Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 13.01.2015, 11:01   #16
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen - Standard

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen



http://www.trojaner-board.de/100776-...-download.html
Dann so. Denn wir müssen ein Inplace Upgrade machen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.01.2015, 21:11   #17
schuemli
 
Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen - Standard

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen



Habe nun die Windows 7 "home" edition auf einen bootbaren Stick geladen (habe auch darauf geachtet, dass ich in der Datei ei.cfg den Versionstyp gelöscht habe).
Was meinst Du mit "Inplace Upgrade"? Wie soll ich nun genau vorgehen?
__________________


Alt 19.01.2015, 10:55   #18
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen - Standard

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen



schau mal hier:

Reparaturinstallation / Inplace-Upgrade (Windows 7/8) - Microsoft Community
__________________
__________________

Alt 22.01.2015, 23:04   #19
schuemli
 
Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen - Standard

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen



Ich habe die Reparaturinstallation durchgeführt. Es läuft wieder normal (also keine Meldung von wegen "keine Rückmeldung" beim öffnen einer Anwendung). Ob's das nun war, werde ich beobachten.
Einzig Chrome dauert immer noch recht lange bis er startet. Und da kommt auch nach wie vor "keine Rückmeldung". Wenn man abwartet startet der Browser dann recht verzögert.
Der IE startet hingegen recht zügig. Ich dachte Chrome sollte deutlich schneller laufen als der IE. Also wenn Du in diesem Zusammenhang noch eine Idee hast? Ansonsten lasse ich das Thema einfach ruhen und werde bis auf weiteres eben mit dem IE surfen.
Bis hierhin schon mal besten Dank für Deine Hilfe.

Gruss
Schümli

Alt 23.01.2015, 12:34   #20
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen - Standard

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen



Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de



Poste dann bitte nochmal frische FRST Logs.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.01.2015, 22:04   #21
schuemli
 
Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen - Standard

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen



Habe Chrome wie beschrieben deinstalliert und wieder neu installiert. Startet merklich schneller. Aber irgendwie bin ich nicht sicher, ob's das sein kann. Habe immer noch das Gefühl der IE läuft schneller. Über alles betrachtet, hat sich der bisherige Aufwand schon gelohnt. Die "Kiste" läuft auf jedenfall spürbar schneller.

Folgend noch die neuen FRST Logs sowie das GMER Log:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by **** (administrator) on ****-BOOKLET on 25-01-2015 20:37:03
Running from C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK8PFYBX
Loaded Profiles: **** (Available profiles: **** & Administrator)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\HDPSrv.exe
() C:\Windows\System32\prldrsrv.exe
(Option International) C:\Program Files\Option\RoamingHelperSetup\RoamingHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(COMPAL ELECTRONIC INC.) C:\Program Files\HotKey\CeEKey.exe
(Nokia) C:\Program Files\Power Management\NpwrMngr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
() C:\Windows\System32\HDPSrv.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files\Nokia\Nokia Social Hub\Hub.exe
(Google Inc.) C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Program Files\Dynamo Combo\updateDynamoCombo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK8PFYBX\FRST[1].exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxExt] => C:\Windows\system32\IgfxExt.exe [174616 2010-04-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-09] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-01-19] (AVAST Software)
HKLM\...\Run: [CeEKEY] => C:\Program Files\HotKey\CeEKey.exe [1607024 2010-04-06] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [504160 2009-09-10] (CSR, plc)
HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [346464 2009-09-10] (CSR, plc)
HKLM\...\Run: [HDPSrv] => C:\Windows\system32\HDPSrv.exe [180224 2009-12-24] ()
HKLM\...\Run: [NokiaMServer] => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [NpwrMngr] => C:\Program Files\Power Management\NpwrMngr.exe [488816 2009-12-23] (Nokia)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [Nokia Social Hub] => C:\Program Files\Nokia\Nokia Social Hub\Hub.exe [4941824 2010-04-21] (Nokia)
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [Google Update] => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-01-23] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {AE73E60E-7A33-4039-853E-8C1CC06B3AD3} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_15_04_ie&cd=2XzuyEtN2Y1L1QzutDyCtBtAtDzz0F0DyE0F0C0EyD0E0DtCtN0D0Tzu0StCtCtCzztN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0A0AyCyCyC0C0DtGtAtCyCyEtG0C0BtAyEtGtC0AtC0AtGyCtDzzyEzzzytA0B0CyCyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0AtCtC0A0CzztG0DtAyCyDtGyE0FtCyCtGzy0B0BtAtGzz0EyEtC0Bzy0BzyyCyDyEyD2Q&cr=1982145653&ir=
SearchScopes: HKLM -> {AE73E60E-7A33-4039-853E-8C1CC06B3AD3} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_15_04_ie&cd=2XzuyEtN2Y1L1QzutDyCtBtAtDzz0F0DyE0F0C0EyD0E0DtCtN0D0Tzu0StCtCtCzztN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0A0AyCyCyC0C0DtGtAtCyCyEtG0C0BtAyEtGtC0AtC0AtGyCtDzzyEzzzytA0B0CyCyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0AtCtC0A0CzztG0DtAyCyDtGyE0FtCyCtGzy0B0BtAtGzz0EyEtC0Bzy0BzyyCyDyEyD2Q&cr=1982145653&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=NKATDF&pc=MANK&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> DefaultScope {AE73E60E-7A33-4039-853E-8C1CC06B3AD3} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_15_04_ie&cd=2XzuyEtN2Y1L1QzutDyCtBtAtDzz0F0DyE0F0C0EyD0E0DtCtN0D0Tzu0StCtCtCzztN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0A0AyCyCyC0C0DtGtAtCyCyEtG0C0BtAyEtGtC0AtC0AtGyCtDzzyEzzzytA0B0CyCyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0AtCtC0A0CzztG0DtAyCyDtGyE0FtCyCtGzy0B0BtAtGzz0EyEtC0Bzy0BzyyCyDyEyD2Q&cr=1982145653&ir=
SearchScopes: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> {1E76C71F-7D78-479B-851F-FDB67A02DF0E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=09262C0A-E6C8-4FCC-985F-D25815830C04&apn_sauid=FA9946E4-5D5B-48B2-A800-862B4792EED4
SearchScopes: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> {AE73E60E-7A33-4039-853E-8C1CC06B3AD3} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_15_04_ie&cd=2XzuyEtN2Y1L1QzutDyCtBtAtDzz0F0DyE0F0C0EyD0E0DtCtN0D0Tzu0StCtCtCzztN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0A0AyCyCyC0C0DtGtAtCyCyEtG0C0BtAyEtGtC0AtC0AtGyCtDzzyEzzzytA0B0CyCyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0AtCtC0A0CzztG0DtAyCyDtGyE0FtCyCtGzy0B0BtAtGzz0EyEtC0Bzy0BzyyCyDyEyD2Q&cr=1982145653&ir=
SearchScopes: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Dynamo Combo 1.0.0.6 -> {986c37a1-7b65-476f-80dc-54f80bd4b0d6} -> C:\Program Files\Dynamo Combo\DynamoCombobho.dll (Dynamo Combo)
Toolbar: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AA132380-4875-4E1D-99ED-7B7AC0780F88}: [NameServer] 195.186.216.33 195.186.152.33

