Task Host verhindert afsluiten PC

Mijn laptop is super traag en bezochte pagina's zijn incompleet.
Als ik de laptop wil afsluiten, wil dat niet en duurt het super lang. Er wordt vermeld dat eerst de Task Host moet worden afgesloten.
Volgende dag merk ik bij opstarten dat hij eigenlijk helemaal niet echt uit is geweest omdat hij heel veel MB heeft verbruikt tot wel 1,4 G

Hallo Barbara, ik heb jouw discussie verplaatst.


Download Farbar Recovery Scan Tool 32 of 64 bit van n van de onderstaande links
Farbar Recovery Scan Tool 32 bit (x86)
Farbar Recovery Scan Tool 64 bit (x64)
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
Opmerkingen: Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

Antivirusprogramma en actieve malwarescanners dienen al voor je FRST.exe start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

FRST opstarten:

• Windows 2000 en Windows XP: dubbelklik op FRST.exe.
• Windows Vista, Windows 7, Windows 8/8.1 en Windows 10: via rechtsklik op FRST.exe of FRST64.exe en kies voor "Als Administrator uitvoeren".

FRST start op:

• Wanneer het programma is geopend klik dan op de knop Yes bij de disclaimer.
• Druk vervolgens op de Scan knop.
• Aansluitend zal een logbestand - FRST.txt en Addition-txt aangemaakt worden en op het bureaublad opgeslagen worden.
• Post de inhoud van beide logbestanden in jouw volgende bericht.

.

In geval de inhoud van een van de logs of van beide logs te groot is om te posten, kijk dan hier: Hoe een bijlage toevoegen?

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
durchgefhrt von user (Administrator) auf USER-PC (04-01-2017 20:29:20)
Gestartet von C:\Users\user\Downloads
Geladene Profile: user (Verfgbare Profile: user & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser nicht gefunden!)
Start-Modus: Normal
Anleitung fr Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmtray.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
() C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurckgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel Corporation)
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Packard Bell\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation)
HKLM-x32\...\Run: [cmsc] => c:\program files (x86)\cmcm\Clean Master\cmtray.exe [771912 2015-03-31] (Kingsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3924468755-1748164157-18051398-1000\...\Run: [Facebook Update] => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-07] (Facebook Inc.)
HKU\S-1-5-21-3924468755-1748164157-18051398-1000\...\Run: [HP Deskjet 3070 B611 series (NET)] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-3924468755-1748164157-18051398-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\VILDAP~1.SCR
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-01-10]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoWebCamera.exe.lnk [2012-07-25]
ShortcutTarget: VideoWebCamera.exe.lnk -> C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurckgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A25B3F1E-AC1A-4F56-87E0-60301782FF96}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C6FFED86-F649-40B0-AB31-41C66DBB1EC7}: [DhcpNameServer] 10.57.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschrnkung <======= ACHTUNG
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschrnkung <======= ACHTUNG
HKU\S-1-5-21-3924468755-1748164157-18051398-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschrnkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3924468755-1748164157-18051398-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.nl/
HKU\S-1-5-21-3924468755-1748164157-18051398-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://nl.msn.com/?ocid=iehp
HKU\S-1-5-21-3924468755-1748164157-18051398-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3924468755-1748164157-18051398-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
SearchScopes: HKU\S-1-5-21-3924468755-1748164157-18051398-1000 -> {FDA9D706-4B66-4566-A76F-28B8D07FF3AA} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery64.dll [2015-10-30] (Ghostery, Inc.)
BHO: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll [2014-04-03] (Google, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO-x32: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery.dll [2015-10-30] (Ghostery, Inc.)
BHO-x32: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll [2014-04-03] (Google, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Kein Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Keine Datei
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Kein Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} -> Keine Datei
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-3924468755-1748164157-18051398-1000 -> Kein Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Keine Datei
Toolbar: HKU\S-1-5-21-3924468755-1748164157-18051398-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
DPF: HKLM-x32 {271A3CF5-5A54-447B-A08F-BE805F0DA60B} hxxps://www.olb.de/olb_fb3_1867c/plugin/AXFOAM.CAB
DPF: HKLM-x32 {34DC66DB-E913-40A1-A2DD-53A1B9E90CAC} hxxps://col0-sec.mail.live.com/mail/resources/MailMigrationTool.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://nabuworfelden.axiscam.net:8081/activex/AMC.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [ist nicht signiert]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\user\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-06-27] (RocketLife, LLP)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll [Keine Datei]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3924468755-1748164157-18051398-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <kein Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <kein Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <kein Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337696 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315208 2015-03-31] (Kingsoft Corporation)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4862608 2016-12-08] (SurfRight B.V.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1124632 2013-08-05] (Trusteer Ltd.)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [Datei ist nicht signiert]
R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-10-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [267520 2016-10-19] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [49584 2016-02-27] ()
R3 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [267088 2016-12-08] (SurfRight B.V.)
R3 hmpnet; C:\Windows\system32\drivers\hmpnet.sys [92200 2016-12-08] (SurfRight B.V.)
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2015-02-11] (Kingsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R1 RapportCerberus_53984; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys [588048 2013-09-15] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [229040 2013-08-05] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [236688 2013-08-05] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [357712 2013-08-05] (Trusteer Ltd.)
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S3 PCDSRVC{1368CD8C-CE20E524-06020200}_0; \??\c:\users\admini~1\appdata\local\temp\tgydwafqwen0\pcdrdiag\bin\pcdsrvc_x64.pkms [X]
S3 PCDSRVC{5368CD8C-1310CEBB-06020200}_0; \??\c:\users\admini~1\appdata\local\temp\eivw8yhzsmrx\pcdrdiag\bin\pcdsrvc_x64.pkms [X]
S3 PCDSRVC{6368CD8C-EC9FAD7B-06020200}_0; \??\c:\users\admini~1\appdata\local\temp\qiaacqnnjqyx\pcdrdiag\bin\pcdsrvc_x64.pkms [X]
S3 PCDSRVC{7368CD8C-9DF107F6-06020200}_0; \??\c:\users\admini~1\appdata\local\temp\9f6m8c_hin_y\pcdrdiag\bin\pcdsrvc_x64.pkms [X]
S3 PCDSRVC{F368CD8C-5C05F0CB-06020200}_0; \??\c:\users\admini~1\appdata\local\temp\po_aijn7wzyg\pcdrdiag\bin\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-04 20:29 - 2017-01-04 20:30 - 00021551 _____ C:\Users\user\Downloads\FRST.txt
2017-01-04 20:24 - 2017-01-04 20:29 - 00000000 ___DC C:\FRST
2017-01-04 20:24 - 2017-01-04 20:24 - 02418176 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2017-01-04 10:32 - 2017-01-04 10:32 - 00127528 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-03 18:58 - 2017-01-03 18:58 - 13165792 _____ (Microsoft Corporation) C:\Users\user\Downloads\Silverlight_x64.exe
2016-12-23 23:25 - 2017-01-03 14:09 - 00000000 ____D C:\Users\user\Documents\Barrie's Beesies
2016-12-16 12:21 - 2016-12-16 12:21 - 00000000 ____D C:\Users\user\Documents\Verkoop land
2016-12-16 12:15 - 2016-12-16 12:15 - 00257464 _____ C:\Users\user\Downloads\T_052_054_02_00.pdf
2016-12-14 17:37 - 2016-12-14 17:37 - 00008329 _____ C:\Users\user\Downloads\Abrechnung_2016_10_0.pdf

