AC4-4B12-A2FB-D219E228EE3B}] => (Allow) LPort=80
FirewallRules: [TCP Query User{9A3A58F3-A466-494C-84B7-A5700BAE3D19}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [UDP Query User{9DA453AB-F5F1-4FE3-AC42-7D19C62A611A}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [TCP Query User{7203B5F9-EAB8-49EA-8468-69823F4E30F2}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{6531FBF9-BF11-43E2-AB70-7222518AECB0}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{C17A2C84-F259-414A-AE05-9C7E8414CF6A}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{9499FEDD-34AC-41F4-9485-DF7EE079F8DE}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{DAFD5ACD-4E46-40FF-A64A-DB202CB68AB3}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [UDP Query User{52468090-D9DA-463D-B934-4EABC238E1A6}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [TCP Query User{4748B723-092A-400A-A6EC-E375B81F1BDF}C:\drisc\programme\fsm_winvnc.exe] => (Allow) C:\drisc\programme\fsm_winvnc.exe
FirewallRules: [UDP Query User{841514AF-F047-4366-B599-285576448BB2}C:\drisc\programme\fsm_winvnc.exe] => (Allow) C:\drisc\programme\fsm_winvnc.exe
FirewallRules: [{67C0D799-9A12-4798-ACAF-6487F55C684F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D255B24A-80D0-4962-9082-2F1A33E8376A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6F833CC-8FF0-438B-A6C0-73DA28D8DDFC}] => (Allow) C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
FirewallRules: [{1A9F57E6-5CB8-4076-91B6-80412766B67C}] => (Allow) C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
FirewallRules: [{D6B33A5A-2C18-42AF-8221-BCD378312417}] => (Allow) C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
FirewallRules: [{5CB3601E-4303-4859-BBCD-198C6E2FABF5}] => (Allow) C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
FirewallRules: [{A6BE6B39-57A0-4DF2-9B49-4EDBAB89DFFF}] => (Allow) C:\Program Files\Vogel Verlag\Fahren Lernen Verwaltung\Vogel.FahrenLernenMax.Admin.exe
FirewallRules: [{88711B07-9086-4443-ADE0-7C01EFCF5D81}] => (Allow) C:\Program Files\Vogel Verlag\Fahren Lernen Verwaltung\Vogel.FahrenLernenMax.Admin.exe
FirewallRules: [{2371A715-2D00-42B3-BE50-F6311CF55160}] => (Allow) C:\Program Files\Vogel Verlag\Fahren Lernen Verwaltung\Vogel.FahrenLernenMax.Admin.exe
FirewallRules: [{62880775-348C-4D0A-B8C5-68FC74B6D00C}] => (Allow) C:\Program Files\Vogel Verlag\Fahren Lernen Verwaltung\Vogel.FahrenLernenMax.Admin.exe
FirewallRules: [{2E1DB27C-BCA8-466E-9212-CAA1C0EDEC5C}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\Fernwartung.EXE
FirewallRules: [{D6FDF186-2C86-49F1-9F88-6ECD28864EE9}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\Fernwartung.EXE
FirewallRules: [{FEDEA407-751F-42D0-AF9C-00FCC82EF4A0}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\FSM_WinVNC.exe
FirewallRules: [{04A0DE97-38D6-4854-919C-F1FC34667BE1}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\FSM_WinVNC.exe
FirewallRules: [{78E51E29-DC1E-41E9-B9C8-B7E78758C101}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\PC_Professional.exe
FirewallRules: [{663E77E6-59D9-45E9-A3F5-DB2D6EA3298C}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\PC_Professional.exe
FirewallRules: [TCP Query User{08C6CC39-A699-415F-8388-AED3E290C51E}C:\drisc\programme\fsm_winvnc.exe] => (Allow) C:\drisc\programme\fsm_winvnc.exe
FirewallRules: [UDP Query User{27084DFB-F357-49E6-B814-381DC98EA5BA}C:\drisc\programme\fsm_winvnc.exe] => (Allow) C:\drisc\programme\fsm_winvnc.exe
FirewallRules: [{6CF09865-16E8-4D90-93A6-55020D7F2443}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{366AEAD6-DA18-49EA-A355-6F05F218445B}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\Fernwartung.EXE
FirewallRules: [{823814E8-50BE-4495-83E6-0F4BF0E62763}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\Fernwartung.EXE
FirewallRules: [{4F1A15C6-14B4-4776-9EE5-90854AB95751}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\FSM_WinVNC.exe
FirewallRules: [{0D1DA389-1F60-4641-A4C4-46751ABD8F02}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\FSM_WinVNC.exe
FirewallRules: [{7634ADE5-DE5C-48CA-B166-94911CBD3E27}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\PC_Professional.exe
FirewallRules: [{DF30A205-732C-458A-9107-571894027560}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\PC_Professional.exe
FirewallRules: [{F0C5310B-AAF2-442B-A283-CEA8070B8393}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7169267E-6CB3-456E-BCE0-540E67EFF381}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9A4BE4E0-6660-4163-B282-3B3B3C9E5DDD}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{ABFBD873-ECEF-4F44-A905-152111FA2731}] => (Allow) svchost.exe
FirewallRules: [{E36A9C37-40FE-466D-AF45-0DA902F6240A}] => (Allow) C:\Program Files\MSN Messenger\livecall.exe
FirewallRules: [TCP Query User{6088709B-8FB8-41D9-83A2-C11CCD59DB7F}C:\program files\tmnationsforever\tmforever.exe] => (Block) C:\program files\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{E2970C9F-6304-4276-82AC-F96060B80771}C:\program files\tmnationsforever\tmforever.exe] => (Block) C:\program files\tmnationsforever\tmforever.exe
FirewallRules: [{A9DF8B6C-4950-4DB4-96D1-E9B0F45E75BD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B4911FB6-2F9A-4F89-8149-E90FF5CD829C}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{0D773D39-B32C-447B-9CC4-A32354C8ECD6}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{7BA80829-DAEF-48CC-90EB-88C8E8DB3603}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{309A8461-DE35-4F96-BA9D-4DF07BD00038}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{F772C099-2565-4888-A7E6-F554D0AD0418}] => (Allow) C:\Program Files\YourFileDownloader\YourFile.exe
FirewallRules: [{031E2438-B146-4A4E-9F4B-BD1F891AF659}] => (Allow) C:\Program Files\YourFileDownloader\YourFile.exe
FirewallRules: [{759C0A06-BA49-4E16-841D-0504B04279EF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{068B69BF-2995-4DC9-A386-56D065F78C68}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{45746126-D74A-49FF-B6AA-FE7AC4A4ADC8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
DomainProfile\AuthorizedApplications: [C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2015 09:24:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/14/2015 09:18:34 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/14/2015 09:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung AsGHost.exe, Version 2.5.0.57, Zeitstempel 0x45c99c4a, fehlerhaftes Modul ItVCard.dll, Version 1.1.0.173, Zeitstempel 0x45a756c6, Ausnahmecode 0xc0000005, Fehleroffset 0x00010412,
Prozess-ID 0x90c, Anwendungsstartzeit AsGHost.exe0.