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.bluewin.ch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3075977200-4285461987-214124539-1000: @tools.google.com/Google Update;version=3 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3075977200-4285461987-214124539-1000: @tools.google.com/Google Update;version=9 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\searchplugins\askcom.xml
FF Extension: Stealthy - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\Extensions\stealthyextension@gmail.com.xpi [2011-05-19]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-07-01]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2010-07-01]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\****\AppData\Local\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\****\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\****\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Google Update) - C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_287.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-23]
CHR Extension: (Google Drive) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-23]
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-23]
CHR Extension: (Google-Suche) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-23]
CHR Extension: (Dynamo Combo) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dieadkaemlcjcmcnmahinmeejohpipnl [2015-01-25]
CHR Extension: (Avast Online Security) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-23]
CHR Extension: (Google Mail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-23]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-01-01]
StartMenuInternet: Google Chrome.ENT2PAEKF5UFKJNFFNKFI6MGBA - C:\Users\****\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2015-01-01] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-01] (Avast Software)
R2 HDPSrv; C:\WINDOWS\system32\HDPSrv.exe [180224 2009-12-24] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 PrLdrSrv; C:\Windows\system32\PrLdrSrv.exe [11776 2010-04-23] () [File not signed]
R2 RoamingHelper; C:\Program Files\Option\RoamingHelperSetup\RoamingHelper.exe [19968 2010-04-02] (Option International) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
R2 Update Dynamo Combo; C:\Program Files\Dynamo Combo\updateDynamoCombo.exe [632568 2015-01-23] ()
S2 Util Dynamo Combo; C:\Program Files\Dynamo Combo\bin\utilDynamoCombo.exe [681208 2015-01-25] ()
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [111488 2009-09-10] (CSR, plc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-01] ()
R0 EMSC; C:\Windows\System32\DRIVERS\EvMngr.SYS [19824 2009-06-25] ()
R3 GTNDIS62; C:\Windows\System32\DRIVERS\Gtuhs62.sys [159744 2010-04-13] (Option N.V.)
R3 GTUHSBUS; C:\Windows\System32\DRIVERS\gtuhsbus.sys [151552 2010-03-12] (Option N.V.)
R3 GTUHSSER; C:\Windows\System32\DRIVERS\gtuhsser.sys [8064 2010-02-26] (Option N.V.)
R0 HDFilter; C:\Windows\System32\DRIVERS\HDFilter.sys [20848 2009-07-04] (COMPAL ELECTRONIC INC.)
R3 igd; C:\Windows\System32\DRIVERS\igdkmd32.sys [647904 2010-03-26] (Intel Corporation)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-03] (COMPAL ELECTRONIC INC.)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [14848 2012-08-23] (Microsoft Corporation) [File not signed]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [584872 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [197800 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [24232 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [20136 2013-06-26] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [218192 2015-01-01] (Avast Software)
R1 {16a92140-918d-4afb-9edb-46f22437bb10}Gw; C:\Windows\System32\drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw.sys [43160 2015-01-25] (StdLib)
R1 {915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw; C:\Windows\System32\drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw.sys [43160 2015-01-23] (StdLib)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 20:33 - 2015-01-25 20:34 - 00000472 _____ () C:\Users\****\Desktop\defogger_disable.log
2015-01-25 19:59 - 2015-01-25 05:44 - 00043160 _____ (StdLib) C:\Windows\system32\Drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw.sys
2015-01-23 21:30 - 2015-01-23 01:41 - 00043160 _____ (StdLib) C:\Windows\system32\Drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw.sys
2015-01-23 21:10 - 2015-01-23 21:10 - 00000000 ____D () C:\Users\****\Documents\PC Speed Maximizer
2015-01-23 21:09 - 2015-01-23 21:09 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-23 21:08 - 2015-01-25 20:19 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA.job
2015-01-23 21:08 - 2015-01-25 19:58 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core.job
2015-01-23 21:07 - 2015-01-23 21:12 - 00000000 ____D () C:\Users\****\AppData\Local\500950
2015-01-23 21:07 - 2015-01-23 21:07 - 35763832 _____ (Google Inc.) C:\Users\****\Downloads\google-chrome.exe
2015-01-23 21:05 - 2015-01-25 19:58 - 00000000 ____D () C:\Program Files\Dynamo Combo
2015-01-23 20:45 - 2015-01-23 20:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-22 22:32 - 2015-01-22 22:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple
2015-01-22 22:31 - 2015-01-22 22:31 - 00001419 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-22 22:30 - 2015-01-22 22:30 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2015-01-22 22:16 - 2015-01-22 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2015-01-22 22:16 - 2015-01-22 22:16 - 00002483 _____ () C:\Users\Public\Desktop\Bonjour Printer Wizard.lnk
2015-01-22 22:15 - 2015-01-22 22:31 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2015-01-22 22:14 - 2015-01-22 22:29 - 00000000 ____D () C:\Users\****\AppData\Local\Apple
2015-01-22 22:14 - 2015-01-22 22:14 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-22 22:14 - 2015-01-22 22:14 - 00000000 ____D () C:\Program Files\Apple Software Update
2015-01-22 22:13 - 2015-01-22 22:13 - 00000000 ____D () C:\ProgramData\Apple
2015-01-22 22:13 - 2015-01-22 22:13 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-22 22:01 - 2015-01-22 22:02 - 05436744 _____ (Apple Inc.) C:\Users\****\Downloads\BonjourPS202Setup.exe
2015-01-22 20:28 - 2015-01-22 20:28 - 00000000 _____ () C:\ProgramData\HDPSetting.ini
2015-01-20 02:17 - 2015-01-20 02:17 - 00001419 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 02:15 - 2015-01-20 02:15 - 00000020 ___SH () C:\Users\****\ntuser.ini
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 __SHD () C:\Recovery
2015-01-20 02:05 - 2015-01-25 19:58 - 00029598 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 01:50 - 2015-01-20 01:50 - 00021532 _____ () C:\Windows\system32\emptyregdb.dat
2015-01-20 01:41 - 2015-01-20 01:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\AVAST Software
2015-01-20 01:41 - 2015-01-20 01:41 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-20 01:41 - 2015-01-20 01:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\AVAST Software
2015-01-20 01:41 - 2015-01-20 01:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-20 01:06 - 2015-01-22 22:30 - 00000000 ____D () C:\Users\Administrator
2015-01-20 01:06 - 2015-01-20 02:15 - 00000000 ____D () C:\Users\****
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Startmenü
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Netzwerkumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Druckumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Documents\Eigene Musik
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Documents\Eigene Bilder
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\AppData\Local\Verlauf
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2015-01-20 01:06 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:06 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:06 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:06 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:04 - 2015-01-20 01:04 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-01-20 01:04 - 2015-01-20 01:04 - 00000000 ____D () C:\Program Files\Realtek
2015-01-20 01:03 - 2015-01-20 01:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-01-20 01:03 - 2015-01-20 01:03 - 00000000 ____D () C:\Program Files\Synaptics
2015-01-20 01:02 - 2015-01-20 01:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-20 00:59 - 2015-01-20 01:05 - 00001355 _____ () C:\Windows\TSSysprep.log
2015-01-20 00:57 - 2015-01-20 02:15 - 00000000 ____D () C:\Windows\Panther
2015-01-20 00:54 - 2015-01-20 00:54 - 00262144 _____ () C:\Windows\system32\config\userdiff
2015-01-20 00:30 - 2015-01-20 01:53 - 00000000 ___HD () C:\$WINDOWS.~Q
2015-01-20 00:25 - 2015-01-20 00:29 - 00000000 ___HD () C:\$INPLACE.~TR
2015-01-19 23:11 - 2015-01-20 01:52 - 00006137 _____ () C:\Windows\comsetup.log
2015-01-19 22:59 - 2015-01-19 22:59 - 00000199 _____ () C:\Windows\system32\2015-01-19-21-59-47.056-AvastVBoxSVC.exe-2804.log
2015-01-19 22:47 - 2015-01-19 22:47 - 00000249 _____ () C:\Windows\system32\2015-01-19-21-47-40.038-aswFe.exe-912.log
2015-01-19 22:25 - 2015-01-19 22:47 - 00000249 _____ () C:\Windows\system32\2015-01-19-21-25-01.028-aswFe.exe-3604.log
2015-01-19 22:24 - 2015-01-19 22:24 - 00000199 _____ () C:\Windows\system32\2015-01-19-21-24-52.051-AvastVBoxSVC.exe-2552.log
2015-01-19 22:14 - 2015-01-20 01:19 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-10 02:18 - 2015-01-10 02:18 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-****-BOOKLET-Microsoft-Windows-7-Starter-(32-bit).dat
2015-01-10 02:18 - 2015-01-10 02:18 - 00000000 ____D () C:\RegBackup
2015-01-07 20:53 - 2015-01-07 20:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2015-01-07 20:52 - 2015-01-20 01:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-01-07 20:50 - 2015-01-20 01:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-01-07 20:49 - 2015-01-20 01:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVAST Software
2015-01-07 20:49 - 2010-06-29 13:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2015-01-05 22:04 - 2015-01-20 01:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-04 22:30 - 2014-12-04 05:38 - 00728576 ____N (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-04 22:30 - 2014-12-04 05:38 - 00610304 ____N (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-04 22:30 - 2014-12-02 00:28 - 01160872 ____N (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-04 22:29 - 2014-12-04 05:38 - 00337920 ____N (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-04 22:29 - 2014-12-04 05:38 - 00315392 ____N (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-04 22:27 - 2015-01-04 22:29 - 00380416 _____ () C:\Users\****\Downloads\Gmer-19357.exe
2015-01-04 22:12 - 2014-11-21 08:16 - 02861568 ____N (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-04 22:09 - 2015-01-04 22:13 - 00022829 _____ () C:\Users\****\Downloads\Addition.txt
2015-01-04 22:04 - 2015-01-04 22:13 - 00020476 _____ () C:\Users\****\Downloads\FRST.txt
2015-01-04 22:02 - 2015-01-25 20:37 - 00000000 ____D () C:\FRST
2015-01-04 21:59 - 2015-01-04 22:01 - 01115136 _____ (Farbar) C:\Users\****\Downloads\FRST.exe
2015-01-04 21:56 - 2015-01-04 21:57 - 00000472 _____ () C:\Users\****\Downloads\defogger_disable.log
2015-01-04 21:56 - 2015-01-04 21:56 - 00000000 _____ () C:\Users\****\defogger_reenable
2015-01-04 21:54 - 2015-01-04 21:55 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe
2015-01-01 16:07 - 2015-01-01 16:07 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-01 16:07 - 2015-01-01 16:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 20:11 - 2014-01-21 21:51 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 20:07 - 2013-01-13 01:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-25 20:07 - 2013-01-13 01:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 20:07 - 2011-06-15 00:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 20:01 - 2014-01-21 21:51 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 19:59 - 2009-07-14 03:04 - 00000580 _____ () C:\Windows\win.ini
2015-01-25 19:58 - 2009-07-14 05:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 19:58 - 2009-07-14 05:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 19:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-25 19:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-23 21:27 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 21:27 - 2009-07-14 05:39 - 00250831 _____ () C:\Windows\setupact.log
2015-01-23 21:26 - 2010-11-20 22:48 - 00011858 _____ () C:\Windows\PFRO.log
2015-01-23 21:08 - 2011-09-10 10:31 - 00000000 ____D () C:\Users\****\AppData\Local\Google
2015-01-23 21:08 - 2010-11-20 22:01 - 01629396 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 20:59 - 2014-01-21 21:51 - 00000000 ____D () C:\Program Files\Google
2015-01-22 23:11 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-22 22:31 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-20 21:09 - 2012-11-19 09:53 - 00000000 ____D () C:\Users\****\AppData\Local\Wuala
2015-01-20 21:07 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\restore
2015-01-20 20:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-20 02:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-20 02:15 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-20 02:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\Recovery
2015-01-20 02:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-20 02:11 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-20 02:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Registration
2015-01-20 01:51 - 2009-07-14 05:39 - 00005715 _____ () C:\Windows\setuperr.log
2015-01-20 01:44 - 2009-07-14 05:33 - 00287424 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-20 01:41 - 2009-07-14 05:34 - 00005157 _____ () C:\Windows\DtcInstall.log
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:38 - 2010-07-18 21:53 - 00000000 ____D () C:\Users\****\Downloads\LinuxKDE(eng).gdd
2015-01-20 01:38 - 2010-07-18 21:47 - 00000000 ____D () C:\Users\****\Downloads\SNP88.gdd
2015-01-20 01:38 - 2010-07-18 21:41 - 00000000 ____D () C:\Users\****\Downloads\CrepusculumByPingwinGTS.gdd
2015-01-20 01:38 - 2010-07-18 21:34 - 00000000 ____D () C:\Users\****\Downloads\diamond-v04
2015-01-20 01:38 - 2010-07-12 22:23 - 00000000 ____D () C:\Users\****\GDesk
2015-01-20 01:37 - 2014-01-21 21:41 - 00000000 ____D () C:\Users\****\AppData\Roaming\AVAST Software
2015-01-20 01:37 - 2012-08-18 10:14 - 00000000 ____D () C:\Users\****\AppData\Roaming\SoftGrid Client
2015-01-20 01:37 - 2012-08-18 10:14 - 00000000 ____D () C:\Users\****\AppData\Local\SoftGrid Client
2015-01-20 01:37 - 2010-07-13 00:04 - 00000000 ____D () C:\Users\****\AppData\Roaming\WinRAR
2015-01-20 01:37 - 2010-07-13 00:02 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-20 01:37 - 2010-07-05 09:33 - 00000000 ____D () C:\Users\****\AppData\Roaming\Macromedia
2015-01-20 01:37 - 2010-07-05 09:33 - 00000000 ____D () C:\Users\****\AppData\Roaming\Adobe
2015-01-20 01:37 - 2010-07-05 09:19 - 00000000 ____D () C:\Users\****\AppData\Roaming\Mozilla
2015-01-20 01:37 - 2010-07-05 09:19 - 00000000 ____D () C:\Users\****\AppData\Local\Mozilla
2015-01-20 01:37 - 2010-07-01 22:09 - 00000000 ____D () C:\Users\****\AppData\Roaming\Nokia Ovi Suite
2015-01-20 01:37 - 2010-07-01 21:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Nokia
2015-01-20 01:37 - 2010-07-01 21:56 - 00000000 ____D () C:\Users\****\AppData\Local\NokiaAccount
2015-01-20 01:37 - 2010-07-01 21:53 - 00000000 ____D () C:\Users\****\AppData\Local\Nokia
2015-01-20 01:37 - 2010-07-01 21:50 - 00000000 ____D () C:\Users\****\AppData\Roaming\PC Suite
2015-01-20 01:36 - 2011-01-26 21:53 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2015-01-20 01:19 - 2014-07-26 20:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-20 01:19 - 2011-07-30 15:11 - 00000000 ____D () C:\Windows\system32\SPReview
2015-01-20 01:19 - 2011-07-16 23:18 - 00000000 ____D () C:\Windows\system32\EventProviders
2015-01-20 01:19 - 2010-07-05 09:32 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-20 01:19 - 2010-04-23 10:54 - 00000000 ____D () C:\Windows\{9BA86693-F49A-4DA1-BBB3-827DFB688228}
2015-01-20 01:19 - 2010-04-23 10:53 - 00000000 ____D () C:\Windows\system32\Lang
2015-01-20 01:19 - 2010-04-23 10:51 - 00000000 ____D () C:\Windows\system32\Microsoft.VC80.MFC
2015-01-20 01:19 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\it-IT
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\el-GR
2015-01-20 01:18 - 2010-07-05 11:03 - 00000000 ____D () C:\Windows\pss
2015-01-20 01:18 - 2010-06-29 13:20 - 00000000 ____D () C:\Windows\SHELLNEW
2015-01-20 01:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-20 01:16 - 2014-08-02 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-20 01:16 - 2014-01-21 21:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-20 01:16 - 2013-02-11 22:20 - 00000000 ____D () C:\ProgramData\Ask
2015-01-20 01:16 - 2013-01-25 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-01-20 01:16 - 2013-01-25 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-20 01:16 - 2012-11-19 09:58 - 00000000 ____D () C:\ProgramData\Sun
2015-01-20 01:16 - 2011-01-26 21:46 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-20 01:16 - 2011-01-26 21:42 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-20 01:16 - 2010-08-30 14:53 - 00000000 ____D () C:\ProgramData\Alwil Software
2015-01-20 01:16 - 2010-08-13 20:51 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2015-01-20 01:16 - 2010-07-13 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-20 01:16 - 2010-07-13 00:01 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-20 01:16 - 2010-07-01 21:50 - 00000000 ____D () C:\ProgramData\PC Suite
2015-01-20 01:16 - 2010-07-01 21:35 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2015-01-20 01:16 - 2010-06-30 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2015-01-20 01:16 - 2010-06-30 23:11 - 00000000 ____D () C:\Program Files\Nokia
2015-01-20 01:16 - 2010-06-29 13:31 - 00000000 ____D () C:\ProgramData\fssg
2015-01-20 01:16 - 2010-06-29 13:30 - 00000000 ____D () C:\ProgramData\f-secure
2015-01-20 01:16 - 2010-06-29 13:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-20 01:16 - 2010-04-23 11:44 - 00000000 ____D () C:\ProgramData\temp
2015-01-20 01:16 - 2010-04-23 10:58 - 00000000 ____D () C:\Program Files\Option
2015-01-20 01:16 - 2010-04-23 10:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-20 01:16 - 2010-04-23 10:56 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-20 01:16 - 2010-04-23 10:51 - 00000000 ____D () C:\ProgramData\win7_32
2015-01-20 01:16 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\Power Management
2015-01-20 01:16 - 2010-04-23 10:29 - 00000000 ____D () C:\ProgramData\Nokia
2015-01-20 01:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-20 01:15 - 2014-11-11 21:13 - 00000000 ____D () C:\Program Files\GUM8EBC.tmp
2015-01-20 01:15 - 2013-09-04 21:05 - 00000000 ____D () C:\Program Files\Java
2015-01-20 01:15 - 2013-01-25 11:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-20 01:15 - 2012-08-18 10:08 - 00000000 ____D () C:\Program Files\Microsoft Application Virtualization Client
2015-01-20 01:15 - 2010-07-05 09:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-20 01:15 - 2010-06-29 13:22 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-20 01:15 - 2010-06-29 13:22 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2015-01-20 01:15 - 2010-06-29 13:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-20 01:15 - 2010-04-23 10:57 - 00000000 ____D () C:\Program Files\Microsoft Office Suite Activation Assistant
2015-01-20 01:15 - 2010-04-23 10:52 - 00000000 ____D () C:\Program Files\Intel
2015-01-20 01:15 - 2010-04-23 10:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-20 01:15 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\HotKey
2015-01-20 01:14 - 2014-11-11 21:14 - 00000000 ____D () C:\Program Files\GUM1317.tmp
2015-01-20 01:14 - 2014-08-02 11:53 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-20 01:14 - 2014-07-04 23:22 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-20 01:14 - 2013-10-25 08:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-20 01:14 - 2011-06-21 21:14 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-20 01:14 - 2011-01-12 22:48 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2015-01-20 01:14 - 2010-07-01 21:43 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2015-01-20 01:14 - 2010-07-01 21:42 - 00000000 ____D () C:\Program Files\DIFX
2015-01-20 01:14 - 2010-06-29 13:32 - 00000000 ____D () C:\Program Files\F-Secure
2015-01-20 01:14 - 2010-04-23 10:56 - 00000000 ____D () C:\Program Files\ASIX Electronics Corporation
2015-01-20 01:14 - 2010-04-23 10:55 - 00000000 ____D () C:\Program Files\CSR
2015-01-20 01:14 - 2010-04-23 10:54 - 00000000 ____D () C:\Program Files\Atheros
2015-01-20 01:14 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-20 01:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-20 01:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-20 01:13 - 2011-06-21 21:14 - 00000000 ____D () C:\Program Files\Adobe
2015-01-20 01:13 - 2010-08-30 14:53 - 00000000 ____D () C:\Program Files\Alwil Software
2015-01-20 01:04 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 00:56 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-20 00:56 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-01-20 00:14 - 2010-06-30 04:00 - 01702239 _____ () C:\Windows\WindowsUpdate (1).log
2015-01-19 23:01 - 2011-02-28 23:45 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-19 22:59 - 2010-08-30 14:54 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-08 09:55 - 2010-06-29 14:33 - 00249488 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 20:31 - 2014-11-11 22:09 - 00044846 _____ () C:\Windows\IE11_main.log
2015-01-05 21:24 - 2013-08-12 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-01 20:28 - 2010-06-29 14:21 - 00002334 _____ () C:\Users\****\Desktop\graf kaffee Extern.RDP
2015-01-01 17:20 - 2011-06-21 21:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-01-01 16:07 - 2014-07-09 21:36 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-01 16:07 - 2014-01-21 21:25 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-01 16:07 - 2013-04-16 21:35 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-01 16:07 - 2013-04-16 21:35 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-01 16:07 - 2012-04-17 18:18 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-01 16:07 - 2010-08-30 14:54 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

==================== Files in the root of some directories =======

2014-11-11 21:14 - 2014-11-11 21:14 - 6000640 _____ () C:\Program Files\GUT1328.tmp
2014-11-11 21:13 - 2014-11-11 21:24 - 6000640 _____ () C:\Program Files\GUT8ECC.tmp
2015-01-22 20:28 - 2015-01-22 20:28 - 0000000 _____ () C:\ProgramData\HDPSetting.ini

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\NEventMessages.dll
C:\Users\****\AppData\Local\Temp\NEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-20 20:41

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01
Ran by **** at 2015-01-25 20:39:52
Running from C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK8PFYBX
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Atheros 802.11 bgn Network Adapter (HKLM\...\InstallShield_{06A6143C-0703-4946-9E20-355F306ADF11}) (Version: 1.0.0.0 - Atheros)
Atheros 802.11 bgn Network Adapter (Version: 1.0.0.0 - Atheros) Hidden
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
AX88772A & AX88772 Windows 7 Drivers (HKLM\...\InstallShield_{620DA0EB-574D-45B5-B3E9-B85AECA41D59}) (Version: 1.0.0.0 - ASIX Electronics Corporation)
AX88772A & AX88772 Windows 7 Drivers (Version: 1.0.0.0 - ASIX Electronics Corporation) Hidden
Bluetooth Feature Pack 5.0 (HKLM\...\{0439D13F-C7CD-458A-90DE-44135CBD40B8}) (Version: 5.0.12 - CSR Plc.)
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Dynamo Combo (HKLM\...\Dynamo Combo) (Version: 2015.01.23.192328 - Dynamo Combo) <==== ATTENTION!
Google Chrome (HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hard Disk Protection (HKLM\...\InstallShield_{08188833-CF3E-4067-B884-6049B0A38A35}) (Version: 1.0.0.18C - Nokia)
Hard Disk Protection (Version: 1.0.0.18C - Nokia) Hidden
Hotkey Utility (HKLM\...\InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}) (Version: 1.0.0.21C - Nokia)
Hotkey Utility (Version: 1.0.0.21C - Nokia) Hidden
Intel(R) Graphics Media Accelerator 500 (HKLM\...\LPCO) (Version:  -  Intel Corporation)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Microsoft .NET Framework 4.5.1 (DEU) (HKLM\...\{9E871D09-064D-3BC9-963B-3AB8ABE1273D}) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{4903D172-DCCB-392F-93A3-34CA9D47FE3D}) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Miniprogramm zum Abrufen von Nokia Ovi Suite (HKLM\...\{3A519502-3354-4290-A852-7A1835BA678F}) (Version: 1.0.45 - Nokia)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Booklet Software Updater (HKLM\...\{8C7AC9E7-A635-4C73-B360-FE6AE4E8DD93}) (Version: 1.1.100 - Nokia)
Nokia Connectivity Cable Driver (HKLM\...\{F1FDAA01-988C-423F-AC12-0D8F333943FD}) (Version: 7.1.31.0 - Nokia)
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 2.2.0.245 - Nokia)
Nokia Ovi Suite (Version: 2.2.0.245 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM\...\{A0D65C73-F2C5-432F-8788-90F8A2E99B98}) (Version: 02.05.002.42441 - Nokia Corporation)
Nokia Social Hub (HKLM\...\{F4A31D1A-8ABB-4977-848E-26F76F5212B0}) (Version: 1.0.585 - Nokia)
Option WWAN Driver 5.1.37.0 Installer  (HKLM\...\{884BB5CC-108E-41a9-936D-955C999C06A1}_x) (Version: 3.5.1.1140 - Option NV)
Option WWAN Driver 5.1.37.0 Installer (Version: 3.5.1.1140 - Option NV) Hidden
Ovi Desktop Sync Engine (Version: 1.4.78.0 - Nokia) Hidden
Ovi Maps Gadget (HKLM\...\{698A3082-B4AF-4113-8068-79C868C4B0C9}) (Version: 1.0.13867 - Nokia)
OviMPlatform (Version: 2.6.195.0 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{29F563F4-8807-4496-8463-441EAA0E96AB}) (Version: 10.26.0.0 - Nokia)
Power Management (HKLM\...\InstallShield_{C36E5EC0-A87E-4994-844B-1DE75ED22BD8}) (Version: 1.0.0.18C - Nokia)
Power Management (Version: 1.0.0.18C - Nokia) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5999 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoamingHelperSetup (HKLM\...\{C358D274-1BA4-4F57-95C4-4669AE126B99}) (Version: 1.0.0 - Option)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
Tap to wake up (HKLM\...\InstallShield_{0B23E38B-F4D8-44A9-A3D3-95020D35D8C9}) (Version: 1.0.0.19C - Nokia)
Tap to wake up (Version: 1.0.0.19C - Nokia) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Utility Common Driver (Version: 1.77.0.2C - NOKIA) Hidden
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.91\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)

==================== Restore Points  =========================

20-01-2015 21:07:30 Removed Windows 7 USB/DVD Download Tool
22-01-2015 22:14:43 Installed Bonjour Print Services
23-01-2015 20:49:30 Revo Uninstaller's restore point - Google Chrome
23-01-2015 21:15:12 Revo Uninstaller's restore point - PC Speed Maximizer v4.0
23-01-2015 21:18:27 Revo Uninstaller's restore point - Vosteran
23-01-2015 21:21:19 Revo Uninstaller's restore point - WSE_Vosteran