==================== Ein Monat: Genderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-04 20:22 - 2016-03-07 16:49 - 00000000 ____D C:\Users\user\AppData\LocalLow\Ghostery
2017-01-04 20:22 - 2009-07-14 05:45 - 00017376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-04 20:22 - 2009-07-14 05:45 - 00017376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-04 20:14 - 2016-06-30 13:37 - 00000396 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2017-01-04 19:59 - 2012-12-07 10:54 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3924468755-1748164157-18051398-1000UA.job
2017-01-04 19:41 - 2015-07-16 17:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-04 10:59 - 2012-12-07 10:54 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3924468755-1748164157-18051398-1000Core.job
2017-01-04 10:39 - 2015-09-14 14:10 - 00000000 ____D C:\Users\user\AppData\Roaming\Thunderbird
2017-01-04 10:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-04 10:17 - 2012-12-02 00:01 - 00000000 ____D C:\ProgramData\MFAData
2017-01-04 10:13 - 2016-02-27 12:46 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2017-01-04 10:13 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-03 21:51 - 2016-09-20 17:57 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-01-03 19:08 - 2015-09-14 14:10 - 00000000 ____D C:\Users\user\AppData\Local\Thunderbird
2017-01-03 19:03 - 2013-03-14 23:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-01-03 19:03 - 2013-03-14 23:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-01-03 19:00 - 2013-03-14 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-01-03 17:47 - 2012-12-11 16:16 - 00000000 ____D C:\Users\user\Documents\Wachtwoorden
2017-01-03 15:34 - 2015-10-28 11:22 - 00000000 ____D C:\Users\user\Documents\Dokumentation fr Barbaras Gert
2016-12-31 11:16 - 2015-06-16 18:40 - 00000000 ____D C:\Windows\system32\catroot2
2016-12-29 10:36 - 2014-09-23 10:01 - 00000000 ____D C:\Users\user\Documents\Werk Gert
2016-12-27 17:11 - 2015-09-26 13:25 - 00000000 ____D C:\Users\user\Documents\Belasting
2016-12-27 17:11 - 2012-11-26 19:28 - 00000000 ___RD C:\Users\user\Documents
2016-12-19 15:28 - 2012-11-26 19:28 - 00000000 ___RD C:\Users\user\Favorites
2016-12-18 10:36 - 2012-12-02 18:26 - 00003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-18 10:36 - 2012-12-02 18:26 - 00003414 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-18 10:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Tasks
2016-12-18 10:36 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)
2016-12-16 19:21 - 2012-07-26 04:35 - 00652708 _____ C:\Windows\system32\perfh007.dat
2016-12-16 19:21 - 2012-07-26 04:35 - 00132864 _____ C:\Windows\system32\perfc007.dat
2016-12-16 19:21 - 2009-07-14 06:13 - 01535350 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-16 19:21 - 2009-07-14 03:36 - 00622860 _____ C:\Windows\system32\perfh009.dat
2016-12-16 19:21 - 2009-07-14 03:36 - 00108886 _____ C:\Windows\system32\perfc009.dat
2016-12-14 16:41 - 2015-07-16 17:10 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 16:41 - 2015-07-16 17:10 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 16:41 - 2015-07-16 17:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-14 16:41 - 2012-12-04 16:55 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-14 16:41 - 2010-12-09 20:23 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-14 16:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64
2016-12-08 16:03 - 2016-02-27 12:46 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2016-12-08 16:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\drivers
2016-12-08 14:07 - 2016-02-27 12:46 - 00903312 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll
2016-12-08 14:07 - 2016-02-27 12:46 - 00834192 _____ (SurfRight B.V.) C:\Windows\SysWOW64\hmpalert.dll
2016-12-08 14:07 - 2016-02-27 12:46 - 00267088 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpalert.sys
2016-12-08 14:07 - 2016-02-27 12:46 - 00092200 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpnet.sys
2016-12-06 12:55 - 2009-07-14 04:20 - 00000000 ___HD C:\ProgramData

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-06-09 09:54 - 2015-06-09 09:54 - 0038467 _____ () C:\Users\user\AppData\Roaming\Door lijstscheidingstekens gescheiden waarden (Windows).ADR
2016-05-24 13:19 - 2016-05-24 13:19 - 0003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-10 12:44 - 2012-12-10 12:44 - 0004096 ____H () C:\Users\user\AppData\Local\keyfile3.drm
2012-12-07 16:56 - 2012-12-07 16:56 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-12-07 16:48 - 2016-06-20 09:39 - 0003420 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix fr Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-06-13 14:33

==================== Ende von FRST.txt ============================

--- Update ---

Zustzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-01-2017
durchgefhrt von user (04-01-2017 20:30:47)
Gestartet von C:\Users\user\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-11-26 18:28:51)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3924468755-1748164157-18051398-500 - Administrator - Disabled)
Gast (S-1-5-21-3924468755-1748164157-18051398-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-3924468755-1748164157-18051398-1002 - Limited - Enabled)
user (S-1-5-21-3924468755-1748164157-18051398-1000 - Administrator - Enabled) => C:\Users\user