Error: (05/15/2015 04:00:02 AM) (Source: LoadPerf) (EventID: 3009) (User: )
Description: .NET CLR Networking 4.0.0.02

Error: (05/15/2015 03:58:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.

Error: (05/15/2015 03:58:38 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/15/2015 03:58:19 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.

Error: (05/15/2015 03:58:19 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/15/2015 03:56:29 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/15/2015 02:39:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (05/14/2015 09:19:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (05/14/2015 09:19:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/14/2015 09:19:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (05/14/2015 09:19:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (05/14/2015 09:19:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (05/14/2015 09:19:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: AFD
aswRdr
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
DfsC
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
tcpipBM
tdx
Wanarpv6

Error: (05/14/2015 09:19:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (05/14/2015 09:19:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NLA (Network Location Awareness)Netzwerkspeicher-Schnittstellendienst%%1068

Error: (05/14/2015 09:19:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IP-HilfsdienstNetzwerkspeicher-Schnittstellendienst%%1068

Error: (05/14/2015 09:19:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: AnmeldedienstArbeitsstationsdienst%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-05-14 21:26:16.067
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-14 21:26:15.147
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-14 21:26:14.226
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-14 21:26:13.259
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-01-23 12:31:47.139
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Bioscrypt\VeriSoft\Bin\ItClient.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-01-23 12:31:46.774
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Bioscrypt\VeriSoft\Bin\ItClient.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-01-23 12:31:45.417
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Bioscrypt\VeriSoft\Bin\ItClient.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-01-23 12:31:45.073
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Bioscrypt\VeriSoft\Bin\ItClient.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-01-23 12:31:44.738
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Bioscrypt\VeriSoft\Bin\ItClient.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-01-23 12:31:44.389
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Bioscrypt\VeriSoft\Bin\ItClient.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-64
Percentage of memory in use: 29%
Total physical RAM: 2046.23 MB
Available physical RAM: 1446.81 MB
Total Pagefile: 4328.92 MB
Available Pagefile: 3923.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:225.35 GB) (Free:59.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:7.54 GB) (Free:2.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (KINGSTON) (Removable) (Total:28.8 GB) (Free:13.75 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: DCC27A89)
Partition 1: (Active) - (Size=225.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 28.8 GB) (Disk ID: 22896F74)
Partition 1: (Active) - (Size=28.8 GB) - (Type=0B)

==================== End Of Log ============================

ttom12 · 14.05.2015, 22:52

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-05-2015 01
Ran by hp at 2015-05-14 21:26:39
Running from F:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2087834869-41306806-706425095-500 - Administrator - Disabled)
Gast (S-1-5-21-2087834869-41306806-706425095-501 - Limited - Enabled)
hp (S-1-5-21-2087834869-41306806-706425095-1000 - Administrator - Enabled) => C:\Users\hp
Roman (S-1-5-21-2087834869-41306806-706425095-1001 - Administrator - Enabled) => C:\Users\Roman