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-01-10 02:56 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3201A1B4-6C25-46D5-BC40-232F14D989FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {383EBE8B-3945-465D-AFEB-2A81F916B7CC} - \SidebarExecute No Task File <==== ATTENTION
Task: {5FC356A9-9467-4AE8-BED5-F787D160D1B1} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-01-01] (AVAST Software)
Task: {773C2256-6E9D-4A26-B6A8-2B2B69FDB1FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {7E476722-6C80-4EA0-8B46-48B6F562E67C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {A320242A-44DE-4938-A0A7-6476C923136C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {A6B2DB9E-6523-460F-A1F1-6F1C15D943E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {DF4F6C72-D05F-409D-BB27-9014CFBBC242} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {E3457BE7-F260-4266-BE08-4DEE4761FA99} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {E7CE1F64-F0B0-4581-96EE-3E2882FEF1E6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F762FFD0-B96E-4EB6-933D-A91579976F09} - System32\Tasks\Nokia\Booklet software updater\Check for updates => NBSUTool.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-04-23 10:56 - 2009-12-24 19:13 - 00180224 _____ () C:\WINDOWS\system32\HDPSrv.exe
2010-04-23 10:51 - 2010-04-23 10:51 - 00011776 _____ () C:\Windows\system32\PrLdrSrv.exe
2010-04-23 10:51 - 2010-04-23 10:51 - 00024576 _____ () C:\Windows\system32\EKECioCtl.dll
2010-04-23 10:56 - 2009-12-24 19:13 - 00180224 _____ () C:\Windows\System32\HDPSrv.exe
2010-04-21 12:39 - 2010-04-21 12:39 - 02145792 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtCore4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 07983616 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtGui4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00335360 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtXml4.dll
2010-04-21 12:38 - 2010-04-21 12:38 - 00925184 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtNetwork4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00187904 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtSql4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00022528 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qgif4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00027648 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qico4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00119808 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qjpeg4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00220672 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qmng4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00278528 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qtiff4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00417792 _____ () C:\Program Files\Nokia\Nokia Social Hub\sqldrivers\qsqlite4.dll
2015-01-23 20:23 - 2015-01-23 21:33 - 00632568 _____ () C:\Program Files\Dynamo Combo\updateDynamoCombo.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3075977200-4285461987-214124539-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-3075977200-4285461987-214124539-501 - Limited - Disabled)
**** (S-1-5-21-3075977200-4285461987-214124539-1000 - Administrator - Enabled) => C:\Users\****

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2015 08:41:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/25/2015 08:41:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/25/2015 08:41:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/25/2015 08:41:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/25/2015 08:41:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/25/2015 08:41:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/25/2015 08:41:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/25/2015 08:41:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/25/2015 08:41:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/25/2015 08:41:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (01/25/2015 07:59:54 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/23/2015 09:48:35 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (01/23/2015 09:48:32 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/23/2015 09:27:33 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/23/2015 09:27:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! Antivirus" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001

Error: (01/23/2015 09:25:16 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/23/2015 09:00:18 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/23/2015 09:00:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! Antivirus" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001

Error: (01/23/2015 08:57:57 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/23/2015 08:40:25 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14


Microsoft Office Sessions:
=========================
         

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-25 21:34:32
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1235GSL rev.PV010A 111.79GB
Running: Gmer-19357.exe; Driver: C:\Users\****\AppData\Local\Temp\pwtdaaob.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwAddBootEntry [0x8963EAC4]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                           ZwAllocateVirtualMemory [0x896FA0BA]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwAssignProcessToJobObject [0x8963F5A2]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwCreateEvent [0x8964B63C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwCreateEventPair [0x8964B688]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwCreateIoCompletion [0x8964B822]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwCreateMutant [0x8964B5AA]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                           ZwCreateSection [0x896FA494]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwCreateSemaphore [0x8964B5F2]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                           ZwCreateThread [0x896FA724]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                           ZwCreateThreadEx [0x896FA80E]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwCreateTimer [0x8964B7DC]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwDebugActiveProcess [0x89640390]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwDeleteBootEntry [0x8963EB2A]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwDuplicateObject [0x89643B86]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwLoadDriver [0x8963E716]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                           ZwMapViewOfSection [0x896FA574]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwModifyBootEntry [0x8963EB90]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwNotifyChangeKey [0x89643F7C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwNotifyChangeMultipleKeys [0x89640E78]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwOpenEvent [0x8964B666]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwOpenEventPair [0x8964B6AA]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwOpenIoCompletion [0x8964B846]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwOpenMutant [0x8964B5D0]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwOpenProcess [0x8964347E]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwOpenSection [0x8964B75A]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwOpenSemaphore [0x8964B61A]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwOpenThread [0x8964386A]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwOpenTimer [0x8964B800]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                           ZwProtectVirtualMemory [0x896FA312]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwQueryObject [0x89640CEC]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwQueueApcThreadEx [0x896409FA]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwSetBootEntryOrder [0x8963EBF6]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwSetBootOptions [0x8963EC5C]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                           ZwSetContextThread [0x896FA670]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwSetSystemInformation [0x8963E7B0]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwSetSystemPowerState [0x8963E982]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwShutdownSystem [0x8963E910]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwSuspendProcess [0x8964055A]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwSuspendThread [0x896406BC]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwSystemDebugControl [0x8963EA0A]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                           ZwTerminateProcess [0x896FA3E0]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwTerminateThread [0x896401EA]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                          ZwVdmControl [0x8963ECC2]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                           ZwWriteVirtualMemory [0x896FA244]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13C1                                                                    8207A339 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           820B3D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                              820BADC0 4 Bytes  [C4, EA, 63, 89]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                              820BADE8 4 Bytes  [BA, A0, 6F, 89]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                              820BAE48 4 Bytes  [A2, F5, 63, 89]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                              820BAE9C 8 Bytes  [3C, B6, 64, 89, 88, B6, 64, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                              820BAEA8 4 Bytes  [22, B8, 64, 89]
.text           ...                                                                                              

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713255abf                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings                        
Reg             HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\002713255abf (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)    
Reg             HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\002713255abf (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet004\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)    

---- EOF - GMER 2.1 ----
         
Bin gespannt ob Du noch etwas auffälliges findest.

Gruss
Schümli

Alt 26.01.2015, 11:31   #22
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen - Standard

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
R1 {16a92140-918d-4afb-9edb-46f22437bb10}Gw; C:\Windows\System32\drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw.sys [43160 2015-01-25] (StdLib)
R1 {915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw; C:\Windows\System32\drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw.sys [43160 2015-01-23] (StdLib)
C:\Windows\System32\drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw.sys
C:\Windows\System32\drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw.sys

Task: {383EBE8B-3945-465D-AFEB-2A81F916B7CC} - \SidebarExecute No Task File <==== ATTENTION
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.01.2015, 23:52   #23
schuemli
 
Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen - Standard

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen



Folgend die Datei Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
Ran by **** at 2015-01-27 23:14:11 Run:1
Running from C:\Users\****\Downloads
Loaded Profiles: **** (Available profiles: **** & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
R1 {16a92140-918d-4afb-9edb-46f22437bb10}Gw; C:\Windows\System32\drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw.sys [43160 2015-01-25] (StdLib)
R1 {915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw; C:\Windows\System32\drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw.sys [43160 2015-01-23] (StdLib)
C:\Windows\System32\drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw.sys
C:\Windows\System32\drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw.sys

Task: {383EBE8B-3945-465D-AFEB-2A81F916B7CC} - \SidebarExecute No Task File <==== ATTENTION
Emptytemp:
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3075977200-4285461987-214124539-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
{16a92140-918d-4afb-9edb-46f22437bb10}Gw => Service stopped successfully.
{16a92140-918d-4afb-9edb-46f22437bb10}Gw => Service deleted successfully.
{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw => Service stopped successfully.
{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw => Service deleted successfully.
Could not move "C:\Windows\System32\drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw.sys" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{383EBE8B-3945-465D-AFEB-2A81F916B7CC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{383EBE8B-3945-465D-AFEB-2A81F916B7CC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute" => Key deleted successfully.
EmptyTemp: => Removed 2.5 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-27 23:18:25)<=

"C:\Windows\System32\drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw.sys" => File could not move.
"C:\Windows\System32\drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw.sys" => File could not move.

==== End of Fixlog 23:18:25 ====
         
Ich glaube ich habe mir noch irgendwas "eingefangen". Irgendwann zwischen der Reparaturinstallation und chrome deinstallieren und neu installieren. Denn ich habe vergessen nach der Reparaturinstallation Avast zu aktivieren. Folgendes passiert jedesmal nach dem Neustart:
Es werden automatisch Dateien geöffnet mit dem Namen Help_Decrypt (in vier Versionen: als Html Dokument, png-Bild, Text-Dokument und als Internetverknüpfung).
Habe im Board schon etwas über diese Problem gefunden. Bisher habe ich jedoch noch nichts unternommen und warte was Du zum Fixlog meinst.

Alt 28.01.2015, 12:36   #24
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen - Standard

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen





frisches FRST Log bitte. Wurden irgendwelche Dateien von Dir verschlüsselt, sodass Du sie nicht mehr öffnen kannst?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.01.2015, 22:35   #25
schuemli
 
Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen - Standard

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen



Folgend ein frisches FRST Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by **** (administrator) on ****-BOOKLET on 28-01-2015 22:07:25
Running from C:\Users\****\Downloads
Loaded Profiles: **** (Available profiles: **** & Administrator)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\HDPSrv.exe
() C:\Windows\itaily.exe
() C:\Windows\System32\prldrsrv.exe
(Option International) C:\Program Files\Option\RoamingHelperSetup\RoamingHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(COMPAL ELECTRONIC INC.) C:\Program Files\HotKey\CeEKey.exe
(Nokia) C:\Program Files\Power Management\NpwrMngr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
() C:\Windows\System32\HDPSrv.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
(CrystalIDEA Software) C:\Users\****\AppData\Local\Temp\tmp262a6128\sbd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Users\****\AppData\Local\Google\Update\Install\{A8614398-C874-4030-8F30-5F4AFD7E736F}\40.0.2214.93_chrome_installer.exe
(Google Inc.) C:\Users\****\AppData\Local\Temp\CR_8689E.tmp\setup.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxExt] => C:\Windows\system32\IgfxExt.exe [174616 2010-04-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-09] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [CeEKEY] => C:\Program Files\HotKey\CeEKey.exe [1607024 2010-04-06] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [504160 2009-09-10] (CSR, plc)
HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [346464 2009-09-10] (CSR, plc)
HKLM\...\Run: [HDPSrv] => C:\Windows\system32\HDPSrv.exe [180224 2009-12-24] ()
HKLM\...\Run: [NokiaMServer] => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [NpwrMngr] => C:\Program Files\Power Management\NpwrMngr.exe [488816 2009-12-23] (Nokia)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\kdpvjam: C:\Users\****\AppData\Local\kdpvjam.dll ()
Winlogon\Notify\kdpvjaz: C:\Users\****\AppData\Local\kdpvjaz.dll ()
HKLM\...\Policies\Explorer\Run: [2560651233] => C:\ProgramData\msotusjhe.exe [158349 2010-11-20] ( (loplkjyhtg))
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [Nokia Social Hub] => C:\Program Files\Nokia\Nokia Social Hub\Hub.exe [4941824 2010-04-21] (Nokia)
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [Google Update] => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-01-23] (Google Inc.)
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [Ihsoft] => C:\Windows\System32\regsvr32.exe C:\Users\****\AppData\Local\Ihsoft\EPNHTX11.DLL <===== ATTENTION
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [Abworks] => regsvr32.exe C:\Users\****\AppData\Local\Abworks\lnkdovrphy.dll <===== ATTENTION
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [{DF24E061-FD3F-1502-128A-99803267983E}] => C:\Users\****\AppData\Roaming\Akem\futya.exe [350720 2015-01-24] ()
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [kdpvjaz] => rundll32 "C:\Users\****\AppData\Local\kdpvjaz.dll",kdpvjaz <===== ATTENTION
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [kdpvjam] => C:\Users\****\AppData\Roaming\C5FF2788\bin.exe [53248 2015-01-26] (Luminous#Moored)
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [C9F068BE] => rundll32 "C:\Users\****\AppData\Local\kdpvjam.dll",kdpvjam
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [88d8125] => C:\Users\****\AppData\Roaming\C9F068BE\bin.exe [302080 2015-01-27] (WiseCleaner.com)
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [88d81255] => C:\88d81255\88d81255.exe [178688 2015-01-28] ()
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\RunOnce: [*8d8125] => C:\88d81255\88d81255.exe [178688 2015-01-28] ()
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\RunOnce: [*8d81255] => C:\Users\****\AppData\Roaming\88d81255.exe [178688 2015-01-28] ()
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3075977200-4285461987-214124539-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/
SearchScopes: HKLM -> DefaultScope {AE73E60E-7A33-4039-853E-8C1CC06B3AD3} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_15_04_ie&cd=2XzuyEtN2Y1L1QzutDyCtBtAtDzz0F0DyE0F0C0EyD0E0DtCtN0D0Tzu0StCtCtCzztN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0A0AyCyCyC0C0DtGtAtCyCyEtG0C0BtAyEtGtC0AtC0AtGyCtDzzyEzzzytA0B0CyCyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0AtCtC0A0CzztG0DtAyCyDtGyE0FtCyCtGzy0B0BtAtGzz0EyEtC0Bzy0BzyyCyDyEyD2Q&cr=1982145653&ir=
SearchScopes: HKLM -> {AE73E60E-7A33-4039-853E-8C1CC06B3AD3} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_15_04_ie&cd=2XzuyEtN2Y1L1QzutDyCtBtAtDzz0F0DyE0F0C0EyD0E0DtCtN0D0Tzu0StCtCtCzztN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0A0AyCyCyC0C0DtGtAtCyCyEtG0C0BtAyEtGtC0AtC0AtGyCtDzzyEzzzytA0B0CyCyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0AtCtC0A0CzztG0DtAyCyDtGyE0FtCyCtGzy0B0BtAtGzz0EyEtC0Bzy0BzyyCyDyEyD2Q&cr=1982145653&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=NKATDF&pc=MANK&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> {1E76C71F-7D78-479B-851F-FDB67A02DF0E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=09262C0A-E6C8-4FCC-985F-D25815830C04&apn_sauid=FA9946E4-5D5B-48B2-A800-862B4792EED4
SearchScopes: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> {AE73E60E-7A33-4039-853E-8C1CC06B3AD3} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_15_04_ie&cd=2XzuyEtN2Y1L1QzutDyCtBtAtDzz0F0DyE0F0C0EyD0E0DtCtN0D0Tzu0StCtCtCzztN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0A0AyCyCyC0C0DtGtAtCyCyEtG0C0BtAyEtGtC0AtC0AtGyCtDzzyEzzzytA0B0CyCyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0AtCtC0A0CzztG0DtAyCyDtGyE0FtCyCtGzy0B0BtAtGzz0EyEtC0Bzy0BzyyCyDyEyD2Q&cr=1982145653&ir=
SearchScopes: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AA132380-4875-4E1D-99ED-7B7AC0780F88}: [NameServer] 195.186.216.33 195.186.152.33
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.bluewin.ch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3075977200-4285461987-214124539-1000: @tools.google.com/Google Update;version=3 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3075977200-4285461987-214124539-1000: @tools.google.com/Google Update;version=9 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\searchplugins\askcom.xml
FF Extension: Stealthy - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\Extensions\stealthyextension@gmail.com.xpi [2011-05-19]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-07-01]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2010-07-01]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.bluewin.ch/"
CHR Plugin: (Shockwave Flash) - C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.91\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.91\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Google Update) - C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_287.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-25]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-01-01]
StartMenuInternet: Google Chrome.ENT2PAEKF5UFKJNFFNKFI6MGBA - C:\Users\****\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "93a0a821ee01750e" service could not be unlocked. <===== ATTENTION

S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2015-01-01] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-01] (Avast Software)
R2 HDPSrv; C:\WINDOWS\system32\HDPSrv.exe [180224 2009-12-24] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 itaily; C:\Windows\itaily.exe [38400 2015-01-25] () [File not signed]
R2 PrLdrSrv; C:\Windows\system32\PrLdrSrv.exe [11776 2010-04-23] () [File not signed]
R2 RoamingHelper; C:\Program Files\Option\RoamingHelperSetup\RoamingHelper.exe [19968 2010-04-02] (Option International) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [111488 2009-09-10] (CSR, plc)
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 Update Dynamo Combo; "C:\Program Files\Dynamo Combo\updateDynamoCombo.exe" [X]
S2 Util Dynamo Combo; "C:\Program Files\Dynamo Combo\bin\utilDynamoCombo.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-01] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-01] ()
R0 EMSC; C:\Windows\System32\DRIVERS\EvMngr.SYS [19824 2009-06-25] ()
R3 GTNDIS62; C:\Windows\System32\DRIVERS\Gtuhs62.sys [159744 2010-04-13] (Option N.V.)
R3 GTUHSBUS; C:\Windows\System32\DRIVERS\gtuhsbus.sys [151552 2010-03-12] (Option N.V.)
R3 GTUHSSER; C:\Windows\System32\DRIVERS\gtuhsser.sys [8064 2010-02-26] (Option N.V.)
R0 HDFilter; C:\Windows\System32\DRIVERS\HDFilter.sys [20848 2009-07-04] (COMPAL ELECTRONIC INC.)
R3 igd; C:\Windows\System32\DRIVERS\igdkmd32.sys [647904 2010-03-26] (Intel Corporation)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-03] (COMPAL ELECTRONIC INC.)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [14848 2012-08-23] (Microsoft Corporation) [File not signed]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [584872 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [197800 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [24232 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [20136 2013-06-26] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [218192 2015-01-01] (Avast Software)
U5 93a0a821ee01750e; C:\Windows\System32\Drivers\93a0a821ee01750e.sys [73856 2015-01-25] () <===== ATTENTION Necurs Rootkit?