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" knnen in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden
ASUS Share Link (HKLM-x32\...\{c3bcc1e3-f950-439c-bcae-f01283e9f2a4}_is1) (Version: 1.0.27.0911 - ASUSTEK)
ATI Catalyst Install Manager (HKLM\...\{8B79B3A9-6E49-5FFB-2017-A822BBDC4992}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
AVG (Version: 16.131.7924 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4749 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.131.7924 - AVG Technologies)
AXIS Media Control Embedded (HKLM-x32\...\AXIS Media Control Embedded) (Version: - )
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
Brother P-touch Software (x32 Version: 1.0.006 - Brother Industries, Ltd. ) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0122.858.16002 - Ihr Firmenname) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Clean Master (HKLM-x32\...\Clean Master) (Version: 1.0 - Cheetah Mobile)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DDBAC (HKLM-x32\...\{F161B4FF-3976-4917-BD27-CA28C95A13AE}) (Version: 5.3.0 - DataDesign)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Free PNG To JPG Converter (HKLM-x32\...\{A2440851-7707-4AE6-86A6-DE4982E902D2}) (Version: 1.0.0 - Free Picture Solutions)
Ghostery (HKLM-x32\...\Ghostery) (Version: - Ghostery Inc)
Google Analytics Opt-out Browser Add-on (HKLM\...\{1C7AF7AC-821B-456B-9698-EB0A11A02252}) (Version: 0.9.6.0 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.6.1.574 - SurfRight B.V.)
HP Deskjet 3070 B611 series - Grundlegende Software fr das Gert (HKLM\...\{B0BF4E84-0EE3-4E47-B90E-27B40348E022}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3070 B611 series Hilfe (HKLM-x32\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKU\S-1-5-21-3924468755-1748164157-18051398-1000\...\HP Photo Creations) (Version: 1.0.0.20912 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel CCF Manager (HKLM-x32\...\{0f3d8dd5-54af-4404-a01c-4967e485a065}) (Version: 3.0.13.2211 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell)
Malwarebytes Anti-Malware versie 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Editie 2003 (HKLM-x32\...\{90110413-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.2.0 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 nl) (HKLM-x32\...\Mozilla Thunderbird 38.5.0 (x86 nl)) (Version: 38.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{357208a4-386b-4c71-b5e8-fa5b068c871d}) (Version: - Nero AG)
OpenOffice 4.1.3 (HKLM-x32\...\{9A20BB10-551A-4D13-AB25-3A67EE3F600C}) (Version: 4.13.9783 - Apache Software Foundation)
Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0915.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Rapport (HKLM-x32\...\Rapport_msi) (Version: 3.5.1208.50 - Trusteer)
Rapport (x32 Version: 3.5.1208.50 - Trusteer) Hidden
Reader for PC (HKLM-x32\...\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}) (Version: 2.4.01.10241 - Sony Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
STCServ (Version: 3.0.0.1783 - Intel Corporation) Hidden
Steuern sparen 2015 (HKLM-x32\...\{0D57A71B-A1E1-40D8-BC17-8F4BD9163ED8}) (Version: 22.00.8811 - Buhl Data Service GmbH)
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{93B49FE1-0C81-479B-986A-D50DDA80E2C6}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
Video Web Camera (HKLM-x32\...\{83299633-1261-47A3-84F3-6F02B4B8CDB1}) (Version: 2.0.6.0 - Liteon)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3007 - Packard Bell)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gertecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0A2C6AED-88B8-41AE-A55F-7DD95F9213E2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3924468755-1748164157-18051398-1000Core => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-07] (Facebook Inc.)
Task: {0DC05E5C-BA95-4AA6-960F-222CFE46D044} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: {2729BB2C-DFDD-4B13-8B7A-132A4E1760E5} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {4CD70B31-D551-4268-9C1E-2BFB78B5D9B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {51C4CDD7-6255-4007-957F-0490D4531DE9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3924468755-1748164157-18051398-1000UA => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-07] (Facebook Inc.)
Task: {66EE66F3-0ED1-4E92-8BCA-AFC81A197853} - System32\Tasks\HP Photo Creations Communicator => C:\Users\user\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-06-27] ()
Task: {6736E359-AAE2-410E-9863-2BCF8DAD48EE} - System32\Tasks\{D79FA406-760B-4AB2-88A2-A0A35AB8F19C} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179.370&amp;LastError=404
Task: {A0CDA82D-7451-47BE-A8BB-55B1F96B2B54} - System32\Tasks\{4FCAB04C-D44D-4339-B9ED-F980647DB652} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179.370&amp;LastError=404
Task: {A5CD7267-6800-478E-AC5D-D763D302F6BA} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
Task: {AF770373-C1E0-4384-A5C3-9E3AB8CB2AF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B08587BC-2DBD-4A97-8810-66BD0D844163} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {C125B850-53EB-462E-A882-3115FAE19D80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E431A8FB-3C16-4F75-ACE1-CF662F2EA9CF} - System32\Tasks\IntelBootstrapCCDashExe => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [2015-03-16] (Intel Corporation)
Task: {F99C5B29-0457-4634-9AFC-DEBCC56D64A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateChoiceProcessTask.job => C:\Windows\System32\browserchoice.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3924468755-1748164157-18051398-1000Core.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3924468755-1748164157-18051398-1000UA.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\user\AppData\Roaming\HP Photo Creations\Communicator.exe

==================== Verknpfungen =============================

(Die Eintrge knnen gelistet werden, um sie zurckzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2010-12-24 16:34 - 2010-12-24 16:34 - 04546896 _____ () C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
2015-03-16 12:19 - 2015-03-16 12:19 - 00053248 _____ () C:\Program Files\Intel\ConnectCenter\bin\de\CCFManager.resources.dll
2015-03-16 12:19 - 2015-03-16 12:19 - 00053248 _____ () C:\Program Files\Intel\ConnectCenter\bin\de\ICCCommon.resources.dll
2015-03-16 11:58 - 2015-03-16 11:58 - 00127200 _____ () C:\Program Files\Intel\ConnectCenter\bin\Interop.STCServLib.dll
2011-06-08 22:49 - 2011-06-08 22:49 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3070_B611.dll
2010-01-07 13:42 - 2010-01-07 13:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-07-25 18:50 - 2012-07-25 18:50 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-08-09 11:51 - 2013-08-09 11:51 - 00557368 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2012-07-26 04:18 - 2009-05-20 23:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-10-24 20:34 - 2014-10-24 20:34 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2014-10-24 20:35 - 2014-10-24 20:35 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2014-10-24 20:35 - 2014-10-24 20:35 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2014-10-24 20:35 - 2014-10-24 20:35 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2014-04-25 20:46 - 2014-04-25 20:46 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2014-10-24 20:35 - 2014-10-24 20:35 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2014-10-24 20:35 - 2014-10-24 20:35 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2014-10-24 20:35 - 2014-10-24 20:35 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2014-10-24 20:35 - 2014-10-24 20:35 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2014-10-24 20:35 - 2014-10-24 20:35 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2014-10-24 20:35 - 2014-10-24 20:35 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2014-10-24 20:35 - 2014-10-24 20:35 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2014-10-24 20:35 - 2014-10-24 20:35 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2014-10-24 20:35 - 2014-10-24 20:35 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2014-10-24 20:35 - 2014-10-24 20:35 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2016-12-02 12:13 - 2016-12-02 12:13 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows\SysWOW64\CN2456322Q05MQ:NW [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurckgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswrdig/Eingeschrnkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-3924468755-1748164157-18051398-1000\...\olb.de -> hxxps://www.olb.de

==================== Hosts Inhalt: ===============================

(Wenn bentigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurckzusetzen.)

2009-07-14 03:34 - 2015-06-16 15:18 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix fr diesen Bereich.)

HKU\S-1-5-21-3924468755-1748164157-18051398-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Eintrge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{2EA391DD-7129-4EC5-9715-81EDAD35642A}] => C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{16BDDFC5-58A8-4117-A048-5CCA1AA09352}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9CF6DF8A-7539-4BD9-B616-6767D662664E}] => svchost.exe
FirewallRules: [{7FC73AD9-1129-402A-9312-9775E40DC85C}] => C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{A60BD433-35B5-44B5-80E6-471FD36AC69D}] => C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{FBCB7F0F-84E2-4224-923E-DF72A783FA04}] => C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{5AF45272-A17E-4687-855C-ED022436E723}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F5756337-710A-4947-9D85-58FBAED1E8C7}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{AEAD60C5-EEFC-464F-8584-E970A1EF6EB3}] => C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{46C2BFA3-3703-48F2-9E5E-2FBDEB90566A}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{3493B8D3-0429-4E5B-9305-4824CF195757}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{BADF25A9-2EE0-4BCB-BD01-58D1E544D345}] => C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{9F42A161-1159-4D69-8A49-3EC37438A65B}] => C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F569AE83-D0D5-43DD-AEE4-5E90B58253B4}] => C:\Users\user\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{58002C6E-2CA5-4B9B-A2A4-469143FA92D0}] => C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{1B12CAB5-55AF-44D3-B27E-2CD72B5F32B5}] => C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{5249177E-15FC-4C30-A542-3CA9D3638E68}] => C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{363419D1-7B4D-477A-BDF6-1AD610066327}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{5F1AEF8D-A6A6-4643-BF33-4200B752ED66}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{23DB1605-8827-4FC8-9725-D7A640A44EE2}] => C:\Program Files (x86)\ASUS\Share Link\ShareLink.exe
FirewallRules: [{AD6758F5-D20E-43C3-8F5A-485E9348B30B}] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\DeviceSetup.exe
FirewallRules: [{294605DC-87D2-453A-B989-0FFC2DB0C876}] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{59BCD730-0C2E-4A6B-9C35-EC4D86859B73}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{DCBA712A-BA0D-480B-82CD-FDBF1F524C7D}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{4252E0DF-EBA4-4032-BF71-4C080D328718}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{1351E6E8-0338-44EE-9C98-09EBA3717620}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{B552BB52-D0CF-4B76-A8FC-8E14340493C9}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{FCD18665-AAD5-4C02-BB2C-C51C86E2EB3E}] => C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Gerte im Gertemanager =============


==================== Fehlereintrge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/04/2017 10:14:41 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren fr WSearchIdxPi fr die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.