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.3.183.11 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader 8 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A80000000002}) (Version: 8.0.0 - Adobe Systems Incorporated)
Age of Mythology (HKLM\...\Age of Mythology 1.0) (Version:  - )
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.7.0.62 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2035 (HKLM\...\{30ABD2DC-8B23-4BB2-84AD-DF8DCFF2B75D}) (Version: 1.00 - Brother)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.03 - Piriform)
CodeMeter Runtime Kit v4.20a (HKLM\...\{3D86163C-6E2A-4C00-A7C0-FB794D6BF476}) (Version: 4.20.282.501 - WIBU-SYSTEMS AG)
CodeMeter Runtime Merge Module (Win32) (Version: 4.10.235.503 - Alexander Schmitt) Hidden
CodeMeter Tools Merge Module (Version: 4.10.235.503 - Marc Beissmann) Hidden
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: 4.18.0.0 - Conexant)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 90.0.205.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Schlacht um Mittelerde™ II (HKLM\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
DJ_AIO_ProductContext (Version: 90.0.236.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
ESU for Microsoft Vista (HKLM\...\{B76A76EB-BCCA-4625-9C4C-1FFAE19E4772}) (Version: 2.0.5.1 - Hewlett-Packard)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100 (Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_doccd (Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_Help (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Fahren Lernen Verwaltung 1.5 (HKLM\...\{EA863E91-B793-4D1B-BF04-97DB395E74C5}_is1) (Version:  - Verlag Heinrich Vogel - Springer Transport Media GmbH)
FahrenLernenSync 1.5 (HKLM\...\{7339E5F7-32DE-45CD-995E-A795494A4082}_is1) (Version:  - Verlag Heinrich Vogel - Springer Transport Media GmbH)
Fahrschulmanager 9.2 (HKLM\...\{C53E8248-AB7C-41EA-98E3-BF54B0559AC3}_is1) (Version:  - Springer Fachmedien München GmbH - Verlag Heinrich Vogel)
ffdshow v1.1.3562 [2010-09-07] (HKLM\...\ffdshow_is1) (Version: 1.1.3562.0 - )
Foxtab (HKLM\...\foxtab) (Version:  - FoxTab) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7) (Version:  - )
Hewlett-Packard Active Check (Version: 1.1.7.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent (Version: 2.0.58.0 - HP) Hidden
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.1.0.2278 - Hewlett-Packard)
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Deskjet All-In-One Software 9.0 (HKLM\...\{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}) (Version: 9.0 - HP)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.1.0.2279 - Hewlett-Packard)
HP Help and Support (HKLM\...\{9061CEF2-51F5-42C9-8A70-9ED351C6597A}) (Version: 1.1.0 - Hewlett-Packard)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4900 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Quick Launch Buttons 6.20 B1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.20 B1 - Hewlett-Packard)
HP QuickPlay 3.2 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP Smart Web Printing (HKLM\...\{415CDA53-9100-476F-A7B2-476691E117C7}) (Version: 2.15.7.0 - Ihr Firmenname)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}) (Version: 4.000.006.003 - Hewlett-Packard)
HP User Guides 0056 (HKLM\...\{5AB56552-6938-4686-9F87-DB0ED8D1E06B}) (Version: 1.02.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Ihr Firmenname)
iCloud (HKLM\...\{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}) (Version: 1.1.0.40 - Apple Inc.)
iPhone-Konfigurationsprogramm (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{23B8A91D-680B-462B-87AD-3D70F7341731}) (Version: 10.6.1.7 - Apple Inc.)
Java(TM) 6 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
LightScribe  1.6.43.1 (Version: 1.6.43.1 - hxxp://www.lightscribe.com) Hidden
Linkury Smartbar Engine (HKU\S-1-5-21-2087834869-41306806-706425095-1000\...\{665f828d-0390-4867-8e22-03a531074fc2}) (Version: 1.24.22.10764 - Linkury Inc.) <==== ATTENTION
LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.4.5 - Symantec Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mirage Driver 1.1 (HKLM\...\Mirage Driver_is1) (Version: 1.1 - )
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
Mouse Driver (HKLM\...\InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}) (Version: 5.1 - Driver Builder)
Mouse Driver (Version: 5.1 - Driver Builder) Hidden
Mozilla Firefox (3.6.25) (HKLM\...\Mozilla Firefox (3.6.25)) (Version: 3.6.25 (de) - Mozilla)
MSCU for Microsoft Vista (HKLM\...\{8CC5F040-44F2-4FB7-9720-47F53F96D180}) (Version: 1.0.1.3 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PC-Professional (HKLM\...\{776CCBE6-CB5F-4CCB-B364-5937CA2AB0F0}_is1) (Version:  - Verlag Heinrich Vogel)
PC-Professional Klasse A 2011 (HKLM\...\{00F4B50E-C3B4-4E41-8334-042DF54A0AB3}_is1) (Version:  - Verlag Heinrich Vogel)
PC-Professional Klasse B 2011 (HKLM\...\{791E2D38-210B-4622-8C57-512520D9F4EF}_is1) (Version:  - Verlag Heinrich Vogel)
PC-Professional Klasse C 2011 (HKLM\...\{D0CAA2F0-A08E-42DD-815F-1691A684D39E}_is1) (Version:  - Verlag Heinrich Vogel)
PC-Professional Klasse D 2011 (HKLM\...\{68E9010A-98DF-44B0-A7AB-3CE36ACA5263}_is1) (Version:  - Verlag Heinrich Vogel)
PC-Professional Modul Weiterbildung LKW: Schaltstelle Fahrer (HKLM\...\{2D9D5712-150B-4826-BFF3-07E4C4EBEBE6}_is1) (Version:  - Verlag Heinrich Vogel)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.551 - Roxio)
Safari (HKLM\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Sigel Label- und Barcode Software (HKLM\...\Sigel Label- und Barcode Software) (Version:  - )
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartAudio (HKLM\...\SmartAudio) (Version:  - Conexant)
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.11.0 - Synaptics)