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 22:07 - 2015-01-28 22:09 - 00019138 _____ () C:\Users\****\Downloads\FRST.txt
2015-01-28 22:04 - 2015-01-28 22:04 - 00178688 _____ () C:\Users\****\AppData\Roaming\88d81255.exe
2015-01-28 22:04 - 2015-01-28 22:04 - 00000000 ___HD () C:\88d81255
2015-01-27 23:09 - 2015-01-28 22:07 - 00000000 ____D () C:\Users\****\Downloads\FRST-OlderVersion
2015-01-27 22:52 - 2015-01-27 22:52 - 00071168 _____ () C:\Users\****\AppData\Local\kdpvjam.dll
2015-01-27 22:52 - 2015-01-27 22:52 - 00000000 ___HD () C:\Users\****\AppData\Roaming\C9F068BE
2015-01-27 00:56 - 2015-01-27 00:56 - 118132629 _____ () C:\Windows\MEMORY.DMP
2015-01-27 00:56 - 2015-01-27 00:56 - 00510968 _____ () C:\Windows\Minidump\012715-35568-01.dmp
2015-01-27 00:56 - 2015-01-27 00:56 - 00000000 ____D () C:\Windows\Minidump
2015-01-26 21:17 - 2015-01-26 21:17 - 00070656 _____ () C:\Users\****\AppData\Local\kdpvjaz.dll
2015-01-26 21:05 - 2015-01-26 21:11 - 00000000 ____D () C:\Users\****\AppData\Roaming\Local Store
2015-01-25 23:42 - 2015-01-27 23:18 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-25 23:18 - 2015-01-28 22:07 - 00000000 ____D () C:\Users\****\AppData\Roaming\Bihy
2015-01-25 23:18 - 2015-01-25 23:18 - 00000000 ____D () C:\Users\****\AppData\Roaming\Akem
2015-01-25 22:59 - 2015-01-25 22:59 - 00008528 _____ () C:\Users\****\HELP_DECRYPT.HTML
2015-01-25 22:59 - 2015-01-25 22:59 - 00008528 _____ () C:\Users\HELP_DECRYPT.HTML
2015-01-25 22:59 - 2015-01-25 22:59 - 00008528 _____ () C:\HELP_DECRYPT.HTML
2015-01-25 22:59 - 2015-01-25 22:59 - 00004204 _____ () C:\Users\****\HELP_DECRYPT.TXT
2015-01-25 22:59 - 2015-01-25 22:59 - 00004204 _____ () C:\Users\HELP_DECRYPT.TXT
2015-01-25 22:59 - 2015-01-25 22:59 - 00004204 _____ () C:\HELP_DECRYPT.TXT
2015-01-25 22:59 - 2015-01-25 22:59 - 00000272 _____ () C:\Users\****\HELP_DECRYPT.URL
2015-01-25 22:59 - 2015-01-25 22:59 - 00000272 _____ () C:\Users\HELP_DECRYPT.URL
2015-01-25 22:59 - 2015-01-25 22:59 - 00000272 _____ () C:\HELP_DECRYPT.URL
2015-01-25 22:47 - 2015-01-25 22:47 - 00008528 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-25 22:47 - 2015-01-25 22:47 - 00008528 _____ () C:\Users\****\AppData\HELP_DECRYPT.HTML
2015-01-25 22:47 - 2015-01-25 22:47 - 00004204 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-25 22:47 - 2015-01-25 22:47 - 00004204 _____ () C:\Users\****\AppData\HELP_DECRYPT.TXT
2015-01-25 22:47 - 2015-01-25 22:47 - 00000272 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:47 - 2015-01-25 22:47 - 00000272 _____ () C:\Users\****\AppData\HELP_DECRYPT.URL
2015-01-25 22:45 - 2015-01-25 22:45 - 00008528 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.HTML
2015-01-25 22:45 - 2015-01-25 22:45 - 00004204 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.TXT
2015-01-25 22:45 - 2015-01-25 22:45 - 00000272 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Default\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Default\AppData\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Administrator\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Administrator\AppData\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Default\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Default\AppData\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Administrator\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Administrator\AppData\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default\AppData\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Administrator\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Administrator\AppData\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-25 22:43 - 2015-01-25 22:43 - 00000000 ____D () C:\Users\****\AppData\Local\Ihsoft
2015-01-25 22:43 - 2015-01-25 22:43 - 00000000 ____D () C:\Users\****\AppData\Local\Abworks
2015-01-25 22:42 - 2015-01-25 22:42 - 00038400 _____ () C:\Windows\itaily.exe
2015-01-25 22:42 - 2015-01-25 22:42 - 00000416 _____ () C:\Windows\BRWMARK.INI
2015-01-25 22:42 - 2015-01-25 22:42 - 00000034 _____ () C:\Windows\system32\BD5280DW.DAT
2015-01-25 22:42 - 2015-01-25 22:42 - 00000017 _____ () C:\ProgramData\systemskey.ini
2015-01-25 22:08 - 2015-01-25 22:08 - 00073856 _____ () C:\Windows\system32\Drivers\93a0a821ee01750e.sys
2015-01-25 22:06 - 2015-01-27 23:19 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-01-25 20:53 - 2015-01-25 20:53 - 00000491 _____ () C:\Users\****\Downloads\gmer log 25.01.15.log
2015-01-25 19:59 - 2015-01-25 05:44 - 00043160 _____ (StdLib) C:\Windows\system32\Drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw.sys
2015-01-23 21:30 - 2015-01-23 01:41 - 00043160 _____ (StdLib) C:\Windows\system32\Drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw.sys
2015-01-23 21:09 - 2015-01-23 21:09 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-23 21:08 - 2015-01-28 22:02 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA.job
2015-01-23 21:08 - 2015-01-28 22:02 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core.job
2015-01-23 21:07 - 2015-01-23 21:12 - 00000000 ____D () C:\Users\****\AppData\Local\500950
2015-01-23 21:07 - 2015-01-23 21:07 - 35763832 _____ (Google Inc.) C:\Users\****\Downloads\google-chrome.exe
2015-01-23 20:45 - 2015-01-23 20:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-22 22:32 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple
2015-01-22 22:31 - 2015-01-22 22:31 - 00001419 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-22 22:30 - 2015-01-22 22:30 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2015-01-22 22:16 - 2015-01-22 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2015-01-22 22:15 - 2015-01-22 22:31 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2015-01-22 22:14 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\****\AppData\Local\Apple
2015-01-22 22:14 - 2015-01-22 22:14 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-22 22:14 - 2015-01-22 22:14 - 00000000 ____D () C:\Program Files\Apple Software Update
2015-01-22 22:13 - 2015-01-22 22:13 - 00000000 ____D () C:\ProgramData\Apple
2015-01-22 22:13 - 2015-01-22 22:13 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-22 22:01 - 2015-01-22 22:02 - 05436744 _____ (Apple Inc.) C:\Users\****\Downloads\BonjourPS202Setup.exe
2015-01-22 20:28 - 2015-01-22 20:28 - 00000000 _____ () C:\ProgramData\HDPSetting.ini
2015-01-20 02:17 - 2015-01-20 02:17 - 00001419 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 02:15 - 2015-01-20 02:15 - 00000020 ___SH () C:\Users\****\ntuser.ini
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 __SHD () C:\Recovery
2015-01-20 02:05 - 2015-01-25 22:41 - 00030641 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 01:50 - 2015-01-20 01:50 - 00021532 _____ () C:\Windows\system32\emptyregdb.dat
2015-01-20 01:41 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\AVAST Software
2015-01-20 01:41 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\AVAST Software
2015-01-20 01:41 - 2015-01-20 01:41 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-20 01:41 - 2015-01-20 01:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-20 01:06 - 2015-01-25 22:59 - 00000000 ____D () C:\Users\****
2015-01-20 01:06 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\Administrator
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Startmenü
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Netzwerkumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Druckumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Documents\Eigene Musik
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Documents\Eigene Bilder
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\AppData\Local\Verlauf
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2015-01-20 01:06 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:06 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:06 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:06 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:04 - 2015-01-20 01:04 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-01-20 01:04 - 2015-01-20 01:04 - 00000000 ____D () C:\Program Files\Realtek
2015-01-20 01:03 - 2015-01-20 01:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-01-20 01:03 - 2015-01-20 01:03 - 00000000 ____D () C:\Program Files\Synaptics
2015-01-20 01:02 - 2015-01-20 01:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-20 00:59 - 2015-01-20 01:05 - 00001355 _____ () C:\Windows\TSSysprep.log
2015-01-20 00:57 - 2015-01-20 02:15 - 00000000 ____D () C:\Windows\Panther
2015-01-20 00:54 - 2015-01-20 00:54 - 00262144 _____ () C:\Windows\system32\config\userdiff
2015-01-20 00:30 - 2015-01-25 22:42 - 00000000 ___HD () C:\$WINDOWS.~Q
2015-01-20 00:25 - 2015-01-20 00:29 - 00000000 ___HD () C:\$INPLACE.~TR
2015-01-19 23:11 - 2015-01-20 01:52 - 00006137 _____ () C:\Windows\comsetup.log
2015-01-19 22:59 - 2015-01-19 22:59 - 00000199 _____ () C:\Windows\system32\2015-01-19-21-59-47.056-AvastVBoxSVC.exe-2804.log
2015-01-19 22:47 - 2015-01-19 22:47 - 00000249 _____ () C:\Windows\system32\2015-01-19-21-47-40.038-aswFe.exe-912.log
2015-01-19 22:25 - 2015-01-19 22:47 - 00000249 _____ () C:\Windows\system32\2015-01-19-21-25-01.028-aswFe.exe-3604.log
2015-01-19 22:24 - 2015-01-19 22:24 - 00000199 _____ () C:\Windows\system32\2015-01-19-21-24-52.051-AvastVBoxSVC.exe-2552.log
2015-01-19 22:14 - 2015-01-20 01:19 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-10 02:18 - 2015-01-25 22:44 - 00000000 ____D () C:\RegBackup
2015-01-10 02:18 - 2015-01-10 02:18 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-****-BOOKLET-Microsoft-Windows-7-Starter-(32-bit).dat
2015-01-07 20:53 - 2015-01-07 20:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2015-01-07 20:52 - 2015-01-20 01:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-01-07 20:50 - 2015-01-20 01:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-01-07 20:49 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVAST Software
2015-01-07 20:49 - 2010-06-29 13:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2015-01-05 22:04 - 2015-01-20 01:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-04 22:30 - 2014-12-04 05:38 - 00728576 ____N (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-04 22:30 - 2014-12-04 05:38 - 00610304 ____N (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-04 22:30 - 2014-12-02 00:28 - 01160872 ____N (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-04 22:29 - 2014-12-04 05:38 - 00337920 ____N (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-04 22:29 - 2014-12-04 05:38 - 00315392 ____N (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-04 22:27 - 2015-01-04 22:29 - 00380416 _____ () C:\Users\****\Downloads\Gmer-19357.exe
2015-01-04 22:12 - 2014-11-21 08:16 - 02861568 ____N (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-04 22:02 - 2015-01-28 22:07 - 00000000 ____D () C:\FRST
2015-01-04 21:59 - 2015-01-28 22:07 - 01121792 _____ (Farbar) C:\Users\****\Downloads\FRST.exe
2015-01-04 21:56 - 2015-01-04 21:57 - 00000472 _____ () C:\Users\****\Downloads\defogger_disable.log
2015-01-04 21:56 - 2015-01-04 21:56 - 00000000 _____ () C:\Users\****\defogger_reenable
2015-01-04 21:54 - 2015-01-04 21:55 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe
2015-01-01 16:07 - 2015-01-01 16:07 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-01 16:07 - 2015-01-01 16:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 22:11 - 2014-01-21 21:51 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 22:07 - 2013-01-13 01:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 22:04 - 2014-01-21 21:51 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 22:02 - 2009-07-14 05:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 22:02 - 2009-07-14 05:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 23:17 - 2010-11-20 22:48 - 00014354 _____ () C:\Windows\PFRO.log
2015-01-27 23:17 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 23:17 - 2009-07-14 05:39 - 00256303 _____ () C:\Windows\setupact.log
2015-01-27 23:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-27 00:11 - 2010-11-20 22:01 - 01629396 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 22:47 - 2010-07-12 22:23 - 00000000 ____D () C:\Users\****\GDesk
2015-01-25 22:47 - 2010-07-05 09:19 - 00000000 ____D () C:\Users\****\AppData\Roaming\Mozilla
2015-01-25 22:47 - 2010-07-01 21:50 - 00000000 ____D () C:\Users\****\AppData\Roaming\PC Suite
2015-01-25 22:46 - 2014-01-21 21:41 - 00000000 ____D () C:\Users\****\AppData\Roaming\AVAST Software
2015-01-25 22:46 - 2010-07-05 09:33 - 00000000 ____D () C:\Users\****\AppData\Roaming\Adobe
2015-01-25 22:45 - 2011-09-10 10:31 - 00000000 ____D () C:\Users\****\AppData\Local\Google
2015-01-25 22:45 - 2010-07-05 09:19 - 00000000 ____D () C:\Users\****\AppData\Local\Mozilla
2015-01-25 22:45 - 2010-07-01 21:53 - 00000000 ____D () C:\Users\****\AppData\Local\Nokia
2015-01-25 22:44 - 2010-07-01 21:35 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2015-01-25 22:44 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-25 22:43 - 2011-08-16 10:17 - 00000000 ____D () C:\ba9291bd3e00e1ed1c0cb9
2015-01-25 20:07 - 2013-01-13 01:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 20:07 - 2011-06-15 00:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 19:59 - 2009-07-14 03:04 - 00000580 _____ () C:\Windows\win.ini
2015-01-25 19:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-23 20:59 - 2014-01-21 21:51 - 00000000 ____D () C:\Program Files\Google
2015-01-22 23:11 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-22 22:31 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-20 21:09 - 2012-11-19 09:53 - 00000000 ____D () C:\Users\****\AppData\Local\Wuala
2015-01-20 21:07 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\restore
2015-01-20 20:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-20 02:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-20 02:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\Recovery
2015-01-20 02:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-20 02:11 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-20 02:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Registration
2015-01-20 01:51 - 2009-07-14 05:39 - 00005715 _____ () C:\Windows\setuperr.log
2015-01-20 01:44 - 2009-07-14 05:33 - 00287424 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-20 01:41 - 2009-07-14 05:34 - 00005157 _____ () C:\Windows\DtcInstall.log
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:38 - 2010-07-18 21:53 - 00000000 ____D () C:\Users\****\Downloads\LinuxKDE(eng).gdd
2015-01-20 01:38 - 2010-07-18 21:47 - 00000000 ____D () C:\Users\****\Downloads\SNP88.gdd
2015-01-20 01:38 - 2010-07-18 21:41 - 00000000 ____D () C:\Users\****\Downloads\CrepusculumByPingwinGTS.gdd
2015-01-20 01:38 - 2010-07-18 21:34 - 00000000 ____D () C:\Users\****\Downloads\diamond-v04
2015-01-20 01:37 - 2012-08-18 10:14 - 00000000 ____D () C:\Users\****\AppData\Roaming\SoftGrid Client
2015-01-20 01:37 - 2012-08-18 10:14 - 00000000 ____D () C:\Users\****\AppData\Local\SoftGrid Client
2015-01-20 01:37 - 2010-07-13 00:04 - 00000000 ____D () C:\Users\****\AppData\Roaming\WinRAR
2015-01-20 01:37 - 2010-07-13 00:02 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-20 01:37 - 2010-07-05 09:33 - 00000000 ____D () C:\Users\****\AppData\Roaming\Macromedia
2015-01-20 01:37 - 2010-07-01 22:09 - 00000000 ____D () C:\Users\****\AppData\Roaming\Nokia Ovi Suite
2015-01-20 01:37 - 2010-07-01 21:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Nokia
2015-01-20 01:37 - 2010-07-01 21:56 - 00000000 ____D () C:\Users\****\AppData\Local\NokiaAccount
2015-01-20 01:36 - 2011-01-26 21:53 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2015-01-20 01:19 - 2014-07-26 20:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-20 01:19 - 2011-07-30 15:11 - 00000000 ____D () C:\Windows\system32\SPReview
2015-01-20 01:19 - 2011-07-16 23:18 - 00000000 ____D () C:\Windows\system32\EventProviders
2015-01-20 01:19 - 2010-07-05 09:32 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-20 01:19 - 2010-04-23 10:54 - 00000000 ____D () C:\Windows\{9BA86693-F49A-4DA1-BBB3-827DFB688228}
2015-01-20 01:19 - 2010-04-23 10:53 - 00000000 ____D () C:\Windows\system32\Lang
2015-01-20 01:19 - 2010-04-23 10:51 - 00000000 ____D () C:\Windows\system32\Microsoft.VC80.MFC
2015-01-20 01:19 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\it-IT
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\el-GR
2015-01-20 01:18 - 2010-07-05 11:03 - 00000000 ____D () C:\Windows\pss
2015-01-20 01:18 - 2010-06-29 13:20 - 00000000 ____D () C:\Windows\SHELLNEW
2015-01-20 01:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-20 01:16 - 2014-08-02 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-20 01:16 - 2014-01-21 21:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-20 01:16 - 2013-02-11 22:20 - 00000000 ____D () C:\ProgramData\Ask
2015-01-20 01:16 - 2013-01-25 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-01-20 01:16 - 2013-01-25 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-20 01:16 - 2012-11-19 09:58 - 00000000 ____D () C:\ProgramData\Sun
2015-01-20 01:16 - 2011-01-26 21:46 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-20 01:16 - 2011-01-26 21:42 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-20 01:16 - 2010-08-30 14:53 - 00000000 ____D () C:\ProgramData\Alwil Software
2015-01-20 01:16 - 2010-08-13 20:51 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2015-01-20 01:16 - 2010-07-13 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-20 01:16 - 2010-07-13 00:01 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-20 01:16 - 2010-07-01 21:50 - 00000000 ____D () C:\ProgramData\PC Suite
2015-01-20 01:16 - 2010-06-30 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2015-01-20 01:16 - 2010-06-30 23:11 - 00000000 ____D () C:\Program Files\Nokia
2015-01-20 01:16 - 2010-06-29 13:31 - 00000000 ____D () C:\ProgramData\fssg
2015-01-20 01:16 - 2010-06-29 13:30 - 00000000 ____D () C:\ProgramData\f-secure
2015-01-20 01:16 - 2010-06-29 13:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-20 01:16 - 2010-04-23 11:44 - 00000000 ____D () C:\ProgramData\temp
2015-01-20 01:16 - 2010-04-23 10:58 - 00000000 ____D () C:\Program Files\Option
2015-01-20 01:16 - 2010-04-23 10:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-20 01:16 - 2010-04-23 10:56 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-20 01:16 - 2010-04-23 10:51 - 00000000 ____D () C:\ProgramData\win7_32
2015-01-20 01:16 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\Power Management
2015-01-20 01:16 - 2010-04-23 10:29 - 00000000 ____D () C:\ProgramData\Nokia
2015-01-20 01:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-20 01:15 - 2014-11-11 21:13 - 00000000 ____D () C:\Program Files\GUM8EBC.tmp
2015-01-20 01:15 - 2013-09-04 21:05 - 00000000 ____D () C:\Program Files\Java
2015-01-20 01:15 - 2013-01-25 11:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-20 01:15 - 2012-08-18 10:08 - 00000000 ____D () C:\Program Files\Microsoft Application Virtualization Client
2015-01-20 01:15 - 2010-07-05 09:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-20 01:15 - 2010-06-29 13:22 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-20 01:15 - 2010-06-29 13:22 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2015-01-20 01:15 - 2010-06-29 13:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-20 01:15 - 2010-04-23 10:57 - 00000000 ____D () C:\Program Files\Microsoft Office Suite Activation Assistant
2015-01-20 01:15 - 2010-04-23 10:52 - 00000000 ____D () C:\Program Files\Intel
2015-01-20 01:15 - 2010-04-23 10:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-20 01:15 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\HotKey
2015-01-20 01:14 - 2014-11-11 21:14 - 00000000 ____D () C:\Program Files\GUM1317.tmp
2015-01-20 01:14 - 2014-08-02 11:53 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-20 01:14 - 2014-07-04 23:22 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-20 01:14 - 2013-10-25 08:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-20 01:14 - 2011-06-21 21:14 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-20 01:14 - 2011-01-12 22:48 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2015-01-20 01:14 - 2010-07-01 21:43 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2015-01-20 01:14 - 2010-07-01 21:42 - 00000000 ____D () C:\Program Files\DIFX
2015-01-20 01:14 - 2010-06-29 13:32 - 00000000 ____D () C:\Program Files\F-Secure
2015-01-20 01:14 - 2010-04-23 10:56 - 00000000 ____D () C:\Program Files\ASIX Electronics Corporation
2015-01-20 01:14 - 2010-04-23 10:55 - 00000000 ____D () C:\Program Files\CSR
2015-01-20 01:14 - 2010-04-23 10:54 - 00000000 ____D () C:\Program Files\Atheros
2015-01-20 01:14 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-20 01:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-20 01:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-20 01:13 - 2011-06-21 21:14 - 00000000 ____D () C:\Program Files\Adobe
2015-01-20 01:13 - 2010-08-30 14:53 - 00000000 ____D () C:\Program Files\Alwil Software
2015-01-20 01:04 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 00:56 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-20 00:56 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-01-20 00:14 - 2010-06-30 04:00 - 01702239 _____ () C:\Windows\WindowsUpdate (1).log
2015-01-19 23:01 - 2011-02-28 23:45 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-19 22:59 - 2010-08-30 14:54 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-08 09:55 - 2010-06-29 14:33 - 00249488 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 20:31 - 2014-11-11 22:09 - 00044846 _____ () C:\Windows\IE11_main.log
2015-01-05 21:24 - 2013-08-12 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-01 20:28 - 2010-06-29 14:21 - 00002334 _____ () C:\Users\****\Desktop\graf kaffee Extern.RDP
2015-01-01 17:20 - 2011-06-21 21:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-01-01 16:07 - 2014-07-09 21:36 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-01 16:07 - 2014-01-21 21:25 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-01 16:07 - 2013-04-16 21:35 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-01 16:07 - 2013-04-16 21:35 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-01 16:07 - 2012-04-17 18:18 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-01 16:07 - 2010-08-30 14:54 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