Error: (01/04/2017 10:14:28 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsberwachung fr den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geffnet werden konnte. Dies beeintrchtigt lediglich die Verfgbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext: Anwendung, SystemIndex Katalog

Error: (01/04/2017 10:14:25 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsberwachung kann fr den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geffnet werden konnte. Dies beeintrchtigt lediglich die Verfgbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Error: (01/03/2017 07:05:01 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren fr WSearchIdxPi fr die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.

Error: (01/03/2017 07:04:42 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsberwachung fr den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geffnet werden konnte. Dies beeintrchtigt lediglich die Verfgbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext: Anwendung, SystemIndex Katalog

Error: (01/03/2017 07:04:41 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsberwachung kann fr den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geffnet werden konnte. Dies beeintrchtigt lediglich die Verfgbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Error: (01/03/2017 10:46:20 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren fr WSearchIdxPi fr die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.

Error: (01/03/2017 10:46:17 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsberwachung fr den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geffnet werden konnte. Dies beeintrchtigt lediglich die Verfgbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext: Anwendung, SystemIndex Katalog

Error: (01/03/2017 10:46:12 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsberwachung kann fr den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geffnet werden konnte. Dies beeintrchtigt lediglich die Verfgbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Error: (01/02/2017 08:56:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hmpalert.exe, Version: 3.6.1.574, Zeitstempel: 0x583d51ff
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.23418, Zeitstempel: 0x5708a73e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004e6df
ID des fehlerhaften Prozesses: 0x354
Startzeit der fehlerhaften Anwendung: 0x01d264d410aff5a7
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung: 842fd3d7-d125-11e6-9b41-206a8a170ff5


Systemfehler:
=============
Error: (01/04/2017 11:45:06 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (01/04/2017 10:15:17 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

Error: (01/04/2017 10:15:17 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

Error: (01/04/2017 10:14:06 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist fr "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
Zugriff verweigert

Error: (01/04/2017 10:13:53 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (01/03/2017 09:55:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist fr "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
Zugriff verweigert

Error: (01/03/2017 07:05:21 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

Error: (01/03/2017 07:05:21 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

Error: (01/03/2017 07:05:02 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgem gestartet werden, da ein Fehler "0x80070420" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. berprfen Sie, ob der Dienst "UPnPHost" ausgefhrt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (01/03/2017 07:04:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist fr "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
Zugriff verweigert


CodeIntegrity:
===================================
Date: 2013-08-09 12:51:34.529
Description: Die Abbildintegritt der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\RapportKE64.sys" konnte nicht berprft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-08-09 12:51:34.279
Description: Die Abbildintegritt der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\RapportKE64.sys" konnte nicht berprft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 3956.43 MB
Verfgbarer physikalischer RAM: 1735.23 MB
Summe virtueller Speicher: 7911.05 MB
Verfgbarer virtueller Speicher: 5767.5 MB

==================== Laufwerke ================================

Drive c: (Packard Bell) (Fixed) (Total:290.98 GB) (Free:205.24 GB) NTFS
Drive d: (DATA) (Fixed) (Total:291.42 GB) (Free:170.18 GB) NTFS
Drive f: (SAMSUNG) (Fixed) (Total:1396.92 GB) (Free:1349.23 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: A6473D45)
Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=291 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=291.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1397.3 GB) (Disk ID: 89E25BC3)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=0C)

==================== Ende von Addition.txt ============================

Waarschuwing: onderstaande bewerking is enkel voor deze computer bedoeld, het toepassen hiervan in een andere computer kan tot schade in Windows leiden.


We gaan

Farbar Recovery Scan Tool (FRST.exe) opnieuw gebruiken.

Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programmas\Bureau-accessoires\Kladblok (of Notepad)".
Kopieer en plak de volgende (blauwe tekst in het code-venster) in het lege kladblokvenster.


Sla nu dit kladblokbestand in de dezelfde locatie waar ook FRST.exe aanwezig is op als Fixlist.txt

Farbar Recovery Scan Tool (FRST.exe) met de fixlist.txt gebruiken

• Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op FRST.exe en kies voor "Als Administrator uitvoeren".
• Als het programma wordt gestart, klik dan op Ja in de popup.
• Druk op de Fix knop.
• Na de fix wordt een logbestand - Fixlog.txt - in dezelfde locatie aangemaakt van waaruit FRST.exe is gestart.
• Post de inhoud van dit logbestand in jouw volgende bericht.

Hoe plaats ik een foto van een screenshot? Mijn FRST ziet er nl anders uit.

--- Update ---

Hoe plaats ik een foto van een screenshot? Mijn FRST ziet er nl anders uit.

Hoezo zie er anders uit.
De fix moet in Kladblok geopend zijn!

Hoe je een afbeelding post: http://www.nationaalcomputerforum.nl/showthread.php?t=129768

Je moet er voor zorgen dat zowel frst.exe als ook de fix in dezelfde map zitten.
Of dat nu de map Downloads is dan wel de map Bureaublad doet dan niet ter zake.
Zodra het frst.exe wordt opgestart, merkt het de aanwezige fix en wordt de knop Fix geactiveerd.

Sorry, ik ben een enorme muts of digibeet maar ik snap er niets van. Het zit allemaal in een map in de map downloads, bij elkaar.
Snap echt niet hoe ik nu verder moet

Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op FRST.exe klikken en kies dan voor "Als Administrator uitvoeren".

Dit zegt tie;

Farbar Recovery Scan Tool (x64) Version: 01-01-2017
durchgefhrt von user (04-01-2017 22:56:15)
Gestartet von C:\Users\user\Downloads
Start-Modus: Normal

--- Update ---

Dan krijg ik dat ding weer wat hierboven (de foto) staat

We gaan wat anders doen: download OTL.exe

Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
Sluit voordat OTL.exe gaat scannen, eerst alle andere openstaande vensters!

OTL.exe gebruiken:

• • Windows 2000 en Windows XP: dubbelklik op OTL.exe.
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op OTL.exe en kies voor "Als Administrator uitvoeren".

• Zet een vinkje bij Scan All Users, LOP Check en bij PURITY Check.
  
• Kopieer onderstaande in de Code-kader staande tekst en plak deze in het kader onder
  
  
  
  
  Code:

  services.*
  explorer.exe
  svchost.exe
  netsvcs
  msconfig
  PRC - Processes
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90
  %PROGRAMFILES%\*
  CREATERESTOREPOINT

• Klik vervolgens op de knop
  
  .
• Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef.
• De scan zal niet heel erg lang duren.
  • Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: OTL.Txt en Extras.txt.
  • Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.

In geval de inhoud van een van de logs of van beide logs te groot is om te posten, kijk dan hier: Hoe een bijlage toevoegen?