Telekom Internet Manager (HKLM\...\Telekom Internet Manager) (Version: 11.301.05.05.748 - Huawei Technologies Co.,Ltd)
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
UltraVNC VideoDriver (HKLM\...\UltraVNC VideoDriver_is1) (Version: 1.0.5 - )
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VeriSoft Access Manager (HKLM\...\{0ABA40AF-288D-41F1-B735-C5155692CD7D}) (Version: 2.1.2.880.15 - Bioscrypt Inc.)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/11/2009 2.0.0010.00002) (HKLM\...\3F84B3D0CF7723323F1B217C178C4C4BDC5BA436) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-02-2014 20:05:47 Windows Update
17-02-2014 19:17:10 Windows Update
20-02-2014 23:10:39 Windows Update
02-03-2014 17:42:41 Windows Update
02-03-2014 21:14:13 DirectX wurde installiert
04-03-2014 19:21:51 Installiert Dawn of War - Dark Crusade
04-03-2014 19:45:32 Installiert DawnOfWar
06-03-2014 19:58:28 Windows Update
22-03-2014 16:03:21 Windows Update
23-03-2014 20:05:29 Windows Update
27-03-2014 19:46:33 Windows Update
04-04-2014 18:22:40 Windows Update
10-04-2014 23:05:24 Windows Update
19-04-2014 17:39:06 Windows Update
27-04-2014 12:36:52 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2015-05-15 03:56 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12A40B69-07DB-4670-96B1-B0E3DC7BD7BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-08] (Google Inc.)
Task: {229A58B3-65DF-446F-93C3-87C52715DD4B} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {45AFD6B2-9904-48B0-AD0F-712A9CAAC1D3} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {52003A4B-AEC2-44D6-B3EC-4583BEFAB06D} - System32\Tasks\YourFile Update => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {8C5F06BA-B278-45D8-9211-EA803AAED5AD} - System32\Tasks\FoxTab => C:\Users\hp\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9217FACC-D9A6-4868-A92A-8932DE021A3E} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {A728B8C0-05EC-40C7-9A56-AA26990DD191} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A7313D84-05D0-4842-B3FC-4BD07C632EF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-08] (Google Inc.)
Task: {B5030DA7-34D2-4E32-8204-907132F36225} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {CFBAFF41-2C62-43A0-A5DB-FACF4930B0E0} - System32\Tasks\EPUpdater => C:\Users\hp\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: {D50887CD-31E7-410C-B646-5062E93AA277} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: {EE259ACE-5A8E-4008-9F59-4F1DFC812828} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: {F5E0808E-BC45-4040-A19E-E10CCB0A3913} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION
Task: {FA64CC72-1509-44F5-B833-5D3925FDB9AF} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12] (Hewlett-Packard)
Task: {FE4C308E-0100-4D24-A189-ECF6F301470D} - System32\Tasks\UpdaterEX => C:\Users\hp\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2087834869-41306806-706425095-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hp\Desktop\Showpics\TUI FLUFF.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{A6790671-C896-495F-A8E2-A9952EFD431E}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{EB6EB3E0-DF7A-452B-965A-548971C6A386}] => (Allow) svchost.exe
FirewallRules: [{3AABD80B-337E-4F0D-813A-D7118F789BD3}] => (Allow) C:\Program Files\MSN Messenger\livecall.exe
FirewallRules: [{7EBDCEDB-3F52-4967-B9F1-635E2B4F366B}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
FirewallRules: [{D243203B-5D8C-4C0D-B3EA-33E9AD6724DC}] => (Allow) C:\Program Files\HP\QuickPlay\QPService.exe
FirewallRules: [{47168574-D071-40AC-9D4D-F2CB875D16DC}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F920AB3D-52A9-49B0-9508-0EEB2265C4A6}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{C5801744-471B-488C-BE91-103B901C8BFB}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
FirewallRules: [UDP Query User{AAC3A01D-0AA2-404D-A899-C111E99A70BE}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
FirewallRules: [TCP Query User{7C51C5EB-8D0F-465B-A35E-BDA29B71217B}C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe] => (Block) C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe
FirewallRules: [UDP Query User{7BBAD1D6-CAEE-458A-B1F4-2217274BF4AB}C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe] => (Block) C:\users\roman\appdata\local\temp\ckz_nhm6\fsm_winvnc.exe
FirewallRules: [{061E4FC6-39BD-4A70-ADA1-DF3C8D4467F2}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{EB89D978-7A63-4CA1-BFDB-3F459F389C4E}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{8E02DC7C-DE75-421C-BECF-5978BE26F742}C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe] => (Block) C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe
FirewallRules: [UDP Query User{4CB27430-1891-4735-BB8B-39DA6918DFB5}C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe] => (Block) C:\program files\vogel verlag\gemeinsame komponenten\fahrenlernensync\vogel.usbspider.exe
FirewallRules: [{D07DF6EC-1E47-46C6-84CE-7759D727DBE0}] => (Allow) LPort=80
FirewallRules: [{AFB90AA4-77C5-4267-BB13-812A6B98E9C1}] => (Allow) LPort=80
FirewallRules: [{CE86704A-3AC4-4B12-A2FB-D219E228EE3B}] => (Allow) LPort=80
FirewallRules: [TCP Query User{9A3A58F3-A466-494C-84B7-A5700BAE3D19}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [UDP Query User{9DA453AB-F5F1-4FE3-AC42-7D19C62A611A}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [TCP Query User{7203B5F9-EAB8-49EA-8468-69823F4E30F2}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{6531FBF9-BF11-43E2-AB70-7222518AECB0}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{C17A2C84-F259-414A-AE05-9C7E8414CF6A}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{9499FEDD-34AC-41F4-9485-DF7EE079F8DE}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{DAFD5ACD-4E46-40FF-A64A-DB202CB68AB3}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [UDP Query User{52468090-D9DA-463D-B934-4EABC238E1A6}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [TCP Query User{4748B723-092A-400A-A6EC-E375B81F1BDF}C:\drisc\programme\fsm_winvnc.exe] => (Allow) C:\drisc\programme\fsm_winvnc.exe
