| schuemli | 25.01.2015 22:04 |
Habe Chrome wie beschrieben deinstalliert und wieder neu installiert. Startet merklich schneller. Aber irgendwie bin ich nicht sicher, ob's das sein kann. Habe immer noch das Gefühl der IE läuft schneller. Über alles betrachtet, hat sich der bisherige Aufwand schon gelohnt. Die "Kiste" läuft auf jedenfall spürbar schneller.
Folgend noch die neuen FRST Logs sowie das GMER Log:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by **** (administrator) on ****-BOOKLET on 25-01-2015 20:37:03
Running from C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK8PFYBX
Loaded Profiles: **** (Available profiles: **** & Administrator)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\HDPSrv.exe
() C:\Windows\System32\prldrsrv.exe
(Option International) C:\Program Files\Option\RoamingHelperSetup\RoamingHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(COMPAL ELECTRONIC INC.) C:\Program Files\HotKey\CeEKey.exe
(Nokia) C:\Program Files\Power Management\NpwrMngr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
() C:\Windows\System32\HDPSrv.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files\Nokia\Nokia Social Hub\Hub.exe
(Google Inc.) C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Program Files\Dynamo Combo\updateDynamoCombo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK8PFYBX\FRST[1].exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IgfxExt] => C:\Windows\system32\IgfxExt.exe [174616 2010-04-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-09] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-01-19] (AVAST Software)
HKLM\...\Run: [CeEKEY] => C:\Program Files\HotKey\CeEKey.exe [1607024 2010-04-06] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [504160 2009-09-10] (CSR, plc)
HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [346464 2009-09-10] (CSR, plc)
HKLM\...\Run: [HDPSrv] => C:\Windows\system32\HDPSrv.exe [180224 2009-12-24] ()
HKLM\...\Run: [NokiaMServer] => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [NpwrMngr] => C:\Program Files\Power Management\NpwrMngr.exe [488816 2009-12-23] (Nokia)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [Nokia Social Hub] => C:\Program Files\Nokia\Nokia Social Hub\Hub.exe [4941824 2010-04-21] (Nokia)
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [Google Update] => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-01-23] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {AE73E60E-7A33-4039-853E-8C1CC06B3AD3} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_15_04_ie&cd=2XzuyEtN2Y1L1QzutDyCtBtAtDzz0F0DyE0F0C0EyD0E0DtCtN0D0Tzu0StCtCtCzztN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0A0AyCyCyC0C0DtGtAtCyCyEtG0C0BtAyEtGtC0AtC0AtGyCtDzzyEzzzytA0B0CyCyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0AtCtC0A0CzztG0DtAyCyDtGyE0FtCyCtGzy0B0BtAtGzz0EyEtC0Bzy0BzyyCyDyEyD2Q&cr=1982145653&ir=
SearchScopes: HKLM -> {AE73E60E-7A33-4039-853E-8C1CC06B3AD3} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_15_04_ie&cd=2XzuyEtN2Y1L1QzutDyCtBtAtDzz0F0DyE0F0C0EyD0E0DtCtN0D0Tzu0StCtCtCzztN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0A0AyCyCyC0C0DtGtAtCyCyEtG0C0BtAyEtGtC0AtC0AtGyCtDzzyEzzzytA0B0CyCyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0AtCtC0A0CzztG0DtAyCyDtGyE0FtCyCtGzy0B0BtAtGzz0EyEtC0Bzy0BzyyCyDyEyD2Q&cr=1982145653&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=NKATDF&pc=MANK&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> DefaultScope {AE73E60E-7A33-4039-853E-8C1CC06B3AD3} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_15_04_ie&cd=2XzuyEtN2Y1L1QzutDyCtBtAtDzz0F0DyE0F0C0EyD0E0DtCtN0D0Tzu0StCtCtCzztN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0A0AyCyCyC0C0DtGtAtCyCyEtG0C0BtAyEtGtC0AtC0AtGyCtDzzyEzzzytA0B0CyCyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0AtCtC0A0CzztG0DtAyCyDtGyE0FtCyCtGzy0B0BtAtGzz0EyEtC0Bzy0BzyyCyDyEyD2Q&cr=1982145653&ir=