OTL logfile created on: 4-1-2017 23:29:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18376)
Locale: 00000413 | Country: Niederlande | Language: NLD | Date Format: d-M-yyyy

3,86 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 46,11% Memory free
7,73 Gb Paging File | 5,58 Gb Available in Paging File | 72,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290,98 Gb Total Space | 205,19 Gb Free Space | 70,52% Space Free | Partition Type: NTFS
Drive D: | 291,42 Gb Total Space | 170,18 Gb Free Space | 58,40% Space Free | Partition Type: NTFS
Drive F: | 1396,92 Gb Total Space | 1349,23 Gb Free Space | 96,59% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2017-01-04 23:25:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2016-12-08 14:07:50 | 004,862,608 | ---- | M] (SurfRight B.V.) -- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
PRC - [2016-12-06 10:12:34 | 001,519,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
PRC - [2016-10-21 19:02:44 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2016-04-28 14:25:10 | 000,308,336 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2015-03-31 15:56:39 | 000,771,912 | ---- | M] (Kingsoft Corporation) -- c:\Program Files (x86)\cmcm\Clean Master\cmtray.exe
PRC - [2015-03-31 15:56:29 | 000,315,208 | ---- | M] (Kingsoft Corporation) -- c:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
PRC - [2014-10-24 20:35:08 | 000,899,400 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2013-08-05 21:52:20 | 001,124,632 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010-12-24 16:34:06 | 004,546,896 | ---- | M] () -- C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
PRC - [2010-08-11 02:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010-08-11 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010-08-11 02:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010-06-29 00:23:24 | 000,263,936 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010-06-29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010-03-03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010-03-03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010-01-29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010-01-08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2009-10-09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2016-12-02 12:13:27 | 048,920,064 | ---- | M] () -- C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
MOD - [2014-10-24 20:35:28 | 000,178,504 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2014-10-24 20:35:28 | 000,034,632 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2014-10-24 20:35:26 | 000,149,832 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2014-10-24 20:35:22 | 000,015,176 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2014-10-24 20:35:20 | 000,024,904 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2014-10-24 20:35:20 | 000,016,200 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2014-10-24 20:35:18 | 000,040,264 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2014-10-24 20:35:18 | 000,017,224 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2014-10-24 20:35:16 | 000,239,944 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2014-10-24 20:35:16 | 000,026,952 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2014-10-24 20:35:14 | 000,125,256 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2014-10-24 20:35:10 | 000,092,488 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2014-10-24 20:35:10 | 000,018,760 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2014-10-24 20:34:06 | 000,880,640 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2014-04-25 20:46:26 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2010-12-24 16:34:06 | 004,546,896 | ---- | M] () -- C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
MOD - [2010-06-29 00:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2009-05-20 23:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2016-06-10 22:03:14 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015-07-23 01:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2010-01-22 18:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2016-12-15 10:46:18 | 005,337,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Av\avgidsagenta.exe -- (AVGIDSAgent)
SRV - [2016-12-15 10:34:02 | 000,725,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Av\avgwdsvca.exe -- (avgwd)
SRV - [2016-12-15 10:32:54 | 000,971,160 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\Av\avgamps.exe -- (AvgAMPS)
SRV - [2016-12-14 16:41:29 | 000,270,936 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016-12-08 14:07:50 | 004,862,608 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe -- (hmpalertsvc)
SRV - [2016-12-06 10:12:36 | 001,146,128 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe -- (avgsvc)
SRV - [2016-10-21 19:02:44 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2016-09-14 13:51:43 | 000,147,624 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015-06-25 19:09:34 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015-03-31 15:56:29 | 000,315,208 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- c:\program files (x86)\cmcm\Clean Master\cmcore.exe -- (cmcore)
SRV - [2015-03-16 11:59:28 | 008,095,456 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\STCServ\STCServ.exe -- (STCServ)
SRV - [2014-04-25 20:47:16 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2014-04-11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014-03-20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013-08-05 21:52:20 | 001,124,632 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012-07-25 19:04:16 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-08-11 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010-06-29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010-06-11 13:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010-03-03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010-03-03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010-01-29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010-01-15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010-01-08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009-10-09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2007-05-31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007-05-31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2016-12-08 14:07:53 | 000,267,088 | ---- | M] (SurfRight B.V.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hmpalert.sys -- (hmpalert)
DRV:64bit: - [2016-12-08 14:07:53 | 000,092,200 | ---- | M] (SurfRight B.V.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hmpnet.sys -- (hmpnet)
DRV:64bit: - [2016-11-30 08:04:10 | 000,298,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2016-11-04 13:30:06 | 000,312,576 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2016-10-05 15:01:16 | 000,267,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2016-09-26 17:19:22 | 000,254,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2016-07-27 14:24:54 | 000,299,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2016-06-20 14:22:20 | 000,077,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avguniva.sys -- (avguniva)
DRV:64bit: - [2016-06-01 12:16:40 | 000,052,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2016-05-13 06:52:10 | 000,163,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2016-02-27 13:14:45 | 000,049,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2016-02-16 15:05:56 | 000,360,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2015-02-11 18:15:49 | 000,056,680 | ---- | M] (Kingsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksapi64.sys -- (ksapi64)
DRV:64bit: - [2013-08-05 21:52:32 | 000,236,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-05-13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011-05-13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011-05-13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-11 22:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-06-10 21:57:20 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010-06-08 03:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010-05-12 03:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010-03-03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010-01-22 18:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010-01-22 17:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009-09-30 18:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009-09-18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009-09-17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009-06-20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009-06-10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009-06-10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009-05-06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008-06-16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2013-09-15 09:00:45 | 000,588,048 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys -- (RapportCerberus_53984)
DRV - [2013-08-05 21:52:32 | 000,357,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013-08-05 21:52:32 | 000,229,040 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 37 B0 CB 06 D0 CD 01 [binary data]
IE - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_nlDE512
IE - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\..\SearchScopes\{FDA9D706-4B66-4566-A76F-28B8D07FF3AA}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Users\user\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin: C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 38.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 38.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2015-09-14 14:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012-12-07 17:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2015-06-16 15:18:48 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Ghostery Plugin) - {6BF739DD-3323-4C6A-975B-C7E00A50B154} - C:\Program Files (x86)\Ghostery\bin\ghostery64.dll (Ghostery, Inc.)
O2:64bit: - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Programme\Google\Google Analytics Opt-Out\gaoptout_x64.dll (Google, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ghostery Plugin) - {6BF739DD-3323-4C6A-975B-C7E00A50B154} - C:\Program Files (x86)\Ghostery\bin\ghostery.dll (Ghostery, Inc.)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (no name) - {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [IntelConnectCenter] C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AvgUi] C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [cmsc] c:\program files (x86)\cmcm\Clean Master\cmtray.exe (Kingsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Packard Bell\OOBEOffer\OOTag.exe (Microsoft)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3924468755-1748164157-18051398-1000..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3924468755-1748164157-18051398-1000..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Pin It - {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - C:\Program Files (x86)\Pinterest\Pin It\FrameScript.htm ()
O9 - Extra 'Tools' menuitem : &Pin It - {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - C:\Program Files (x86)\Pinterest\Pin It\FrameScript.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3924468755-1748164157-18051398-1000\..Trusted Domains: olb.de ([www] https in Trusted sites)
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1867c/plugin/AXFOAM.CAB (B+S Banksysteme AG DDBAC Plug-In)
O16 - DPF: {34DC66DB-E913-40A1-A2DD-53A1B9E90CAC} https://col0-sec.mail.live.com/mail/resources/MailMigrationTool.cab (Mail Migration)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://nabuworfelden.axiscam.net:8081/activex/AMC.cab (AxisMediaControlEmb Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A25B3F1E-AC1A-4F56-87E0-60301782FF96}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FFED86-F649-40B0-AB31-41C66DBB1EC7}: DhcpNameServer = 10.57.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2017-01-04 23:24:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2017-01-04 20:35:38 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Computer
[2017-01-04 20:24:53 | 000,000,000 | ---D | C] -- C:\FRST
[2016-12-23 23:25:13 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Barrie's Beesies
[2016-12-16 12:21:14 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Verkoop land
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2017-01-04 23:25:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2017-01-04 23:14:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2017-01-04 22:59:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3924468755-1748164157-18051398-1000UA.job
[2017-01-04 22:43:06 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\AVG Protection.lnk
[2017-01-04 22:41:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2017-01-04 21:27:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017-01-04 20:22:09 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017-01-04 20:22:09 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017-01-04 10:59:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3924468755-1748164157-18051398-1000Core.job
[2017-01-04 10:13:31 | 3111,464,960 | -HS- | M] () -- C:\hiberfil.sys
[2016-12-16 19:21:44 | 001,535,350 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016-12-16 19:21:44 | 000,652,708 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2016-12-16 19:21:44 | 000,622,860 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016-12-16 19:21:44 | 000,132,864 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2016-12-16 19:21:44 | 000,108,886 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016-12-14 16:41:26 | 000,802,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016-12-14 16:41:26 | 000,144,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016-12-08 14:07:53 | 000,903,312 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\hmpalert.dll
[2016-12-08 14:07:53 | 000,834,192 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysWow64\hmpalert.dll
[2016-12-08 14:07:53 | 000,267,088 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\drivers\hmpalert.sys
[2016-12-08 14:07:53 | 000,092,200 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\drivers\hmpnet.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2017-01-04 23:05:39 | 002,777,972 | ---- | C] () -- C:\Users\user\Documents\CAL 2015 compleet 16 tm 20.pdf
[2016-05-24 13:19:56 | 000,003,584 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2016-02-08 10:52:25 | 000,000,715 | ---- | C] () -- C:\Windows\wiso.ini
[2015-09-17 08:56:58 | 000,442,437 | ---- | C] () -- C:\Windows\SysWow64\Pajant.dll
[2015-06-16 13:36:10 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-USER-PC-Windows-7-Home-Premium-(64-bit).dat
[2015-06-09 09:54:40 | 000,038,467 | ---- | C] () -- C:\Users\user\AppData\Roaming\Door lijstscheidingstekens gescheiden waarden (Windows).ADR
[2012-12-10 13:36:49 | 000,001,293 | ---- | C] () -- C:\Users\user\intlname.ols
[2012-12-10 12:44:36 | 000,004,096 | -H-- | C] () -- C:\Users\user\AppData\Local\keyfile3.drm
[2012-12-07 16:56:24 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