==================== Files in the root of some directories =======

2014-11-11 21:14 - 2014-11-11 21:14 - 6000640 _____ () C:\Program Files\GUT1328.tmp
2014-11-11 21:13 - 2014-11-11 21:24 - 6000640 _____ () C:\Program Files\GUT8ECC.tmp
2015-01-28 22:04 - 2015-01-28 22:04 - 0178688 _____ () C:\Users\****\AppData\Roaming\88d81255.exe
2012-04-04 22:43 - 2012-04-04 22:43 - 0273480 _____ () C:\Users\****\AppData\Roaming\BtvStack.dll
2015-01-25 22:47 - 2015-01-25 22:47 - 0008528 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-25 22:47 - 2015-01-25 22:47 - 0045538 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-25 22:47 - 2015-01-25 22:47 - 0004204 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-25 22:47 - 2015-01-25 22:47 - 0000272 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:45 - 2015-01-25 22:45 - 0008528 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.HTML
2015-01-25 22:45 - 2015-01-25 22:45 - 0045538 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.PNG
2015-01-25 22:45 - 2015-01-25 22:45 - 0004204 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.TXT
2015-01-25 22:45 - 2015-01-25 22:45 - 0000272 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.URL
2015-01-27 22:52 - 2015-01-27 22:52 - 0071168 _____ () C:\Users\****\AppData\Local\kdpvjam.dll
2015-01-26 21:17 - 2015-01-26 21:17 - 0070656 _____ () C:\Users\****\AppData\Local\kdpvjaz.dll
2015-01-22 20:28 - 2015-01-22 20:28 - 0000000 _____ () C:\ProgramData\HDPSetting.ini
2015-01-25 22:44 - 2015-01-25 22:44 - 0008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 0045538 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-25 22:44 - 2015-01-25 22:44 - 0004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 0000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2010-11-20 22:29 - 2010-11-20 22:29 - 0158349 ___SH (loplkjyhtg) C:\ProgramData\msotusjhe.exe
2015-01-25 22:42 - 2015-01-25 22:42 - 0000017 _____ () C:\ProgramData\systemskey.ini

Files to move or delete:
====================
C:\ProgramData\msotusjhe.exe


Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\NEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-27 01:50

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by **** at 2015-01-28 22:12:42
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Atheros 802.11 bgn Network Adapter (HKLM\...\InstallShield_{06A6143C-0703-4946-9E20-355F306ADF11}) (Version: 1.0.0.0 - Atheros)
Atheros 802.11 bgn Network Adapter (Version: 1.0.0.0 - Atheros) Hidden
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
AX88772A & AX88772 Windows 7 Drivers (HKLM\...\InstallShield_{620DA0EB-574D-45B5-B3E9-B85AECA41D59}) (Version: 1.0.0.0 - ASIX Electronics Corporation)
AX88772A & AX88772 Windows 7 Drivers (Version: 1.0.0.0 - ASIX Electronics Corporation) Hidden
Bluetooth Feature Pack 5.0 (HKLM\...\{0439D13F-C7CD-458A-90DE-44135CBD40B8}) (Version: 5.0.12 - CSR Plc.)
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Google Chrome (HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hard Disk Protection (HKLM\...\InstallShield_{08188833-CF3E-4067-B884-6049B0A38A35}) (Version: 1.0.0.18C - Nokia)
Hard Disk Protection (Version: 1.0.0.18C - Nokia) Hidden
Hotkey Utility (HKLM\...\InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}) (Version: 1.0.0.21C - Nokia)
Hotkey Utility (Version: 1.0.0.21C - Nokia) Hidden
Intel(R) Graphics Media Accelerator 500 (HKLM\...\LPCO) (Version:  -  Intel Corporation)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Microsoft .NET Framework 4.5.1 (DEU) (HKLM\...\{9E871D09-064D-3BC9-963B-3AB8ABE1273D}) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{4903D172-DCCB-392F-93A3-34CA9D47FE3D}) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Miniprogramm zum Abrufen von Nokia Ovi Suite (HKLM\...\{3A519502-3354-4290-A852-7A1835BA678F}) (Version: 1.0.45 - Nokia)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Booklet Software Updater (HKLM\...\{8C7AC9E7-A635-4C73-B360-FE6AE4E8DD93}) (Version: 1.1.100 - Nokia)
Nokia Connectivity Cable Driver (HKLM\...\{F1FDAA01-988C-423F-AC12-0D8F333943FD}) (Version: 7.1.31.0 - Nokia)
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 2.2.0.245 - Nokia)
Nokia Ovi Suite (Version: 2.2.0.245 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM\...\{A0D65C73-F2C5-432F-8788-90F8A2E99B98}) (Version: 02.05.002.42441 - Nokia Corporation)
Nokia Social Hub (HKLM\...\{F4A31D1A-8ABB-4977-848E-26F76F5212B0}) (Version: 1.0.585 - Nokia)
Option WWAN Driver 5.1.37.0 Installer  (HKLM\...\{884BB5CC-108E-41a9-936D-955C999C06A1}_x) (Version: 3.5.1.1140 - Option NV)
Option WWAN Driver 5.1.37.0 Installer (Version: 3.5.1.1140 - Option NV) Hidden
Ovi Desktop Sync Engine (Version: 1.4.78.0 - Nokia) Hidden
Ovi Maps Gadget (HKLM\...\{698A3082-B4AF-4113-8068-79C868C4B0C9}) (Version: 1.0.13867 - Nokia)
OviMPlatform (Version: 2.6.195.0 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{29F563F4-8807-4496-8463-441EAA0E96AB}) (Version: 10.26.0.0 - Nokia)
Power Management (HKLM\...\InstallShield_{C36E5EC0-A87E-4994-844B-1DE75ED22BD8}) (Version: 1.0.0.18C - Nokia)
Power Management (Version: 1.0.0.18C - Nokia) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5999 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoamingHelperSetup (HKLM\...\{C358D274-1BA4-4F57-95C4-4669AE126B99}) (Version: 1.0.0 - Option)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
Tap to wake up (HKLM\...\InstallShield_{0B23E38B-F4D8-44A9-A3D3-95020D35D8C9}) (Version: 1.0.0.19C - Nokia)
Tap to wake up (Version: 1.0.0.19C - Nokia) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Utility Common Driver (Version: 1.77.0.2C - NOKIA) Hidden
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\browser.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.91\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)

==================== Restore Points  =========================

25-01-2015 23:09:41 Revo Uninstaller's restore point - Dynamo Combo

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-01-10 02:56 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3201A1B4-6C25-46D5-BC40-232F14D989FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {5FC356A9-9467-4AE8-BED5-F787D160D1B1} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-01-01] (AVAST Software)
Task: {773C2256-6E9D-4A26-B6A8-2B2B69FDB1FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {7E476722-6C80-4EA0-8B46-48B6F562E67C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {A320242A-44DE-4938-A0A7-6476C923136C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {A6B2DB9E-6523-460F-A1F1-6F1C15D943E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {DF4F6C72-D05F-409D-BB27-9014CFBBC242} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {E3457BE7-F260-4266-BE08-4DEE4761FA99} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {E7CE1F64-F0B0-4581-96EE-3E2882FEF1E6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F762FFD0-B96E-4EB6-933D-A91579976F09} - System32\Tasks\Nokia\Booklet software updater\Check for updates => NBSUTool.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-04-23 10:56 - 2009-12-24 19:13 - 00180224 _____ () C:\WINDOWS\system32\HDPSrv.exe
2015-01-25 22:42 - 2015-01-25 22:42 - 00038400 _____ () C:\Windows\itaily.exe
2010-04-23 10:51 - 2010-04-23 10:51 - 00011776 _____ () C:\Windows\system32\PrLdrSrv.exe
2015-01-25 22:43 - 2015-01-25 22:43 - 01305088 _____ () C:\Users\****\AppData\Local\Abworks\lnkdovrphy.dll
2010-04-23 10:51 - 2010-04-23 10:51 - 00024576 _____ () C:\Windows\system32\EKECioCtl.dll
2010-04-23 10:56 - 2009-12-24 19:13 - 00180224 _____ () C:\Windows\System32\HDPSrv.exe
2015-01-25 22:43 - 2015-01-25 22:43 - 01265152 _____ () C:\Users\****\AppData\Local\Ihsoft\EPNHTX11.DLL
2015-01-26 21:17 - 2015-01-26 21:17 - 00070656 _____ () C:\Users\****\AppData\Local\kdpvjaz.dll
2015-01-27 22:52 - 2015-01-27 22:52 - 00071168 _____ () C:\Users\****\AppData\Local\kdpvjam.dll
2012-04-04 22:43 - 2012-04-04 22:43 - 00273480 _____ () C:\Users\****\AppData\Roaming\BtvStack.dll
2015-01-26 21:11 - 2015-01-26 21:11 - 38714368 _____ () C:\Users\****\AppData\Roaming\Local Store\libcef.dll
2015-01-26 21:11 - 2015-01-26 21:11 - 00873472 _____ () C:\Users\****\AppData\Roaming\Local Store\ffmpegsumo.dll
2015-01-26 21:11 - 2015-01-26 21:11 - 16840880 _____ () C:\Users\****\AppData\Roaming\Local Store\NPSWF32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3075977200-4285461987-214124539-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-3075977200-4285461987-214124539-501 - Limited - Disabled)
**** (S-1-5-21-3075977200-4285461987-214124539-1000 - Administrator - Enabled) => C:\Users\****

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2015 10:11:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/28/2015 00:08:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17379

Error: (01/28/2015 00:08:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17379

Error: (01/28/2015 00:08:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/28/2015 00:06:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/28/2015 00:04:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/28/2015 00:03:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/28/2015 00:03:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/28/2015 00:03:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/28/2015 00:03:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (01/28/2015 10:02:51 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/28/2015 10:02:42 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/28/2015 10:02:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst PrLdrSrv erreicht.

Error: (01/28/2015 00:08:28 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (01/27/2015 11:18:15 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/27/2015 11:18:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util Dynamo Combo" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/27/2015 11:18:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Dynamo Combo" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/27/2015 11:17:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "avast! Antivirus" ist vom Dienst "aswMonFlt" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%31

Error: (01/27/2015 11:17:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "aswMonFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (01/27/2015 11:16:23 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) CPU Z530 @ 1.60GHz
Percentage of memory in use: 90%
Total physical RAM: 1014.27 MB
Available physical RAM: 99.99 MB
Total Pagefile: 2054.27 MB
Available Pagefile: 322.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1810.68 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:103.98 GB) (Free:80.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: FCE9A0AE)
Partition 1: (Active) - (Size=7.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=104 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Bewusst habe ich nichts verschlüsselt. Die oben genannten vier Dateien finden sich in diversen Dateiordnern! Der Versuch ein PDF zu öffnen klappt nicht. Es erscheint die Fehlermeldung "Adobe Reader konnte xxx.pdf nicht öffnen, da der Dateityp nicht unterstützt wird oder die Datei beschädigt ist." Hmmmm....

Alt 29.01.2015, 11:58   #26
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen - Standard

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen



Zitat:
Es erscheint die Fehlermeldung "Adobe Reader konnte xxx.pdf nicht öffnen, da der Dateityp nicht unterstützt wird oder die Datei beschädigt ist." Hmmmm....
Genau das meinte ich.

Nicht ob Du Daten verschlüsselt hast. Gehen sonst noch andre Daten nicht, oder haben Dokumente plötzlich ne andere Dateiendung?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.01.2015, 23:34   #27
schuemli
 
Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen - Standard

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen



Mittlerweile bin ich meilenweit von meinem ursprünglichen Problem entfernt. So ein Ärger!