FirewallRules: [UDP Query User{841514AF-F047-4366-B599-285576448BB2}C:\drisc\programme\fsm_winvnc.exe] => (Allow) C:\drisc\programme\fsm_winvnc.exe
FirewallRules: [{67C0D799-9A12-4798-ACAF-6487F55C684F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D255B24A-80D0-4962-9082-2F1A33E8376A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6F833CC-8FF0-438B-A6C0-73DA28D8DDFC}] => (Allow) C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
FirewallRules: [{1A9F57E6-5CB8-4076-91B6-80412766B67C}] => (Allow) C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
FirewallRules: [{D6B33A5A-2C18-42AF-8221-BCD378312417}] => (Allow) C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
FirewallRules: [{5CB3601E-4303-4859-BBCD-198C6E2FABF5}] => (Allow) C:\Program Files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
FirewallRules: [{A6BE6B39-57A0-4DF2-9B49-4EDBAB89DFFF}] => (Allow) C:\Program Files\Vogel Verlag\Fahren Lernen Verwaltung\Vogel.FahrenLernenMax.Admin.exe
FirewallRules: [{88711B07-9086-4443-ADE0-7C01EFCF5D81}] => (Allow) C:\Program Files\Vogel Verlag\Fahren Lernen Verwaltung\Vogel.FahrenLernenMax.Admin.exe
FirewallRules: [{2371A715-2D00-42B3-BE50-F6311CF55160}] => (Allow) C:\Program Files\Vogel Verlag\Fahren Lernen Verwaltung\Vogel.FahrenLernenMax.Admin.exe
FirewallRules: [{62880775-348C-4D0A-B8C5-68FC74B6D00C}] => (Allow) C:\Program Files\Vogel Verlag\Fahren Lernen Verwaltung\Vogel.FahrenLernenMax.Admin.exe
FirewallRules: [{2E1DB27C-BCA8-466E-9212-CAA1C0EDEC5C}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\Fernwartung.EXE
FirewallRules: [{D6FDF186-2C86-49F1-9F88-6ECD28864EE9}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\Fernwartung.EXE
FirewallRules: [{FEDEA407-751F-42D0-AF9C-00FCC82EF4A0}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\FSM_WinVNC.exe
FirewallRules: [{04A0DE97-38D6-4854-919C-F1FC34667BE1}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\FSM_WinVNC.exe
FirewallRules: [{78E51E29-DC1E-41E9-B9C8-B7E78758C101}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\PC_Professional.exe
FirewallRules: [{663E77E6-59D9-45E9-A3F5-DB2D6EA3298C}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\PC_Professional.exe
FirewallRules: [TCP Query User{08C6CC39-A699-415F-8388-AED3E290C51E}C:\drisc\programme\fsm_winvnc.exe] => (Allow) C:\drisc\programme\fsm_winvnc.exe
FirewallRules: [UDP Query User{27084DFB-F357-49E6-B814-381DC98EA5BA}C:\drisc\programme\fsm_winvnc.exe] => (Allow) C:\drisc\programme\fsm_winvnc.exe
FirewallRules: [{6CF09865-16E8-4D90-93A6-55020D7F2443}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{366AEAD6-DA18-49EA-A355-6F05F218445B}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\Fernwartung.EXE
FirewallRules: [{823814E8-50BE-4495-83E6-0F4BF0E62763}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\Fernwartung.EXE
FirewallRules: [{4F1A15C6-14B4-4776-9EE5-90854AB95751}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\FSM_WinVNC.exe
FirewallRules: [{0D1DA389-1F60-4641-A4C4-46751ABD8F02}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\FSM_WinVNC.exe
FirewallRules: [{7634ADE5-DE5C-48CA-B166-94911CBD3E27}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\PC_Professional.exe
FirewallRules: [{DF30A205-732C-458A-9107-571894027560}] => (Allow) C:\Program Files\Vogel Verlag\PC-Professional\PC_Professional.exe
FirewallRules: [{F0C5310B-AAF2-442B-A283-CEA8070B8393}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7169267E-6CB3-456E-BCE0-540E67EFF381}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9A4BE4E0-6660-4163-B282-3B3B3C9E5DDD}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{ABFBD873-ECEF-4F44-A905-152111FA2731}] => (Allow) svchost.exe
FirewallRules: [{E36A9C37-40FE-466D-AF45-0DA902F6240A}] => (Allow) C:\Program Files\MSN Messenger\livecall.exe
FirewallRules: [TCP Query User{6088709B-8FB8-41D9-83A2-C11CCD59DB7F}C:\program files\tmnationsforever\tmforever.exe] => (Block) C:\program files\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{E2970C9F-6304-4276-82AC-F96060B80771}C:\program files\tmnationsforever\tmforever.exe] => (Block) C:\program files\tmnationsforever\tmforever.exe
FirewallRules: [{A9DF8B6C-4950-4DB4-96D1-E9B0F45E75BD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B4911FB6-2F9A-4F89-8149-E90FF5CD829C}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{0D773D39-B32C-447B-9CC4-A32354C8ECD6}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{7BA80829-DAEF-48CC-90EB-88C8E8DB3603}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{309A8461-DE35-4F96-BA9D-4DF07BD00038}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{F772C099-2565-4888-A7E6-F554D0AD0418}] => (Allow) C:\Program Files\YourFileDownloader\YourFile.exe
FirewallRules: [{031E2438-B146-4A4E-9F4B-BD1F891AF659}] => (Allow) C:\Program Files\YourFileDownloader\YourFile.exe
FirewallRules: [{759C0A06-BA49-4E16-841D-0504B04279EF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{068B69BF-2995-4DC9-A386-56D065F78C68}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{45746126-D74A-49FF-B6AA-FE7AC4A4ADC8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
DomainProfile\AuthorizedApplications: [C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2015 09:24:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/14/2015 09:18:34 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/14/2015 09:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung AsGHost.exe, Version 2.5.0.57, Zeitstempel 0x45c99c4a, fehlerhaftes Modul ItVCard.dll, Version 1.1.0.173, Zeitstempel 0x45a756c6, Ausnahmecode 0xc0000005, Fehleroffset 0x00010412,
Prozess-ID 0x90c, Anwendungsstartzeit AsGHost.exe0.