========== ZeroAccess Check ==========

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016-01-22 07:19:58 | 014,179,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016-01-22 07:05:58 | 012,877,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012-12-09 17:52:55 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012-12-09 17:52:55 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012-12-09 17:52:55 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\TuneUp Software
[2016-08-09 09:10:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG
[2016-02-08 10:53:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service
[2013-01-08 12:15:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataDesign
[2015-05-28 07:57:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DriverCure
[2015-04-05 18:06:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Fighters
[2014-12-22 22:40:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Free Picture Solutions
[2014-12-22 22:43:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FreeImageConverter
[2016-05-24 13:52:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HandBrake
[2016-05-24 13:47:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HandBrake Team
[2015-02-03 00:11:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IrfanView
[2012-12-17 20:45:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MusicNet
[2015-03-17 21:33:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice
[2012-12-07 10:58:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2012-12-03 17:13:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Packard Bell
[2015-05-28 07:57:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ParetoLogic
[2013-10-25 10:38:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
[2014-09-30 20:01:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SNS
[2014-09-02 20:48:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client
[2017-01-04 10:39:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird
[2012-12-01 23:49:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP
[2013-09-24 13:58:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2016-06-30 13:37:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Visan
[2013-09-24 21:38:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Custom Scans ==========

< services.* >
[2009-07-14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009-07-14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012-12-02 14:46:04 | 000,000,214 | ---- | C] () -- C:\Windows\Tasks\CreateChoiceProcessTask.job
[2012-12-07 10:54:00 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3924468755-1748164157-18051398-1000Core.job
[2012-12-07 10:54:00 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3924468755-1748164157-18051398-1000UA.job
[2015-07-16 17:10:19 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2016-06-30 13:37:15 | 000,000,396 | ---- | C] () -- C:\Windows\Tasks\HP Photo Creations Communicator.job

< explorer.exe >

< svchost.exe >

< PRC - Processes >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2016-06-10 18:58:53 | 013,806,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %PROGRAMFILES%\* >
[2009-07-14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< End of report >

--- Update ---

OTL Extras logfile created on: 4-1-2017 23:29:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18376)
Locale: 00000413 | Country: Niederlande | Language: NLD | Date Format: d-M-yyyy