Bei den Dateiendungen ist nichts auffälliges zu sehen. Weil ich avast nicht mehr starten konnte habe ich mich im Board etwas umgesehen. Dabei ist mir der Beitrag von ekeks aufgefallen (virenscanner lassen sich nicht mehr starten). Ich habe wie dort beschrieben einen Scan mit combofix gemacht. Folgend die Logdatei:

Code:
ATTFilter
ComboFix 15-01-28.01 - **** 28.01.2015  23:59:46.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.41.1031.18.1014.278 [GMT 1:00]
ausgeführt von:: c:\users\****\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\msotusjhe.exe
c:\users\****\AppData\Local\kdpvjam.dll
c:\users\****\AppData\Local\kdpvjaz.dll
c:\users\****\AppData\Roaming\Akem
c:\users\****\AppData\Roaming\Akem\futya.exe
c:\users\****\AppData\Roaming\BtvStack.dll
c:\windows\system32\drivers\93a0a821ee01750e.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_93a0a821ee01750e
-------\Service_93a0a821ee01750e
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-28 bis 2015-01-29  ))))))))))))))))))))))))))))))
.
.
2015-01-28 23:59 . 2013-06-17 00:10	7068072	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2B0DE48-4BCB-489A-936D-2B83B9144414}\mpengine.dll
2015-01-28 23:50 . 2015-01-28 23:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-28 22:19 . 2015-01-01 15:07	291352	----a-w-	c:\windows\system32\aswBoot.exe
2015-01-25 21:42 . 2015-01-25 21:42	38400	----a-w-	c:\windows\itaily.exe
2015-01-25 21:06 . 2015-01-29 00:00	--------	d--h--w-	c:\programdata\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-01-25 18:59 . 2015-01-25 04:44	43160	----a-w-	c:\windows\system32\drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw.sys
2015-01-23 20:30 . 2015-01-23 00:41	43160	----a-w-	c:\windows\system32\drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw.sys
2015-01-23 19:45 . 2015-01-23 19:45	--------	d-----w-	c:\program files\VS Revo Group
2015-01-22 21:15 . 2015-01-22 21:31	--------	d-----w-	c:\program files\Bonjour Print Services
2015-01-22 21:14 . 2015-01-22 21:14	--------	d-----w-	c:\program files\Apple Software Update
2015-01-22 21:13 . 2015-01-22 21:13	--------	d-----w-	c:\program files\Bonjour
2015-01-22 21:13 . 2015-01-22 21:13	--------	d-----w-	c:\programdata\Apple
2015-01-20 00:41 . 2015-01-25 21:44	--------	d-----w-	c:\users\Default\AppData\Roaming\AVAST Software
2015-01-20 00:41 . 2015-01-20 00:41	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2015-01-20 00:06 . 2015-01-25 21:59	--------	d-----w-	c:\users\****
2015-01-20 00:06 . 2015-01-25 21:44	--------	d-----w-	c:\users\Administrator
2015-01-20 00:04 . 2015-01-20 00:04	--------	d-----w-	c:\windows\system32\RTCOM
2015-01-20 00:04 . 2015-01-20 00:04	--------	d-----w-	c:\program files\Realtek
2015-01-20 00:03 . 2015-01-20 00:03	--------	d-----w-	c:\program files\Synaptics
2015-01-19 23:57 . 2015-01-20 01:15	--------	d-----w-	c:\windows\Panther
2015-01-19 23:30 . 2015-01-25 21:42	--------	d-----w-	C:\$WINDOWS.~Q
2015-01-19 23:25 . 2015-01-19 23:29	--------	d-----w-	C:\$INPLACE.~TR
2015-01-19 22:22 . 2015-01-19 22:22	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D15E185-65C0-408C-BAD0-3F72827B5056}\offreg.dll
2015-01-19 21:14 . 2015-01-20 00:19	--------	d-----w-	c:\windows\system32\vbox
2015-01-19 20:32 . 2014-12-02 11:01	9054624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D15E185-65C0-408C-BAD0-3F72827B5056}\mpengine.dll
2015-01-10 01:18 . 2015-01-25 21:44	--------	d-----w-	C:\RegBackup
2015-01-05 21:04 . 2015-01-20 00:19	--------	d-----w-	c:\windows\system32\appraiser
2015-01-04 21:30 . 2014-12-01 23:28	1160872	------w-	c:\windows\system32\aitstatic.exe
2015-01-04 21:30 . 2014-12-04 04:38	610304	------w-	c:\windows\system32\invagent.dll
2015-01-04 21:29 . 2014-12-04 04:38	315392	------w-	c:\windows\system32\devinv.dll
2015-01-04 21:29 . 2014-12-04 04:38	337920	------w-	c:\windows\system32\generaltel.dll
2015-01-04 21:12 . 2014-11-21 07:16	2861568	------w-	c:\windows\system32\jscript9.dll
2015-01-04 21:02 . 2015-01-28 21:24	--------	d-----w-	C:\FRST
2015-01-01 15:07 . 2015-01-01 15:07	43152	----a-w-	c:\windows\avastSS.scr
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-25 19:07 . 2013-01-13 00:31	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-01-25 19:07 . 2011-06-14 23:19	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-19 22:01 . 2011-02-28 22:45	787800	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2015-01-19 21:59 . 2010-08-30 13:54	423784	----a-w-	c:\windows\system32\drivers\aswsp.sys
2015-01-08 08:55 . 2010-06-29 13:33	249488	----a-w-	c:\windows\system32\MpSigStub.exe
2015-01-01 15:07 . 2014-01-21 20:25	91496	----a-w-	c:\windows\system32\drivers\aswStm.sys
2015-01-01 15:07 . 2013-04-16 20:35	206248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-01-01 15:07 . 2013-04-16 20:35	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-01-01 15:07 . 2014-07-09 20:36	24184	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-01-01 15:07 . 2012-04-17 17:18	81768	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-01-01 15:07 . 2010-08-30 13:54	70384	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-11-18 13:56 . 2014-11-18 13:56	1202848	----a-w-	c:\windows\system32\FM20.DLL
2014-11-11 20:24 . 2014-11-11 20:13	6000640	----a-w-	c:\program files\GUT8ECC.tmp
2014-11-11 20:14 . 2014-11-11 20:14	6000640	----a-w-	c:\program files\GUT1328.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-01 15:06	723976	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia Social Hub"="c:\program files\Nokia\Nokia Social Hub\Hub.exe" [2010-04-21 4941824]
"Ihsoft"="c:\users\****\AppData\Local\Ihsoft\EPNHTX11.DLL" [2015-01-25 1265152]
"Abworks"="c:\users\****\AppData\Local\Abworks\lnkdovrphy.dll" [2015-01-25 1305088]
"C5FF2788"="c:\users\****\AppData\Roaming\C5FF2788\bin.exe" [2015-01-26 53248]
"kdpvjam"="c:\users\****\AppData\Local\kdpvjam.dll" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-05 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-05 350744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-09 8120864]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2015-01-28 5225064]
"CeEKEY"="c:\program files\HotKey\CeEKey.exe" [2010-04-06 1607024]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-09-10 504160]
"CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-09-10 346464]
"HDPSrv"="c:\windows\system32\HDPSrv.exe" [2009-12-24 180224]
"NpwrMngr"="c:\program files\Power Management\NpwrMngr.exe" [2009-12-23 488816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HELP_DECRYPT.HTML [2015-1-28 8528]
HELP_DECRYPT.PNG [2015-1-28 45522]
HELP_DECRYPT.TXT [2015-1-28 4204]
HELP_DECRYPT.URL [2015-1-28 272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - BPMWLJIS
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WXGVZKVH
*Deregistered* - bpmwljis
*Deregistered* - wxgvzkvh
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-13 19:07]
.
2015-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-21 20:51]
.
2015-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-21 20:51]
.
2015-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core.job
- c:\users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-23 20:08]
.
2015-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA.job
- c:\users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-23 20:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bluewin.ch/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AA132380-4875-4E1D-99ED-7B7AC0780F88}: NameServer = 195.186.216.33 195.186.152.33
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-BluetoothS - c:\users\****\AppData\Roaming\BtvStack.dll
HKCU-Run-{DF24E061-FD3F-1502-128A-99803267983E} - c:\users\****\AppData\Roaming\Akem\futya.exe
HKCU-Run-kdpvjaz - c:\users\****\AppData\Local\kdpvjaz.dll
HKCU-Run-kdpvjam - c:\users\****\AppData\Local\kdpvjam.dll
HKLM-Explorer_Run-2560651233 - c:\progra~2\msotusjhe.exe
.
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C9F068BE"="c:\\Users\\****\\AppData\\Roaming\\C9F068BE\\bin.exe"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(15984)
c:\users\****\AppData\Local\Abworks\lnkdovrphy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\itaily.exe
c:\windows\system32\PrLdrSrv.exe
c:\program files\Option\RoamingHelperSetup\RoamingHelper.exe
c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
c:\program files\Microsoft Application Virtualization Client\sftlist.exe
c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\System32\regsvr32.exe
c:\windows\System32\regsvr32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\sppsvc.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Alwil Software\Avast5\ng\ngtool.exe
c:\windows\system32\conhost.exe
c:\program files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe
c:\windows\system32\vssvc.exe
c:\program files\Nokia\Nokia Booklet software updater\UpdateWatch.exe
c:\program files\Alwil Software\Avast5\ng\ngtool.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-29  01:12:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-29 00:12
.
Vor Suchlauf: 8 Verzeichnis(se), 85'902'290'944 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 86'473'940'992 Bytes frei
.
- - End Of File - - 8873211D0CBAEE3A6C7FBAAD0223E00A
A36C5E4F47E84449FF07ED3517B43A31
         
Danach konnte ich avast wieder starten. Seither meldet mir avast aber immer etwas von einer gefundenen Bedrohung (Infektion: URL:Mal und Prozess: C:\windows\explorer.exe)

Noch weitere auffällige Punkte:

In Laufwerk C: haben sich merkwürdige Ordner eingenistet, z.B. $INPLACE.~TR oder $RECYCLE.BIN oder $WINDOWS.~Q. Zum Teil hat das Ordnersymbol noch zusätzlich eine Art Vorhängeschloss.

Die erwähnten vier "Decrypt"-Dateien waren u.a. auch im Autostart. Die habe ich gelöscht. Aber wie von Geisterhand sind die wieder drin.

Alt 30.01.2015, 09:48   #28
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen - Standard

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen



Du hast dich irgendwann klassisch wieder infiziert, und das nicht ohne. Hab ich im Log gesehen. Nur bevor man blind Cf einsetzt(was wir nachher eingesetzt hätten) mussten wir erst mal klären was mit den Dateien ist.


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.01.2015, 12:20   #29
schuemli
 
Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen - Standard

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen



Folgend das Log von Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 30.01.2015
Suchlauf-Zeit: 10:02:56
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.30.03
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Klose

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 357588
Verstrichene Zeit: 34 Min, 32 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 5
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [e2a900fd5336d95df8b083ae996adc24], 
PUP.Optional.DynamoCombo.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Dynamo Combo, In Quarantäne, [0e7de31a4f3aa78f9bcff68c4bb8936d], 
PUP.Optional.DynamoCombo.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Dynamo Combo, In Quarantäne, [810a7885a7e245f1ee7bf191b1526b95], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3075977200-4285461987-214124539-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [f29907f6b6d3fa3ce21eebdb7d86df21], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3075977200-4285461987-214124539-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [ee9deb120782a294fe1609d350b414ec], 

Registrierungswerte: 3
PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files\WSE_Vosteran\\, In Quarantäne, [4447619c7c0ddc5a1f7631d5f114867a]
Trojan.Agent.MSDGen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|2560651233, C:\PROGRA~2\msotusjhe.exe, In Quarantäne, [dab18c71454476c0e5bfefa27d86a957]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3075977200-4285461987-214124539-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1B1L2Z1S, In Quarantäne, [ee9deb120782a294fe1609d350b414ec]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 5
Trojan.MSIL.ED, c:\Users\Klose\AppData\Roaming\C5FF2788\bin.exe, In Quarantäne, [d2b933ca533655e144f7888d49b94db3], 
Adware.Agent, C:\Users\Klose\Downloads\FLVPlayerSetup.exe, In Quarantäne, [92f997664b3e9a9c3287f18edf21639d], 
PUP.Optional.OpenCandy, C:\Users\Klose\Downloads\winamp5601_full_emusic-7plus_de-de.exe, In Quarantäne, [fa91718ca6e3ce6817471eb354b1c040], 
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw.sys, In Quarantäne, [6724dd20246592a428b3782461a2bf41], 
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw.sys, In Quarantäne, [67248d709bee7eb8edeecbd14db639c7], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Mit dem AdwCleaner wurden keine infizierten Dateien gefunden und auch kein Log erstellt.

Folgend die Logdatei von Junkware Removal:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Starter x86
Ran by Klose on 30.01.2015 at 11:52:04.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.01.2015 at 12:00:33.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Mit diesem Tool wurden aber auch keine infizierten Dateien gefunden.

Folgend ein frisches FRST log:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by **** (administrator) on ****-BOOKLET on 30-01-2015 12:02:51
Running from C:\Users\****\Downloads
Loaded Profiles: **** (Available profiles: **** & Administrator)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\HDPSrv.exe
() C:\Windows\System32\prldrsrv.exe
(Option International) C:\Program Files\Option\RoamingHelperSetup\RoamingHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avast Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe
(Nokia) C:\Program Files\Power Management\NpwrMngr.exe
(COMPAL ELECTRONIC INC.) C:\Program Files\HotKey\CeEKey.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
() C:\Windows\System32\HDPSrv.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Nokia\Nokia Booklet software updater\NBSUTool.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-09] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5225064 2015-01-28] (AVAST Software)
HKLM\...\Run: [CeEKEY] => C:\Program Files\HotKey\CeEKey.exe [1607024 2010-04-06] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [504160 2009-09-10] (CSR, plc)
HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [346464 2009-09-10] (CSR, plc)
HKLM\...\Run: [HDPSrv] => C:\Windows\system32\HDPSrv.exe [180224 2009-12-24] ()
HKLM\...\Run: [NokiaMServer] => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [NpwrMngr] => C:\Program Files\Power Management\NpwrMngr.exe [488816 2009-12-23] (Nokia)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [Nokia Social Hub] => C:\Program Files\Nokia\Nokia Social Hub\Hub.exe [4941824 2010-04-21] (Nokia)
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [Abworks] => regsvr32.exe C:\Users\****\AppData\Local\Abworks\lnkdovrphy.dll <===== ATTENTION
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [C5FF2788] => C:\Users\****\AppData\Roaming\C5FF2788\bin.exe
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.tostotor.com/99oxaj
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3075977200-4285461987-214124539-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=NKATDF&pc=MANK&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\..\Interfaces\{AA132380-4875-4E1D-99ED-7B7AC0780F88}: [NameServer] 195.186.216.33 195.186.152.33