Error: (05/15/2015 04:00:02 AM) (Source: LoadPerf) (EventID: 3009) (User: )
Description: .NET CLR Networking 4.0.0.02

Error: (05/15/2015 03:58:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.

Error: (05/15/2015 03:58:38 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/15/2015 03:58:19 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.

Error: (05/15/2015 03:58:19 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/15/2015 03:56:29 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/15/2015 02:39:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (05/14/2015 09:19:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (05/14/2015 09:19:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/14/2015 09:19:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (05/14/2015 09:19:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (05/14/2015 09:19:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (05/14/2015 09:19:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: AFD
aswRdr
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
DfsC
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
tcpipBM
tdx
Wanarpv6

Error: (05/14/2015 09:19:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (05/14/2015 09:19:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NLA (Network Location Awareness)Netzwerkspeicher-Schnittstellendienst%%1068

Error: (05/14/2015 09:19:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IP-HilfsdienstNetzwerkspeicher-Schnittstellendienst%%1068

Error: (05/14/2015 09:19:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: AnmeldedienstArbeitsstationsdienst%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-05-14 21:26:16.067
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-14 21:26:15.147
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-14 21:26:14.226
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-14 21:26:13.259
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-01-23 12:31:47.139
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Bioscrypt\VeriSoft\Bin\ItClient.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-01-23 12:31:46.774
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Bioscrypt\VeriSoft\Bin\ItClient.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-01-23 12:31:45.417
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Bioscrypt\VeriSoft\Bin\ItClient.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-01-23 12:31:45.073
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Bioscrypt\VeriSoft\Bin\ItClient.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-01-23 12:31:44.738
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Bioscrypt\VeriSoft\Bin\ItClient.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-01-23 12:31:44.389
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Bioscrypt\VeriSoft\Bin\ItClient.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-64
Percentage of memory in use: 29%
Total physical RAM: 2046.23 MB
Available physical RAM: 1446.81 MB
Total Pagefile: 4328.92 MB
Available Pagefile: 3923.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:225.35 GB) (Free:59.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:7.54 GB) (Free:2.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (KINGSTON) (Removable) (Total:28.8 GB) (Free:13.75 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: DCC27A89)
Partition 1: (Active) - (Size=225.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 28.8 GB) (Disk ID: 22896F74)
Partition 1: (Active) - (Size=28.8 GB) - (Type=0B)