3,86 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 46,11% Memory free
7,73 Gb Paging File | 5,58 Gb Available in Paging File | 72,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290,98 Gb Total Space | 205,19 Gb Free Space | 70,52% Space Free | Partition Type: NTFS
Drive D: | 291,42 Gb Total Space | 170,18 Gb Free Space | 58,40% Space Free | Partition Type: NTFS
Drive F: | 1396,92 Gb Total Space | 1349,23 Gb Free Space | 96,59% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0473A450-D548-4F38-BE4C-77665EEE8EE9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08394C1F-6219-4FA6-ACD6-A8E21A006FF7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0E4EA1A5-0E4C-47C9-96A2-A303E2ED2FF5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{19A0B88E-463B-413E-A28C-8912168A9F62}" = lport=445 | protocol=6 | dir=in | app=system |
"{1B12CAB5-55AF-44D3-B27E-2CD72B5F32B5}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\intel\stcserv\stcserv.exe |
"{1F2AD116-E953-4810-9524-A9E7CB3990DB}" = lport=139 | protocol=6 | dir=in | app=system |
"{2BE6E857-0D30-4E63-882F-31279D0D2A91}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2F3E690F-1AD0-42F1-9085-ACB667DFAA0F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E196A39-6203-42FA-8564-C079F7454107}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44D35B81-EB71-4431-9A9E-8B2FA40C167F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{476B024D-A269-4E54-8A46-54C0EC064229}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4ECD910F-944D-4922-A5AB-3510DC33C3EE}" = lport=137 | protocol=17 | dir=in | app=system |
"{5249177E-15FC-4C30-A542-3CA9D3638E68}" = lport=57007 | protocol=6 | dir=in | app=c:\program files\intel\stcserv\stcserv.exe |
"{58319057-7009-4D33-BAEA-F095A7B43398}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64752415-044A-47F9-957A-5AAB3A3A03D0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{650C086F-B762-4DB5-86F4-FA7D55DF3477}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7251978E-D834-4F70-8798-8FEF7AABD84A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7787ECEC-6854-41B9-A2FC-1910B0AA7625}" = lport=138 | protocol=17 | dir=in | app=system |
"{7FC015B4-06DF-4CB9-B1B4-DA867A181845}" = rport=139 | protocol=6 | dir=out | app=system |
"{82D22E2E-5F2D-4DF9-B853-923887B4A96D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B63E36A-9255-4500-8C7A-56B639A44847}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CF6DF8A-7539-4BD9-B616-6767D662664E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AC2CC524-5054-477F-8689-FE2D06E2CDF3}" = rport=445 | protocol=6 | dir=out | app=system |
"{AECE7FE5-8772-402D-BFBA-07060B63896F}" = rport=137 | protocol=17 | dir=out | app=system |
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9262A90-C7A6-4273-8373-9F2E467D8F1C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E341871E-1858-43A5-8D30-A7E3CB6B932B}" = rport=138 | protocol=17 | dir=out | app=system |
"{E4EC04E9-B1E8-476A-8073-7E03A1E220A1}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1351E6E8-0338-44EE-9C98-09EBA3717620}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\av\avgnsa.exe |
"{16BDDFC5-58A8-4117-A048-5CCA1AA09352}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1F5E4B91-7842-4FA4-B441-644E3C8AB7C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{213706B8-79FE-4683-AABC-500AFC906121}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23DB1605-8827-4FC8-9725-D7A640A44EE2}" = dir=in | app=c:\program files (x86)\asus\share link\sharelink.exe |
"{294605DC-87D2-453A-B989-0FFC2DB0C876}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe |
"{2EA391DD-7129-4EC5-9715-81EDAD35642A}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{3493B8D3-0429-4E5B-9305-4824CF195757}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{349A8CE1-14A8-4A9C-BE23-BEEF947C0ACB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{363419D1-7B4D-477A-BDF6-1AD610066327}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{4252E0DF-EBA4-4032-BF71-4C080D328718}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\av\avgnsa.exe |
"{467F0637-E549-4249-931A-7CC2FAD89B6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46C2BFA3-3703-48F2-9E5E-2FBDEB90566A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{4A5A93E9-17AF-4508-801D-F24ED3178476}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4C31917C-CD60-4E8B-8DED-EAC98179E177}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{58002C6E-2CA5-4B9B-A2A4-469143FA92D0}" = dir=in | app=c:\program files\intel\stcserv\stcserv.exe |
"{58C90173-4E6E-4F98-AA22-FAC457BCAD6C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{59BCD730-0C2E-4A6B-9C35-EC4D86859B73}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\av\avgmfapx.exe |
"{5AF45272-A17E-4687-855C-ED022436E723}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5E6147D7-BEF7-439A-AA1C-681324E92AEE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5F1AEF8D-A6A6-4643-BF33-4200B752ED66}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{63F9E3A3-D1F3-4141-AEF2-C1B94BE82AA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{71919A6F-9A4A-48F1-8F3D-B80645E9C901}" = protocol=6 | dir=out | app=system |
"{756D6AEF-7276-4A35-8E7E-0EE2DCF3B950}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{794329A2-D2F6-4A73-8F95-7C1BFE787BC8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7FC73AD9-1129-402A-9312-9775E40DC85C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{84D701AA-C246-4EBE-A59B-FCA8C69B3B18}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{88D4D351-57C6-42CB-B83D-11B2C65C6751}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9A883ABB-2C7C-4EA6-9688-4481B55E45D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D6FE4BF-2511-4C2A-A12B-703962F16BA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F42A161-1159-4D69-8A49-3EC37438A65B}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A68A5CB3-1C51-4EB7-8CCE-73111BCD494F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD6758F5-D20E-43C3-8F5A-485E9348B30B}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe |
"{AEAD60C5-EEFC-464F-8584-E970A1EF6EB3}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{B552BB52-D0CF-4B76-A8FC-8E14340493C9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\av\avgemca.exe |
"{BADF25A9-2EE0-4BCB-BD01-58D1E544D345}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{BE06D013-C3C5-4FE8-B0C4-CC5A0AE92B8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0062B84-5284-446B-A842-874BBEE4BC0B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C43AB981-CBAA-45E6-BAA5-E1F55D07547C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C87F6CA5-AA04-4FC1-B91F-5642DC48BA4E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D30D3D52-9FCE-4D3F-B90E-64D29E545E40}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DCBA712A-BA0D-480B-82CD-FDBF1F524C7D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\av\avgmfapx.exe |
"{E940AC0C-681A-47F2-88B2-38B1CBF8A355}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F125EE9F-1E18-4746-88B3-DF697DC312F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F569AE83-D0D5-43DD-AEE4-5E90B58253B4}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{F5756337-710A-4947-9D85-58FBAED1E8C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{FCD18665-AAD5-4C02-BB2C-C51C86E2EB3E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\av\avgemca.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1C7AF7AC-821B-456B-9698-EB0A11A02252}" = Google Analytics Opt-out Browser Add-on
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1DB0C90B-2A9F-3A1E-B1DF-616C5A2A1417}" = Microsoft .NET Framework 4.5.2 (DEU)
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{32218623-385A-439D-932A-F03EDE611D5F}" = AVG 2016
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gertecenter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B79B3A9-6E49-5FFB-2017-A822BBDC4992}" = ATI Catalyst Install Manager
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.2 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{93B49FE1-0C81-479B-986A-D50DDA80E2C6}" = Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{A954D353-9DAF-4916-8E71-F1E959EBCD1E}" = STCServ
"{B0B97CF2-5032-A645-7FFC-BD1E39FC4E3F}" = ccc-utility64
"{B0BF4E84-0EE3-4E47-B90E-27B40348E022}" = HP Deskjet 3070 B611 series - Grundlegende Software fr das Gert
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{DC2A8E3D-D5E1-4837-A2E0-C308100AC412}" = FMW 1
"{DFD2C0B0-664C-4383-B348-2F531462EBAD}" = Intel CCF Manager
"{E454B833-2CF1-45A2-91FD-AC0664AB4CD0}" = AVG
"AVG" = AVG Protection
"HitmanPro.Alert" = HitmanPro.Alert 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A414EA-0E5F-CD08-61EF-E155F31DFF76}" = Catalyst Control Center Graphics Previews Vista
"{08938019-97FA-1C7A-19E0-0C8D56ED7CB2}" = CCC Help Hungarian
"{0A4D717B-E6E8-11FA-E7D2-385EBB1A4A85}" = CCC Help Japanese
"{0D57A71B-A1E1-40D8-BC17-8F4BD9163ED8}" = Steuern sparen 2015
"{0f3d8dd5-54af-4404-a01c-4967e485a065}" = Intel CCF Manager
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{13BA5548-1065-4DBE-B115-681AFB77263B}" = CCC Help Swedish
"{16890D7F-1C77-733B-D8E4-F5D4315A5F93}" = Catalyst Control Center Localization All
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CBDB473-E303-EFAE-88D1-6F741ACD5B31}" = CCC Help Czech
"{1D8912B0-343C-EB1F-28EE-B672D444C192}" = Catalyst Control Center InstallProxy
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype 7.7
"{26A24AE4-039D-4CA4-87B4-2F32180111F0}" = Java 8 Update 111
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2C59BF0E-66A5-681E-60FE-8D18CE6319A1}" = CCC Help German
"{2C9D4FCA-3E7F-9368-6955-EA6D65F7DC78}" = CCC Help English
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31B9D218-FED2-4C6C-B19F-7294FFC130B0}" = Adobe AIR
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{357208a4-386b-4c71-b5e8-fa5b068c871d}" = Nero 9 Essentials
"{3788B9B7-C15F-4C64-D52B-3DD1BA494B7A}" = CCC Help Korean
"{3D200EB9-44FC-432F-1E35-C20AB5FDCD77}" = CCC Help Thai
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{44D52071-5077-2839-1AE6-863563AEA269}" = CCC Help Russian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BCBC4D0-1D88-462D-809E-506F34EA11C0}" = Catalyst Control Center - Branding
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4fcf070a-daac-45e9-a8b0-6850941f7ed8}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83299633-1261-47A3-84F3-6F02B4B8CDB1}" = Video Web Camera
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}" = Skype Click to Call
"{87976D85-DBF6-F263-39B6-500ACB658CE0}" = Catalyst Control Center Graphics Full Existing
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90849E84-F026-4638-A184-E6FCFD472C34}" = Brother P-touch Software
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A20BB10-551A-4D13-AB25-3A67EE3F600C}" = OpenOffice 4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBB29A1-C71D-DD1D-66B1-352AAAB13FC6}" = CCC Help Danish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{9F4D1D9E-5542-B572-81A7-9DCB0AEED1BE}" = CCC Help French
"{A2440851-7707-4AE6-86A6-DE4982E902D2}" = Free PNG To JPG Converter
"{A3EF3FAD-6ABA-1551-AD3B-D09361C5EEC9}" = CCC Help Polish
"{A73FBC00-44F8-0ECF-76FB-14CF62120B55}" = ccc-core-static
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AACEAAE9-9CC3-5715-4539-EB13CA3C67BA}" = CCC Help Spanish
"{AC76BA86-0804-1033-1959-001824205020}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1043-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Nederlands
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2463AD3-1334-A30E-A523-D38E8E7B09A2}" = CCC Help Dutch
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BA2AD7F2-55AE-87B5-00DD-9B0C6F087FD0}" = Catalyst Control Center Graphics Light
"{BC940CD7-FC71-83C5-2001-CF6FD07BA3D1}" = CCC Help Chinese Traditional
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BF847A60-119D-6888-B2DA-EC62F1B66BBB}" = CCC Help Chinese Standard
"{c3bcc1e3-f950-439c-bcae-f01283e9f2a4}_is1" = ASUS Share Link
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C97396A9-44BC-C856-0B92-93A6A417D6A8}" = Catalyst Control Center Graphics Full New
"{CA10114E-3941-E8ED-70A3-17CAA2226AFC}" = CCC Help Turkish
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CAB89605-7C12-8082-32DF-B419C696BD12}" = Catalyst Control Center Core Implementation
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D279DFB7-97A3-439D-8BE9-95D8AFA68562}" = Reader for PC
"{D98C2191-0AE0-4087-9153-018A4810DF45}" = CCC Help Norwegian
"{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"{DF7D3C5E-87FC-6AE6-D986-35E0F05FEFD9}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EBA8538C-F0B1-A089-D555-44DBF3A47C9F}" = CCC Help Finnish
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F161B4FF-3976-4917-BD27-CA28C95A13AE}" = DDBAC
"{F22E305E-BD02-5CC1-92D0-BD7170CDFE45}" = CCC Help Portuguese
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FD4B3108-0915-31E1-5A7C-AC5B3C33846C}" = CCC Help Greek
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 24 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Clean Master" = Clean Master
"Digital Editions" = Adobe Digital Editions
"Ghostery" = Ghostery
"HandBrake" = HandBrake 0.10.5
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware versie 2.2.0.1024
"Mozilla Thunderbird 38.5.0 (x86 nl)" = Mozilla Thunderbird 38.5.0 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"Picasa 3" = Picasa 3
"Pin It_is1" = Pin It
"Rapport_msi" = Rapport
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WT088216" = Agatha Christie - Death on the Nile
"WT088226" = Bejeweled 2 Deluxe
"WT088228" = Build-a-lot 2
"WT088235" = Chuzzle Deluxe
"WT088238" = Diner Dash 2 Restaurant Rescue
"WT088260" = Farm Frenzy
"WT088268" = Insaniquarium Deluxe
"WT088269" = Jewel Quest Solitaire 2
"WT088283" = Plants vs. Zombies
"WT088292" = Zuma Deluxe
"WT088416" = FATE
"WT088420" = Final Drive Nitro
"WT088448" = John Deere Drive Green
"WT088452" = Penguins!
"WT088456" = Polar Bowler
"WT088460" = Polar Golfer
"WT088508" = Virtual Villagers 4 - The Tree of Life
"WT088531" = Zuma's Revenge