SearchScopes: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> {1E76C71F-7D78-479B-851F-FDB67A02DF0E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=09262C0A-E6C8-4FCC-985F-D25815830C04&apn_sauid=FA9946E4-5D5B-48B2-A800-862B4792EED4
SearchScopes: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> {AE73E60E-7A33-4039-853E-8C1CC06B3AD3} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_15_04_ie&cd=2XzuyEtN2Y1L1QzutDyCtBtAtDzz0F0DyE0F0C0EyD0E0DtCtN0D0Tzu0StCtCtCzztN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0A0AyCyCyC0C0DtGtAtCyCyEtG0C0BtAyEtGtC0AtC0AtGyCtDzzyEzzzytA0B0CyCyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0AtCtC0A0CzztG0DtAyCyDtGyE0FtCyCtGzy0B0BtAtGzz0EyEtC0Bzy0BzyyCyDyEyD2Q&cr=1982145653&ir=
SearchScopes: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Dynamo Combo 1.0.0.6 -> {986c37a1-7b65-476f-80dc-54f80bd4b0d6} -> C:\Program Files\Dynamo Combo\DynamoCombobho.dll (Dynamo Combo)
Toolbar: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AA132380-4875-4E1D-99ED-7B7AC0780F88}: [NameServer] 195.186.216.33 195.186.152.33
FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.bluewin.ch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3075977200-4285461987-214124539-1000: @tools.google.com/Google Update;version=3 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3075977200-4285461987-214124539-1000: @tools.google.com/Google Update;version=9 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\searchplugins\askcom.xml
FF Extension: Stealthy - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\Extensions\stealthyextension@gmail.com.xpi [2011-05-19]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-07-01]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2010-07-01]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\****\AppData\Local\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\****\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\****\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Google Update) - C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_287.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-23]
CHR Extension: (Google Drive) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-23]
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-23]
CHR Extension: (Google-Suche) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-23]
CHR Extension: (Dynamo Combo) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dieadkaemlcjcmcnmahinmeejohpipnl [2015-01-25]
CHR Extension: (Avast Online Security) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-23]
CHR Extension: (Google Mail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-23]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-01-01]
StartMenuInternet: Google Chrome.ENT2PAEKF5UFKJNFFNKFI6MGBA - C:\Users\****\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2015-01-01] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-01] (Avast Software)
R2 HDPSrv; C:\WINDOWS\system32\HDPSrv.exe [180224 2009-12-24] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 PrLdrSrv; C:\Windows\system32\PrLdrSrv.exe [11776 2010-04-23] () [File not signed]
R2 RoamingHelper; C:\Program Files\Option\RoamingHelperSetup\RoamingHelper.exe [19968 2010-04-02] (Option International) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
R2 Update Dynamo Combo; C:\Program Files\Dynamo Combo\updateDynamoCombo.exe [632568 2015-01-23] ()
S2 Util Dynamo Combo; C:\Program Files\Dynamo Combo\bin\utilDynamoCombo.exe [681208 2015-01-25] ()
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [111488 2009-09-10] (CSR, plc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-01] ()
R0 EMSC; C:\Windows\System32\DRIVERS\EvMngr.SYS [19824 2009-06-25] ()
R3 GTNDIS62; C:\Windows\System32\DRIVERS\Gtuhs62.sys [159744 2010-04-13] (Option N.V.)
R3 GTUHSBUS; C:\Windows\System32\DRIVERS\gtuhsbus.sys [151552 2010-03-12] (Option N.V.)
R3 GTUHSSER; C:\Windows\System32\DRIVERS\gtuhsser.sys [8064 2010-02-26] (Option N.V.)
R0 HDFilter; C:\Windows\System32\DRIVERS\HDFilter.sys [20848 2009-07-04] (COMPAL ELECTRONIC INC.)