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.bluewin.ch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3075977200-4285461987-214124539-1000: @tools.google.com/Google Update;version=3 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3075977200-4285461987-214124539-1000: @tools.google.com/Google Update;version=9 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Stealthy - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\Extensions\stealthyextension@gmail.com.xpi [2011-05-19]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-07-01]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2010-07-01]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.bluewin.ch/"
CHR Plugin: (Shockwave Flash) - C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.91\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.91\pdf.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Google Update) - C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_287.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-25]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-01-01]
StartMenuInternet: Google Chrome.ENT2PAEKF5UFKJNFFNKFI6MGBA - C:\Users\****\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2015-01-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-01] (Avast Software)
R2 HDPSrv; C:\WINDOWS\system32\HDPSrv.exe [180224 2009-12-24] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 PrLdrSrv; C:\Windows\system32\PrLdrSrv.exe [11776 2010-04-23] () [File not signed]
R2 RoamingHelper; C:\Program Files\Option\RoamingHelperSetup\RoamingHelper.exe [19968 2010-04-02] (Option International) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [111488 2009-09-10] (CSR, plc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-01] ()
R0 EMSC; C:\Windows\System32\DRIVERS\EvMngr.SYS [19824 2009-06-25] ()
R3 GTNDIS62; C:\Windows\System32\DRIVERS\Gtuhs62.sys [159744 2010-04-13] (Option N.V.)
R3 GTUHSBUS; C:\Windows\System32\DRIVERS\gtuhsbus.sys [151552 2010-03-12] (Option N.V.)
R3 GTUHSSER; C:\Windows\System32\DRIVERS\gtuhsser.sys [8064 2010-02-26] (Option N.V.)
R0 HDFilter; C:\Windows\System32\DRIVERS\HDFilter.sys [20848 2009-07-04] (COMPAL ELECTRONIC INC.)
R3 igd; C:\Windows\System32\DRIVERS\igdkmd32.sys [647904 2010-03-26] (Intel Corporation)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-03] (COMPAL ELECTRONIC INC.)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [14848 2012-08-23] (Microsoft Corporation) [File not signed]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [584872 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [197800 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [24232 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [20136 2013-06-26] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [218192 2015-01-01] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\****\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 12:00 - 2015-01-30 12:00 - 00000620 _____ () C:\Users\****\Desktop\JRT.txt
2015-01-30 11:51 - 2015-01-30 11:51 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 11:50 - 2015-01-30 11:51 - 01707939 _____ (Thisisu) C:\Users\****\Downloads\JRT.exe
2015-01-30 11:36 - 2015-01-30 11:36 - 00000199 _____ () C:\Windows\system32\2015-01-30-10-36-05.047-AvastVBoxSVC.exe-3172.log
2015-01-30 11:14 - 2015-01-30 11:31 - 00000000 ____D () C:\AdwCleaner
2015-01-30 11:06 - 2015-01-30 11:07 - 02194432 _____ () C:\Users\****\Downloads\AdwCleaner_4.109.exe
2015-01-30 11:03 - 2015-01-30 11:03 - 00003164 _____ () C:\Users\****\Desktop\mbam.txt
2015-01-30 10:50 - 2015-01-30 10:50 - 00000199 _____ () C:\Windows\system32\2015-01-30-09-50-36.060-AvastVBoxSVC.exe-5652.log
2015-01-30 10:01 - 2015-01-30 11:02 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 10:01 - 2015-01-30 10:01 - 00001070 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-30 10:01 - 2015-01-30 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-30 10:01 - 2015-01-30 10:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-30 10:01 - 2015-01-30 10:01 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-30 10:01 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 10:01 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-30 10:01 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-30 09:56 - 2015-01-30 09:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-30 08:18 - 2015-01-30 08:18 - 00000199 _____ () C:\Windows\system32\2015-01-30-07-18-42.047-AvastVBoxSVC.exe-3212.log
2015-01-29 22:12 - 2015-01-29 22:12 - 00000199 _____ () C:\Windows\system32\2015-01-29-21-12-23.046-AvastVBoxSVC.exe-3172.log
2015-01-29 01:38 - 2015-01-29 01:38 - 00000249 _____ () C:\Windows\system32\2015-01-29-00-38-24.051-aswFe.exe-15716.log
2015-01-29 01:27 - 2015-01-29 01:38 - 00000249 _____ () C:\Windows\system32\2015-01-29-00-27-23.045-aswFe.exe-13928.log
2015-01-29 01:27 - 2015-01-29 01:27 - 00000199 _____ () C:\Windows\system32\2015-01-29-00-27-10.036-AvastVBoxSVC.exe-9804.log
2015-01-29 01:20 - 2015-01-29 01:20 - 00000199 _____ () C:\Windows\system32\2015-01-29-00-20-07.005-AvastVBoxSVC.exe-7036.log
2015-01-29 01:12 - 2015-01-29 22:58 - 00014349 _____ () C:\ComboFix.txt
2015-01-28 23:54 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-28 23:54 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-28 23:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-28 23:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-28 23:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-28 23:54 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-28 23:54 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-28 23:54 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-28 23:53 - 2015-01-29 01:13 - 00000000 ____D () C:\Qoobox
2015-01-28 23:50 - 2015-01-28 23:41 - 05610841 ____R (Swearware) C:\Users\****\Downloads\ComboFix.exe
2015-01-28 23:41 - 2015-01-29 01:06 - 00000000 ____D () C:\Windows\erdnt
2015-01-28 23:21 - 2015-01-28 23:21 - 00002138 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-28 23:21 - 2015-01-28 23:21 - 00000199 _____ () C:\Windows\system32\2015-01-28-22-21-41.095-AvastVBoxSVC.exe-6008.log
2015-01-28 23:21 - 2015-01-28 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-28 23:19 - 2015-01-01 16:07 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-28 23:03 - 2014-11-07 16:35 - 132469808 _____ (AVAST Software) C:\Users\****\Downloads\avast_free_antivirus_setup.exe
2015-01-28 22:12 - 2015-01-28 22:18 - 00023811 _____ () C:\Users\****\Downloads\Addition.txt
2015-01-28 22:07 - 2015-01-30 12:03 - 00015585 _____ () C:\Users\****\Downloads\FRST.txt
2015-01-27 23:09 - 2015-01-28 22:07 - 00000000 ____D () C:\Users\****\Downloads\FRST-OlderVersion
2015-01-27 22:52 - 2015-01-29 22:11 - 00000000 ___HD () C:\Users\****\AppData\Roaming\C9F068BE
2015-01-27 00:56 - 2015-01-27 00:56 - 118132629 _____ () C:\Windows\MEMORY.DMP
2015-01-27 00:56 - 2015-01-27 00:56 - 00510968 _____ () C:\Windows\Minidump\012715-35568-01.dmp
2015-01-27 00:56 - 2015-01-27 00:56 - 00000000 ____D () C:\Windows\Minidump
2015-01-26 21:18 - 2015-01-30 10:41 - 00000000 ___HD () C:\Users\****\AppData\Roaming\C5FF2788
2015-01-26 21:05 - 2015-01-26 21:11 - 00000000 ____D () C:\Users\****\AppData\Roaming\Local Store
2015-01-25 23:42 - 2015-01-27 23:18 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-25 23:18 - 2015-01-28 22:07 - 00000000 ____D () C:\Users\****\AppData\Roaming\Bihy
2015-01-25 22:59 - 2015-01-25 22:59 - 00008528 _____ () C:\Users\****\HELP_DECRYPT.HTML
2015-01-25 22:59 - 2015-01-25 22:59 - 00008528 _____ () C:\Users\HELP_DECRYPT.HTML
2015-01-25 22:59 - 2015-01-25 22:59 - 00004204 _____ () C:\Users\****\HELP_DECRYPT.TXT
2015-01-25 22:59 - 2015-01-25 22:59 - 00004204 _____ () C:\Users\HELP_DECRYPT.TXT
2015-01-25 22:59 - 2015-01-25 22:59 - 00000272 _____ () C:\Users\****\HELP_DECRYPT.URL
2015-01-25 22:59 - 2015-01-25 22:59 - 00000272 _____ () C:\Users\HELP_DECRYPT.URL
2015-01-25 22:47 - 2015-01-25 22:47 - 00008528 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-25 22:47 - 2015-01-25 22:47 - 00008528 _____ () C:\Users\****\AppData\HELP_DECRYPT.HTML
2015-01-25 22:47 - 2015-01-25 22:47 - 00004204 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-25 22:47 - 2015-01-25 22:47 - 00004204 _____ () C:\Users\****\AppData\HELP_DECRYPT.TXT
2015-01-25 22:47 - 2015-01-25 22:47 - 00000272 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:47 - 2015-01-25 22:47 - 00000272 _____ () C:\Users\****\AppData\HELP_DECRYPT.URL
2015-01-25 22:45 - 2015-01-25 22:45 - 00008528 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.HTML
2015-01-25 22:45 - 2015-01-25 22:45 - 00004204 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.TXT
2015-01-25 22:45 - 2015-01-25 22:45 - 00000272 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Default\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Default\AppData\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Administrator\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Administrator\AppData\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Default\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Default\AppData\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Administrator\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Administrator\AppData\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default\AppData\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Administrator\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Administrator\AppData\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-25 22:43 - 2015-01-29 22:11 - 00000000 ____D () C:\Users\****\AppData\Local\Ihsoft
2015-01-25 22:43 - 2015-01-25 22:43 - 00000000 ____D () C:\Users\****\AppData\Local\Abworks
2015-01-25 22:42 - 2015-01-25 22:42 - 00000416 _____ () C:\Windows\BRWMARK.INI
2015-01-25 22:42 - 2015-01-25 22:42 - 00000034 _____ () C:\Windows\system32\BD5280DW.DAT
2015-01-25 22:42 - 2015-01-25 22:42 - 00000017 _____ () C:\ProgramData\systemskey.ini
2015-01-25 22:06 - 2015-01-29 07:02 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-01-25 20:53 - 2015-01-25 20:53 - 00000491 _____ () C:\Users\****\Downloads\gmer log 25.01.15.log
2015-01-23 21:09 - 2015-01-23 21:09 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-23 21:08 - 2015-01-30 11:19 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA.job
2015-01-23 21:08 - 2015-01-29 22:07 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core.job
2015-01-23 21:07 - 2015-01-23 21:12 - 00000000 ____D () C:\Users\****\AppData\Local\500950
2015-01-23 21:07 - 2015-01-23 21:07 - 35763832 _____ (Google Inc.) C:\Users\****\Downloads\google-chrome.exe
2015-01-23 20:45 - 2015-01-23 20:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-22 22:32 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple
2015-01-22 22:31 - 2015-01-22 22:31 - 00001419 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-22 22:30 - 2015-01-22 22:30 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2015-01-22 22:16 - 2015-01-22 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2015-01-22 22:15 - 2015-01-22 22:31 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2015-01-22 22:14 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\****\AppData\Local\Apple
2015-01-22 22:14 - 2015-01-22 22:14 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-22 22:14 - 2015-01-22 22:14 - 00000000 ____D () C:\Program Files\Apple Software Update
2015-01-22 22:13 - 2015-01-22 22:13 - 00000000 ____D () C:\ProgramData\Apple
2015-01-22 22:13 - 2015-01-22 22:13 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-22 22:01 - 2015-01-22 22:02 - 05436744 _____ (Apple Inc.) C:\Users\****\Downloads\BonjourPS202Setup.exe
2015-01-22 20:28 - 2015-01-22 20:28 - 00000000 _____ () C:\ProgramData\HDPSetting.ini
2015-01-20 02:17 - 2015-01-20 02:17 - 00001419 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 02:15 - 2015-01-20 02:15 - 00000020 ___SH () C:\Users\****\ntuser.ini
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 ____D () C:\Recovery
2015-01-20 02:05 - 2015-01-30 11:48 - 00054851 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 01:50 - 2015-01-20 01:50 - 00021532 _____ () C:\Windows\system32\emptyregdb.dat
2015-01-20 01:41 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\AVAST Software
2015-01-20 01:41 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\AVAST Software
2015-01-20 01:41 - 2015-01-20 01:41 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-20 01:41 - 2015-01-20 01:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-20 01:06 - 2015-01-25 22:59 - 00000000 ____D () C:\Users\****
2015-01-20 01:06 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\Administrator
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Startmenü
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Netzwerkumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Druckumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Documents\Eigene Musik
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Documents\Eigene Bilder
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\AppData\Local\Verlauf
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2015-01-20 01:06 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:06 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:06 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:06 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:04 - 2015-01-20 01:04 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-01-20 01:04 - 2015-01-20 01:04 - 00000000 ____D () C:\Program Files\Realtek
2015-01-20 01:03 - 2015-01-20 01:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-01-20 01:03 - 2015-01-20 01:03 - 00000000 ____D () C:\Program Files\Synaptics
2015-01-20 01:02 - 2015-01-20 01:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-20 00:59 - 2015-01-20 01:05 - 00001355 _____ () C:\Windows\TSSysprep.log
2015-01-20 00:57 - 2015-01-20 02:15 - 00000000 ____D () C:\Windows\Panther
2015-01-20 00:54 - 2015-01-20 00:54 - 00262144 _____ () C:\Windows\system32\config\userdiff
2015-01-20 00:30 - 2015-01-25 22:42 - 00000000 ____D () C:\$WINDOWS.~Q
2015-01-20 00:25 - 2015-01-20 00:29 - 00000000 ____D () C:\$INPLACE.~TR
2015-01-19 23:11 - 2015-01-20 01:52 - 00006137 _____ () C:\Windows\comsetup.log
2015-01-19 22:59 - 2015-01-19 22:59 - 00000199 _____ () C:\Windows\system32\2015-01-19-21-59-47.056-AvastVBoxSVC.exe-2804.log
2015-01-19 22:47 - 2015-01-19 22:47 - 00000249 _____ () C:\Windows\system32\2015-01-19-21-47-40.038-aswFe.exe-912.log
2015-01-19 22:25 - 2015-01-19 22:47 - 00000249 _____ () C:\Windows\system32\2015-01-19-21-25-01.028-aswFe.exe-3604.log
2015-01-19 22:24 - 2015-01-19 22:24 - 00000199 _____ () C:\Windows\system32\2015-01-19-21-24-52.051-AvastVBoxSVC.exe-2552.log
2015-01-19 22:14 - 2015-01-20 01:19 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-10 02:18 - 2015-01-25 22:44 - 00000000 ____D () C:\RegBackup
2015-01-10 02:18 - 2015-01-10 02:18 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-****-BOOKLET-Microsoft-Windows-7-Starter-(32-bit).dat
2015-01-07 20:53 - 2015-01-07 20:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2015-01-07 20:52 - 2015-01-20 01:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-01-07 20:50 - 2015-01-20 01:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-01-07 20:49 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVAST Software
2015-01-07 20:49 - 2010-06-29 13:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2015-01-05 22:04 - 2015-01-20 01:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-04 22:30 - 2014-12-04 05:38 - 00728576 ____N (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-04 22:30 - 2014-12-04 05:38 - 00610304 ____N (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-04 22:30 - 2014-12-02 00:28 - 01160872 ____N (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-04 22:29 - 2014-12-04 05:38 - 00337920 ____N (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-04 22:29 - 2014-12-04 05:38 - 00315392 ____N (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-04 22:27 - 2015-01-04 22:29 - 00380416 _____ () C:\Users\****\Downloads\Gmer-19357.exe
2015-01-04 22:12 - 2014-11-21 08:16 - 02861568 ____N (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-04 22:02 - 2015-01-30 12:02 - 00000000 ____D () C:\FRST
2015-01-04 21:59 - 2015-01-28 22:07 - 01121792 _____ (Farbar) C:\Users\****\Downloads\FRST.exe
2015-01-04 21:56 - 2015-01-04 21:57 - 00000472 _____ () C:\Users\****\Downloads\defogger_disable.log
2015-01-04 21:56 - 2015-01-04 21:56 - 00000000 _____ () C:\Users\****\defogger_reenable
2015-01-04 21:54 - 2015-01-04 21:55 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe
2015-01-01 16:07 - 2015-01-01 16:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 12:01 - 2014-01-21 21:51 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 11:35 - 2014-01-21 21:51 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 11:33 - 2010-11-20 22:48 - 00017360 _____ () C:\Windows\PFRO.log
2015-01-30 11:33 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 11:33 - 2009-07-14 05:39 - 00265306 _____ () C:\Windows\setupact.log
2015-01-30 11:32 - 2009-07-14 05:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 11:32 - 2009-07-14 05:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 11:07 - 2013-01-13 01:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 10:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\security
2015-01-29 01:13 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-29 01:12 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-29 01:00 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-29 00:10 - 2010-04-23 11:44 - 00000000 ____D () C:\ProgramData\temp
2015-01-28 22:55 - 2010-11-20 22:01 - 01629396 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 23:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-25 22:47 - 2010-07-12 22:23 - 00000000 ____D () C:\Users\****\GDesk
2015-01-25 22:47 - 2010-07-05 09:19 - 00000000 ____D () C:\Users\****\AppData\Roaming\Mozilla
2015-01-25 22:47 - 2010-07-01 21:50 - 00000000 ____D () C:\Users\****\AppData\Roaming\PC Suite
2015-01-25 22:46 - 2014-01-21 21:41 - 00000000 ____D () C:\Users\****\AppData\Roaming\AVAST Software
2015-01-25 22:46 - 2010-07-05 09:33 - 00000000 ____D () C:\Users\****\AppData\Roaming\Adobe
2015-01-25 22:45 - 2011-09-10 10:31 - 00000000 ____D () C:\Users\****\AppData\Local\Google
2015-01-25 22:45 - 2010-07-05 09:19 - 00000000 ____D () C:\Users\****\AppData\Local\Mozilla
2015-01-25 22:45 - 2010-07-01 21:53 - 00000000 ____D () C:\Users\****\AppData\Local\Nokia
2015-01-25 22:44 - 2010-07-01 21:35 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2015-01-25 22:43 - 2011-08-16 10:17 - 00000000 ____D () C:\ba9291bd3e00e1ed1c0cb9
2015-01-25 20:07 - 2013-01-13 01:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 20:07 - 2011-06-15 00:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 19:59 - 2009-07-14 03:04 - 00000580 _____ () C:\Windows\win.ini
2015-01-25 19:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-23 20:59 - 2014-01-21 21:51 - 00000000 ____D () C:\Program Files\Google
2015-01-22 23:11 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-22 22:31 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-20 21:09 - 2012-11-19 09:53 - 00000000 ____D () C:\Users\****\AppData\Local\Wuala
2015-01-20 21:07 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\restore
2015-01-20 20:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-20 02:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-20 02:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\Recovery
2015-01-20 02:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-20 02:11 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-20 02:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Registration
2015-01-20 01:51 - 2009-07-14 05:39 - 00005715 _____ () C:\Windows\setuperr.log
2015-01-20 01:44 - 2009-07-14 05:33 - 00287424 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-20 01:41 - 2009-07-14 05:34 - 00005157 _____ () C:\Windows\DtcInstall.log
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:38 - 2010-07-18 21:53 - 00000000 ____D () C:\Users\****\Downloads\LinuxKDE(eng).gdd
2015-01-20 01:38 - 2010-07-18 21:47 - 00000000 ____D () C:\Users\****\Downloads\SNP88.gdd
2015-01-20 01:38 - 2010-07-18 21:41 - 00000000 ____D () C:\Users\****\Downloads\CrepusculumByPingwinGTS.gdd
2015-01-20 01:38 - 2010-07-18 21:34 - 00000000 ____D () C:\Users\****\Downloads\diamond-v04
2015-01-20 01:37 - 2012-08-18 10:14 - 00000000 ____D () C:\Users\****\AppData\Roaming\SoftGrid Client
2015-01-20 01:37 - 2012-08-18 10:14 - 00000000 ____D () C:\Users\****\AppData\Local\SoftGrid Client
2015-01-20 01:37 - 2010-07-13 00:04 - 00000000 ____D () C:\Users\****\AppData\Roaming\WinRAR
2015-01-20 01:37 - 2010-07-13 00:02 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-20 01:37 - 2010-07-05 09:33 - 00000000 ____D () C:\Users\****\AppData\Roaming\Macromedia
2015-01-20 01:37 - 2010-07-01 22:09 - 00000000 ____D () C:\Users\****\AppData\Roaming\Nokia Ovi Suite
2015-01-20 01:37 - 2010-07-01 21:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Nokia
2015-01-20 01:37 - 2010-07-01 21:56 - 00000000 ____D () C:\Users\****\AppData\Local\NokiaAccount
2015-01-20 01:36 - 2011-01-26 21:53 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2015-01-20 01:19 - 2014-07-26 20:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-20 01:19 - 2011-07-30 15:11 - 00000000 ____D () C:\Windows\system32\SPReview
2015-01-20 01:19 - 2011-07-16 23:18 - 00000000 ____D () C:\Windows\system32\EventProviders
2015-01-20 01:19 - 2010-07-05 09:32 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-20 01:19 - 2010-04-23 10:54 - 00000000 ____D () C:\Windows\{9BA86693-F49A-4DA1-BBB3-827DFB688228}
2015-01-20 01:19 - 2010-04-23 10:53 - 00000000 ____D () C:\Windows\system32\Lang
2015-01-20 01:19 - 2010-04-23 10:51 - 00000000 ____D () C:\Windows\system32\Microsoft.VC80.MFC
2015-01-20 01:19 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\it-IT
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\el-GR
2015-01-20 01:18 - 2010-07-05 11:03 - 00000000 ____D () C:\Windows\pss
2015-01-20 01:18 - 2010-06-29 13:20 - 00000000 ____D () C:\Windows\SHELLNEW
2015-01-20 01:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-20 01:16 - 2014-08-02 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-20 01:16 - 2014-01-21 21:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-20 01:16 - 2013-01-25 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-01-20 01:16 - 2013-01-25 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-20 01:16 - 2012-11-19 09:58 - 00000000 ____D () C:\ProgramData\Sun
2015-01-20 01:16 - 2011-01-26 21:46 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-20 01:16 - 2011-01-26 21:42 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-20 01:16 - 2010-08-30 14:53 - 00000000 ____D () C:\ProgramData\Alwil Software
2015-01-20 01:16 - 2010-08-13 20:51 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2015-01-20 01:16 - 2010-07-13 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-20 01:16 - 2010-07-13 00:01 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-20 01:16 - 2010-07-01 21:50 - 00000000 ____D () C:\ProgramData\PC Suite
2015-01-20 01:16 - 2010-06-30 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2015-01-20 01:16 - 2010-06-30 23:11 - 00000000 ____D () C:\Program Files\Nokia
2015-01-20 01:16 - 2010-06-29 13:31 - 00000000 ____D () C:\ProgramData\fssg
2015-01-20 01:16 - 2010-06-29 13:30 - 00000000 ____D () C:\ProgramData\f-secure
2015-01-20 01:16 - 2010-06-29 13:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-20 01:16 - 2010-04-23 10:58 - 00000000 ____D () C:\Program Files\Option
2015-01-20 01:16 - 2010-04-23 10:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-20 01:16 - 2010-04-23 10:56 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-20 01:16 - 2010-04-23 10:51 - 00000000 ____D () C:\ProgramData\win7_32
2015-01-20 01:16 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\Power Management
2015-01-20 01:16 - 2010-04-23 10:29 - 00000000 ____D () C:\ProgramData\Nokia
2015-01-20 01:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-20 01:15 - 2014-11-11 21:13 - 00000000 ____D () C:\Program Files\GUM8EBC.tmp
2015-01-20 01:15 - 2013-09-04 21:05 - 00000000 ____D () C:\Program Files\Java
2015-01-20 01:15 - 2013-01-25 11:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-20 01:15 - 2012-08-18 10:08 - 00000000 ____D () C:\Program Files\Microsoft Application Virtualization Client
2015-01-20 01:15 - 2010-07-05 09:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-20 01:15 - 2010-06-29 13:22 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-20 01:15 - 2010-06-29 13:22 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2015-01-20 01:15 - 2010-06-29 13:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-20 01:15 - 2010-04-23 10:57 - 00000000 ____D () C:\Program Files\Microsoft Office Suite Activation Assistant
2015-01-20 01:15 - 2010-04-23 10:52 - 00000000 ____D () C:\Program Files\Intel
2015-01-20 01:15 - 2010-04-23 10:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-20 01:15 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\HotKey
2015-01-20 01:14 - 2014-11-11 21:14 - 00000000 ____D () C:\Program Files\GUM1317.tmp
2015-01-20 01:14 - 2014-08-02 11:53 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-20 01:14 - 2014-07-04 23:22 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-20 01:14 - 2013-10-25 08:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-20 01:14 - 2011-06-21 21:14 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-20 01:14 - 2011-01-12 22:48 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2015-01-20 01:14 - 2010-07-01 21:43 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2015-01-20 01:14 - 2010-07-01 21:42 - 00000000 ____D () C:\Program Files\DIFX
2015-01-20 01:14 - 2010-06-29 13:32 - 00000000 ____D () C:\Program Files\F-Secure
2015-01-20 01:14 - 2010-04-23 10:56 - 00000000 ____D () C:\Program Files\ASIX Electronics Corporation
2015-01-20 01:14 - 2010-04-23 10:55 - 00000000 ____D () C:\Program Files\CSR
2015-01-20 01:14 - 2010-04-23 10:54 - 00000000 ____D () C:\Program Files\Atheros
2015-01-20 01:14 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-20 01:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-20 01:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-20 01:13 - 2011-06-21 21:14 - 00000000 ____D () C:\Program Files\Adobe
2015-01-20 01:13 - 2010-08-30 14:53 - 00000000 ____D () C:\Program Files\Alwil Software
2015-01-20 01:04 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 00:56 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-20 00:56 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-01-20 00:14 - 2010-06-30 04:00 - 01702239 _____ () C:\Windows\WindowsUpdate (1).log
2015-01-19 23:01 - 2011-02-28 23:45 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-19 22:59 - 2010-08-30 14:54 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-08 09:55 - 2010-06-29 14:33 - 00249488 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 20:31 - 2014-11-11 22:09 - 00044846 _____ () C:\Windows\IE11_main.log
2015-01-05 21:24 - 2013-08-12 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-01 20:28 - 2010-06-29 14:21 - 00002334 _____ () C:\Users\****\Desktop\graf kaffee Extern.RDP
2015-01-01 17:20 - 2011-06-21 21:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-01-01 16:07 - 2014-07-09 21:36 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-01 16:07 - 2014-01-21 21:25 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-01 16:07 - 2013-04-16 21:35 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-01 16:07 - 2013-04-16 21:35 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-01 16:07 - 2012-04-17 18:18 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-01 16:07 - 2010-08-30 14:54 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