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3924468755-1748164157-18051398-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HP Photo Creations" = HP Photo Creations

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2-1-2017 15:56:15 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hmpalert.exe, Version: 3.6.1.574,
Zeitstempel: 0x583d51ff Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.23418,
Zeitstempel: 0x5708a73e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004e6df ID des fehlerhaften
Prozesses: 0x354 Startzeit der fehlerhaften Anwendung: 0x01d264d410aff5a7 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 842fd3d7-d125-11e6-9b41-206a8a170ff5

Error - 3-1-2017 5:46:12 | Computer Name = user-PC | Source = Windows Search Service | ID = 3006
Description =

Error - 3-1-2017 5:46:17 | Computer Name = user-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 3-1-2017 5:46:20 | Computer Name = user-PC | Source = Windows Search Service | ID = 10021
Description =

Error - 3-1-2017 14:04:41 | Computer Name = user-PC | Source = Windows Search Service | ID = 3006
Description =

Error - 3-1-2017 14:04:42 | Computer Name = user-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 3-1-2017 14:05:01 | Computer Name = user-PC | Source = Windows Search Service | ID = 10021
Description =

Error - 4-1-2017 5:14:25 | Computer Name = user-PC | Source = Windows Search Service | ID = 3006
Description =

Error - 4-1-2017 5:14:28 | Computer Name = user-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 4-1-2017 5:14:41 | Computer Name = user-PC | Source = Windows Search Service | ID = 10021
Description =

[ System Events ]
Error - 3-1-2017 14:04:36 | Computer Name = user-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist fr "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 3-1-2017 14:05:02 | Computer Name = user-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 3-1-2017 14:05:21 | Computer Name = user-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.

Error - 3-1-2017 14:05:21 | Computer Name = user-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.

Error - 3-1-2017 16:55:51 | Computer Name = user-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist fr "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 4-1-2017 5:13:53 | Computer Name = user-PC | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
nicht als Mitglied einer Domne. Der Anmeldedienst braucht bei dieser Konfiguration
nicht gestartet zu sein.

Error - 4-1-2017 5:14:06 | Computer Name = user-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist fr "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 4-1-2017 5:15:17 | Computer Name = user-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.

Error - 4-1-2017 5:15:17 | Computer Name = user-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.

Error - 4-1-2017 6:45:06 | Computer Name = user-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 20.


< End of report >

--- Update ---

Ik moet nu helaas naar bed. Kunnen we morgen verdergaan?

Sluit voordat

OTL de fix gaat doen, eerst alle andere openstaande vensters!

• Windows 2000 en Windows XP: dubbelklik op OTL.exe.
• Windows Vista, Windows 7 en Windows 8: via rechtsklik op OTL.exe en kies voor "Als Administrator uitvoeren".
  [*]Kopieer onderstaande in de Code-kader staande tekst en plak deze in het venster onder
  

• Klik daarna bovenaan op
  
• Laat het programma ongestoord zijn werk doen.
• OTL zal na de scan melden dat de PC opnieuw opgestart gaat worden. Sta dat dus toe.
• Klik op OK
• Na het opnieuw opstarten wordt enkel een nieuw log geopend.
• Post via kopiren en plakken de inhoud van dat OTL-scanlog.

Goedemorgen........hoe gaan we verder?

Kijk naar het voorgaande bericht!

Er is een probleem!!!! Ik kan niet verder want alles zit op slot. Geen internet.....Er komt een slotje in beeld en er staat dat er geen windows systeem kan gebruikt worden tenzij ik de administrator ben enz enz. Ben blij dat ik een tablet heb want ik kan nu niet verder. Het zal echt in Jip en Janneke taal moeten want ik heb verder niemand die me kan helpen.

Start de computer opnieuw op.

Es konnte keine Verbindung mit einem Windows-Dienst hergestellt. Es konnte keine Verbindung mit dem Dienst " Benachrichtigungsdienst fr Systeemereignisse" hergestellt werden. Daher knnen sich Standardbenutzer nicht am Systeem anmelden. Wenn Sie Administrator sind, finden Sie weitere Details zu diesem fehler im Systemere

Ik hoop dat je het begrijpt maar dat vermeld de computer.

Dan is er vermoedelijk ondertussen het nodige aan malware erbij gekomen.
Anders kan ik het ook niet verklaren.
Jouw Windows is min of gecorrumpeerd.

Een vraag - waarom heb je voor een Duitse versie gekozen?