==================== End Of Log ============================

Servus,
das Laptop gehört nicht mir, sondern ein guten Freund von meinen Sohn.....Denke
das der einen Trojaner drauf hat...habe irgendwas mit Bonanza gelesen. War garantiert
in einer besagten Seiten drinnen. Schreibe über meinen Laptop! Kann nur in abesicherten Modus rein.
Lisa

cosinus · 14.05.2015, 22:53

Mit welchem Gerät hast du denn jetzt Problem, im ersten Thread hieß es nämlich "dein" Notebook.

Wieso geht nur der abgesicherte Modus? Fehlermeldung?

Was ist mit meiner Frage nach bisherigen Funden und wenn es welche gab, den Logs dazu?

ttom12 · 14.05.2015, 23:00

Auf OTL komme ich, wie bei euch beschrieben....zu meinen Thema,weil ich es gelesen habe um so einen Trojaner zu entfernen. BKA Trojaner denke ich!

nicht mit meinem Laptop, sondern das Laptop von
meinen Sohn seinen Freund. Da komme ich nur im
Abgesicherten Modus rein. Die Logfiles habe ich
gesendet! Anti-Maleware habe ich gemacht, ist aber
nicht mehr da! Waren 23 Funde!

cosinus · 14.05.2015, 23:05

MBAM speichert immer alle Logs. Bitte richtig nachsehen im Programm unter Verlauf.

ttom12 · 14.05.2015, 23:39

Die sind im Verlauf in Quarantäne!
Wiederherstellen-Löschen - Alle Löschen
Was soll ich machen?

wie füge ich Bilder ein vom Laptop die ich
auf dem Handy gemacht habe bei euch?
Habe von der Quarantäne Bilder gemacht!

cosinus · 15.05.2015, 00:32

Du sollst nicht in die Q schauen. Sondern im Verlauf unter Logs. Suchlauf-Protokolle. So schwer kann das doch nicht sein!

ttom12 · 15.05.2015, 10:18

hier die Bilder von Malerw.

ttom12 · 15.05.2015, 10:19

anscheinend hab ich die Logfile gelöscht,
hab alles nachgesehen ist nichts da! Sorry

cosinus · 15.05.2015, 11:54

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

ttom12 · 15.05.2015, 12:48

Code:

ATTFilter

ComboFix 15-05-13.01 - hp 15.05.2015  13:11:43.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.1608 [GMT 2:00]
ausgeführt von:: F:\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\ntuser.pol
c:\users\hp\Desktop\Search.lnk
c:\users\hp\Desktop\Setup.exe
c:\windows\system32\AutoRun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DCService.exe
-------\Service_mv2
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-15 bis 2015-05-15  ))))))))))))))))))))))))))))))
.
.
2015-05-15 11:27 . 2015-05-15 11:27	--------	d-----w-	c:\users\Roman\AppData\Local\temp
2015-05-15 11:27 . 2015-05-15 11:34	--------	d-----w-	c:\users\hp\AppData\Local\temp
2015-05-15 11:27 . 2015-05-15 11:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-15 01:52 . 2015-05-15 11:34	--------	d-----w-	c:\windows\system32\wbem\repository
2015-05-15 01:04 . 2015-05-15 01:04	--------	d-----w-	C:\RegBackup
2015-05-15 00:33 . 2015-05-15 00:33	--------	d-----w-	c:\users\hp\AppData\Roaming\AVAST Software
2015-05-15 00:15 . 2015-05-15 00:15	57888	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2015-05-15 00:15 . 2015-05-15 00:15	209048	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-05-15 00:15 . 2015-05-15 00:15	49904	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-05-15 00:15 . 2015-05-15 00:15	427992	----a-w-	c:\windows\system32\drivers\aswSP.sys
2015-05-15 00:15 . 2015-05-15 00:15	74976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-05-15 00:15 . 2015-05-15 00:15	24144	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-05-15 00:15 . 2015-05-15 00:15	55200	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2015-05-15 00:15 . 2015-05-15 00:14	787760	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2015-05-15 00:15 . 2015-05-15 00:14	291312	----a-w-	c:\windows\system32\aswBoot.exe
2015-05-15 00:14 . 2015-05-15 00:14	43112	----a-w-	c:\windows\avastSS.scr
2015-05-15 00:13 . 2015-05-15 00:13	--------	d-----w-	c:\program files\AVAST Software
2015-05-15 00:11 . 2015-05-15 00:12	--------	d-----w-	c:\programdata\AVAST Software
2015-05-14 22:39 . 2015-05-14 23:57	--------	d-----w-	C:\AdwCleaner
2015-05-14 22:17 . 2015-04-14 07:37	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-05-14 20:22 . 2015-05-14 21:59	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-14 20:22 . 2015-04-14 07:37	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-05-14 20:22 . 2015-04-14 07:37	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-05-14 20:22 . 2015-05-14 20:22	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2015-05-14 20:22 . 2015-05-14 20:22	--------	d-----w-	c:\programdata\Malwarebytes
2015-05-14 19:53 . 2015-05-14 19:54	--------	d-----w-	c:\program files\GUMDD72.tmp
2015-05-14 19:53 . 2015-05-14 19:53	6103040	----a-w-	c:\program files\GUTDDB2.tmp
2015-05-14 19:24 . 2015-05-14 20:06	--------	d-----w-	C:\FRST
2015-05-14 19:07 . 2015-05-14 19:22	--------	d-----w-	c:\windows\system32\catroot2
2015-05-10 12:21 . 2015-05-10 12:21	0	----a-w-	c:\users\hp\AppData\Local\BIT78AB.tmp
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-15 00:14	645144	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"HW_OPENEYE_OUC_Telekom Internet Manager"="c:\program files\Telekom\InternetManager_H\UpdateDog\ouc.exe" [2009-12-31 110592]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-11-06 1564528]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2013-10-30 578560]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-11-06 845168]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpiderService"="c:\program files\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe" [2011-10-11 324096]
"DataCardMonitor"="c:\program files\Telekom\InternetManager_H\DataCardMonitor.exe" [2011-01-24 253952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-11-06 311152]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-15 5515496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2010-6-30 6871440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
Cognizance	REG_MULTI_SZ   	ASBroker ASChannel
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23	452136	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-02 16:00	1150280	----a-w-	c:\program files\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-15 00:14]
.
2015-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 11:24]
.
2015-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 11:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
uSearchAssistant = hxxp://www.google.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
DPF: Deployer - hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\tgl3lw7g.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-foxtab - c:\program files\Foxtab\1.8.12.0\uninstall.exe
AddRemove-UltraVNC VideoDriver_is1 - c:\users\Roman\AppData\Local\Temp\is-T60MN.tmp\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-05-15 13:38
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DataCardMonitor = c:\program files\Telekom\InternetManager_H\DataCardMonitor.exe?????Wm5??????????em32;c:\windows;???v`5????1????????????????????????.`5???:??????am files\Telekom\InternetManager_H\?32.t????c5??c:\program files\Telekom\InternetManager_H\?32.to??oj5???:????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{053F9267-DC04-4294-A72C-58F732D338C0}"=hex:51,66,7a,6c,4c,1d,38,12,09,91,2c,
   01,36,92,fa,07,d8,3a,1b,b7,37,8d,7c,d4
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
   02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{DF21F1DB-80C6-11D3-9483-B03D0EC10000}"=hex:51,66,7a,6c,4c,1d,38,12,b5,f2,32,
   db,f4,ce,bd,54,eb,95,f3,7d,0b,9f,44,14
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:49,de,98,80,14,6b,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,c9,53,8a,21,b9,c9,4d,a8,eb,1d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,c9,53,8a,21,b9,c9,4d,a8,eb,1d,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1284)
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\helppane.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-15  13:44:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-05-15 11:44
.
Vor Suchlauf: 20 Verzeichnis(se), 79.496.982.528 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 79.043.801.088 Bytes frei
.
- - End Of File - - BF395C02AD2FD83C206F563C3869AEEB
404FBBF4A7EC043D60A46CFD278D7A56

14.05.2015, 22:43	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bildschirm flimmert in verschiedenen Farben! Bitte kein OTL mehr! Wie kommst du überhaupt auf OTL, das nutzen wir schon lange nicht mehr __________________ Logfiles bitte immer in CODE-Tags posten

14.05.2015, 22:53	#7
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bildschirm flimmert in verschiedenen Farben! Mit welchem Gerät hast du denn jetzt Problem, im ersten Thread hieß es nämlich "dein" Notebook. Wieso geht nur der abgesicherte Modus? Fehlermeldung? Was ist mit meiner Frage nach bisherigen Funden und wenn es welche gab, den Logs dazu? __________________ Logfiles bitte immer in CODE-Tags posten

14.05.2015, 23:05	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bildschirm flimmert in verschiedenen Farben! MBAM speichert immer alle Logs. Bitte richtig nachsehen im Programm unter Verlauf. __________________ Logfiles bitte immer in CODE-Tags posten

15.05.2015, 00:32	#11
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bildschirm flimmert in verschiedenen Farben! Du sollst nicht in die Q schauen. Sondern im Verlauf unter Logs. Suchlauf-Protokolle. So schwer kann das doch nicht sein! __________________ Logfiles bitte immer in CODE-Tags posten

Bildschirm flimmert in verschiedenen Farben!

Plagegeister aller Art und deren Bekämpfung: Bildschirm flimmert in verschiedenen Farben!