==================== Files in the root of some directories =======

2014-11-11 21:14 - 2014-11-11 21:14 - 6000640 _____ () C:\Program Files\GUT1328.tmp
2014-11-11 21:13 - 2014-11-11 21:24 - 6000640 _____ () C:\Program Files\GUT8ECC.tmp
2015-01-25 22:47 - 2015-01-25 22:47 - 0008528 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-25 22:47 - 2015-01-25 22:47 - 0045538 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-25 22:47 - 2015-01-25 22:47 - 0004204 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-25 22:47 - 2015-01-25 22:47 - 0000272 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:45 - 2015-01-25 22:45 - 0008528 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.HTML
2015-01-25 22:45 - 2015-01-25 22:45 - 0045538 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.PNG
2015-01-25 22:45 - 2015-01-25 22:45 - 0004204 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.TXT
2015-01-25 22:45 - 2015-01-25 22:45 - 0000272 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.URL
2015-01-22 20:28 - 2015-01-22 20:28 - 0000000 _____ () C:\ProgramData\HDPSetting.ini
2015-01-25 22:44 - 2015-01-25 22:44 - 0008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 0045538 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-25 22:44 - 2015-01-25 22:44 - 0004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 0000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-25 22:42 - 2015-01-25 22:42 - 0000017 _____ () C:\ProgramData\systemskey.ini

Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\NEventMessages.dll
C:\Users\****\AppData\Local\Temp\Quarantine.exe
C:\Users\****\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-27 01:50

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


... und das Addition log:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by **** at 2015-01-30 12:05:06
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Atheros 802.11 bgn Network Adapter (HKLM\...\InstallShield_{06A6143C-0703-4946-9E20-355F306ADF11}) (Version: 1.0.0.0 - Atheros)
Atheros 802.11 bgn Network Adapter (Version: 1.0.0.0 - Atheros) Hidden
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
AX88772A & AX88772 Windows 7 Drivers (HKLM\...\InstallShield_{620DA0EB-574D-45B5-B3E9-B85AECA41D59}) (Version: 1.0.0.0 - ASIX Electronics Corporation)
AX88772A & AX88772 Windows 7 Drivers (Version: 1.0.0.0 - ASIX Electronics Corporation) Hidden
Bluetooth Feature Pack 5.0 (HKLM\...\{0439D13F-C7CD-458A-90DE-44135CBD40B8}) (Version: 5.0.12 - CSR Plc.)
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Google Chrome (HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hard Disk Protection (HKLM\...\InstallShield_{08188833-CF3E-4067-B884-6049B0A38A35}) (Version: 1.0.0.18C - Nokia)
Hard Disk Protection (Version: 1.0.0.18C - Nokia) Hidden
Hotkey Utility (HKLM\...\InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}) (Version: 1.0.0.21C - Nokia)
Hotkey Utility (Version: 1.0.0.21C - Nokia) Hidden
Intel(R) Graphics Media Accelerator 500 (HKLM\...\LPCO) (Version:  -  Intel Corporation)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (HKLM\...\{9E871D09-064D-3BC9-963B-3AB8ABE1273D}) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{4903D172-DCCB-392F-93A3-34CA9D47FE3D}) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Miniprogramm zum Abrufen von Nokia Ovi Suite (HKLM\...\{3A519502-3354-4290-A852-7A1835BA678F}) (Version: 1.0.45 - Nokia)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Booklet Software Updater (HKLM\...\{8C7AC9E7-A635-4C73-B360-FE6AE4E8DD93}) (Version: 1.1.100 - Nokia)
Nokia Connectivity Cable Driver (HKLM\...\{F1FDAA01-988C-423F-AC12-0D8F333943FD}) (Version: 7.1.31.0 - Nokia)
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 2.2.0.245 - Nokia)
Nokia Ovi Suite (Version: 2.2.0.245 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM\...\{A0D65C73-F2C5-432F-8788-90F8A2E99B98}) (Version: 02.05.002.42441 - Nokia Corporation)
Nokia Social Hub (HKLM\...\{F4A31D1A-8ABB-4977-848E-26F76F5212B0}) (Version: 1.0.585 - Nokia)
Option WWAN Driver 5.1.37.0 Installer  (HKLM\...\{884BB5CC-108E-41a9-936D-955C999C06A1}_x) (Version: 3.5.1.1140 - Option NV)
Option WWAN Driver 5.1.37.0 Installer (Version: 3.5.1.1140 - Option NV) Hidden
Ovi Desktop Sync Engine (Version: 1.4.78.0 - Nokia) Hidden
Ovi Maps Gadget (HKLM\...\{698A3082-B4AF-4113-8068-79C868C4B0C9}) (Version: 1.0.13867 - Nokia)
OviMPlatform (Version: 2.6.195.0 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{29F563F4-8807-4496-8463-441EAA0E96AB}) (Version: 10.26.0.0 - Nokia)
Power Management (HKLM\...\InstallShield_{C36E5EC0-A87E-4994-844B-1DE75ED22BD8}) (Version: 1.0.0.18C - Nokia)
Power Management (Version: 1.0.0.18C - Nokia) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5999 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoamingHelperSetup (HKLM\...\{C358D274-1BA4-4F57-95C4-4669AE126B99}) (Version: 1.0.0 - Option)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
Tap to wake up (HKLM\...\InstallShield_{0B23E38B-F4D8-44A9-A3D3-95020D35D8C9}) (Version: 1.0.0.19C - Nokia)
Tap to wake up (Version: 1.0.0.19C - Nokia) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Utility Common Driver (Version: 1.77.0.2C - NOKIA) Hidden
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\browser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.94\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)

==================== Restore Points  =========================

28-01-2015 23:16:46 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-01-29 01:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3201A1B4-6C25-46D5-BC40-232F14D989FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {773C2256-6E9D-4A26-B6A8-2B2B69FDB1FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {7E476722-6C80-4EA0-8B46-48B6F562E67C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {A320242A-44DE-4938-A0A7-6476C923136C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {A6B2DB9E-6523-460F-A1F1-6F1C15D943E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {DF4F6C72-D05F-409D-BB27-9014CFBBC242} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {E3457BE7-F260-4266-BE08-4DEE4761FA99} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {E43D2EF0-0F74-4346-B530-03932149ADAF} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-01-01] (AVAST Software)
Task: {E7CE1F64-F0B0-4581-96EE-3E2882FEF1E6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F762FFD0-B96E-4EB6-933D-A91579976F09} - System32\Tasks\Nokia\Booklet software updater\Check for updates => NBSUTool.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-29 21:58 - 2015-01-29 21:58 - 02913280 _____ () C:\Program Files\Alwil Software\Avast5\defs\15012901\algo.dll
2015-01-01 16:04 - 2015-01-01 16:04 - 02151544 _____ () C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxVMM.dll
2015-01-01 16:03 - 2015-01-01 16:03 - 00021488 _____ () C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxREM.dll
2015-01-01 16:03 - 2015-01-01 16:03 - 04474224 _____ () C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxRT.dll
2010-04-23 10:56 - 2009-12-24 19:13 - 00180224 _____ () C:\WINDOWS\system32\HDPSrv.exe
2010-04-23 10:51 - 2010-04-23 10:51 - 00011776 _____ () C:\Windows\system32\PrLdrSrv.exe
2015-01-01 16:03 - 2015-01-01 16:03 - 00317632 _____ () C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxDDU.dll
2010-04-23 10:51 - 2010-04-23 10:51 - 00024576 _____ () C:\Windows\system32\EKECioCtl.dll
2015-01-01 16:06 - 2015-01-01 16:06 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2010-04-23 10:56 - 2009-12-24 19:13 - 00180224 _____ () C:\Windows\System32\HDPSrv.exe
2010-05-10 15:33 - 2010-05-10 15:33 - 00352640 _____ () C:\Program Files\Nokia\Nokia Booklet software updater\NBSUTool.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3075977200-4285461987-214124539-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-3075977200-4285461987-214124539-501 - Limited - Disabled)
**** (S-1-5-21-3075977200-4285461987-214124539-1000 - Administrator - Enabled) => C:\Users\****

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2015 00:02:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong


System errors:
=============

Microsoft Office Sessions:
=========================
         
Die lästigen Decrypt Dateien geistern immer noch rum. Auch die ominösen Ordner in C: sind noch alle vorhanden.

Übrigens: Der IE wird nach dem Anmelden automatisch gestartet mit folgendem Link: hxxp://paytoc4gtpn5czl2.tostotor.com/99oxaj

Geändert von schuemli (30.01.2015 um 12:30 Uhr)

Alt 30.01.2015, 14:30   #30
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen - Standard

Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen



Ja, das deutet alles auf Infektion mit Ransomware hin. Das wird aufgerufen damit Du weißt wo du bezahlen kannst um deine Daten zu entschlüsseln.

Deshalb wundert mich das ja. Sind wirklich keine deiner Daten verschlüsselt?

Nach dem Onlinescan jetzt hauen wir alles auf einmal raus.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen
administrator, adobe, adware, antivirus, avast, browser, defender, device driver, excel, explorer, fehlermeldung, flash player, google, homepage, keine rückmeldung, mozilla, registry, scan, security, services.exe, software, starten, svchost.exe, temp, windows, winlogon.exe



Ähnliche Themen: Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen


  1. Windows 7: Ständig "Keine Rückmeldung"/ Aufhängen und "Drehen"
    Log-Analyse und Auswertung - 19.11.2015 (17)
  2. ständig keine Rückmeldung bei Windows 7, ständiges "drehen" und hängenbleiben
    Log-Analyse und Auswertung - 25.08.2015 (7)
  3. Laptop extrem langsam und ständig "Keine Rückmeldung"
    Log-Analyse und Auswertung - 25.06.2015 (22)
  4. Windows7: Malware-Befall? PC langsam, "Keine Rückmeldung" etc.
    Log-Analyse und Auswertung - 18.06.2015 (19)
  5. "Keine Rückmeldung": Programme starten langsam und bleiben oft hängen
    Log-Analyse und Auswertung - 13.06.2015 (10)
  6. neuer PC auf einmal sehr langsam, Firefox-Meldungen "Skript beschäftigt oder antwortet nicht", "keine Rückmeldung"
    Plagegeister aller Art und deren Bekämpfung - 20.05.2015 (26)
  7. win 7 firefox langsam "keine Rückmeldung" immer wieder Meldung "ein skript auf dieser Seite ist eventuell beschädigt...."
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (11)
  8. Laptop hängt, nichts tut sich: "keine Rückmeldung"
    Log-Analyse und Auswertung - 28.07.2014 (18)
  9. Pc wird immer langsamer, Programme zeigen "keine Rückmeldung"
    Log-Analyse und Auswertung - 13.06.2014 (9)
  10. Win 7 - Firefox langsam, Skript-Warnmeldungen und "keine Rückmeldung" in Titelleiste
    Log-Analyse und Auswertung - 13.04.2014 (39)
  11. Windows Vista: PC immer langsamer & Programme melden gehäuft "keine Rückmeldung"
    Log-Analyse und Auswertung - 09.09.2013 (15)
  12. Windows 7: Beim Hochfahren "Problem beim Starten von...Babsolution\shared enhancedNT.dll"
    Log-Analyse und Auswertung - 07.09.2013 (11)
  13. Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen
    Plagegeister aller Art und deren Bekämpfung - 25.10.2012 (27)
  14. Windows 7 blockiert beim Starten mit Hinweis "Achtung Windows wurde gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (9)
  15. Anwendungen lassen sich nicht mehr starten nach "SuperAntiSpyware"-Nutzung
    Alles rund um Windows - 17.07.2011 (6)
  16. Alle 10 Minuten "Keine Rückmeldung", im Browser/Desktop, Programme...
    Log-Analyse und Auswertung - 29.08.2010 (1)
  17. PC langsam, Mozilla hängt dauernd,zeigt "keine Rückmeldung" an. hier ist mein HJT Log
    Log-Analyse und Auswertung - 31.12.2009 (10)

Zum Thema Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen - http://www.trojaner-board.de/100776-...-download.html Dann so. Denn wir müssen ein Inplace Upgrade machen. - Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen...
Archiv
Du betrachtest: Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.