R3 igd; C:\Windows\System32\DRIVERS\igdkmd32.sys [647904 2010-03-26] (Intel Corporation)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-03] (COMPAL ELECTRONIC INC.)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [14848 2012-08-23] (Microsoft Corporation) [File not signed]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [584872 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [197800 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [24232 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [20136 2013-06-26] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [218192 2015-01-01] (Avast Software)
R1 {16a92140-918d-4afb-9edb-46f22437bb10}Gw; C:\Windows\System32\drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw.sys [43160 2015-01-25] (StdLib)
R1 {915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw; C:\Windows\System32\drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw.sys [43160 2015-01-23] (StdLib)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 20:33 - 2015-01-25 20:34 - 00000472 _____ () C:\Users\****\Desktop\defogger_disable.log
2015-01-25 19:59 - 2015-01-25 05:44 - 00043160 _____ (StdLib) C:\Windows\system32\Drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw.sys
2015-01-23 21:30 - 2015-01-23 01:41 - 00043160 _____ (StdLib) C:\Windows\system32\Drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw.sys
2015-01-23 21:10 - 2015-01-23 21:10 - 00000000 ____D () C:\Users\****\Documents\PC Speed Maximizer
2015-01-23 21:09 - 2015-01-23 21:09 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-23 21:08 - 2015-01-25 20:19 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA.job
2015-01-23 21:08 - 2015-01-25 19:58 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core.job
2015-01-23 21:07 - 2015-01-23 21:12 - 00000000 ____D () C:\Users\****\AppData\Local\500950
2015-01-23 21:07 - 2015-01-23 21:07 - 35763832 _____ (Google Inc.) C:\Users\****\Downloads\google-chrome.exe
2015-01-23 21:05 - 2015-01-25 19:58 - 00000000 ____D () C:\Program Files\Dynamo Combo
2015-01-23 20:45 - 2015-01-23 20:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-22 22:32 - 2015-01-22 22:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple
2015-01-22 22:31 - 2015-01-22 22:31 - 00001419 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-22 22:30 - 2015-01-22 22:30 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2015-01-22 22:16 - 2015-01-22 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2015-01-22 22:16 - 2015-01-22 22:16 - 00002483 _____ () C:\Users\Public\Desktop\Bonjour Printer Wizard.lnk
2015-01-22 22:15 - 2015-01-22 22:31 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2015-01-22 22:14 - 2015-01-22 22:29 - 00000000 ____D () C:\Users\****\AppData\Local\Apple
2015-01-22 22:14 - 2015-01-22 22:14 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-22 22:14 - 2015-01-22 22:14 - 00000000 ____D () C:\Program Files\Apple Software Update
2015-01-22 22:13 - 2015-01-22 22:13 - 00000000 ____D () C:\ProgramData\Apple
2015-01-22 22:13 - 2015-01-22 22:13 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-22 22:01 - 2015-01-22 22:02 - 05436744 _____ (Apple Inc.) C:\Users\****\Downloads\BonjourPS202Setup.exe
2015-01-22 20:28 - 2015-01-22 20:28 - 00000000 _____ () C:\ProgramData\HDPSetting.ini
2015-01-20 02:17 - 2015-01-20 02:17 - 00001419 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 02:15 - 2015-01-20 02:15 - 00000020 ___SH () C:\Users\****\ntuser.ini
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 __SHD () C:\Recovery
2015-01-20 02:05 - 2015-01-25 19:58 - 00029598 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 01:50 - 2015-01-20 01:50 - 00021532 _____ () C:\Windows\system32\emptyregdb.dat
2015-01-20 01:41 - 2015-01-20 01:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\AVAST Software
2015-01-20 01:41 - 2015-01-20 01:41 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-20 01:41 - 2015-01-20 01:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\AVAST Software
2015-01-20 01:41 - 2015-01-20 01:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-20 01:06 - 2015-01-22 22:30 - 00000000 ____D () C:\Users\Administrator
2015-01-20 01:06 - 2015-01-20 02:15 - 00000000 ____D () C:\Users\****
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Startmenü
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Netzwerkumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Druckumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Documents\Eigene Musik
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Documents\Eigene Bilder
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\AppData\Local\Verlauf
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2015-01-20 01:06 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:06 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:06 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:06 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:04 - 2015-01-20 01:04 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-01-20 01:04 - 2015-01-20 01:04 - 00000000 ____D () C:\Program Files\Realtek
2015-01-20 01:03 - 2015-01-20 01:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-01-20 01:03 - 2015-01-20 01:03 - 00000000 ____D () C:\Program Files\Synaptics
2015-01-20 01:02 - 2015-01-20 01:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-20 00:59 - 2015-01-20 01:05 - 00001355 _____ () C:\Windows\TSSysprep.log
2015-01-20 00:57 - 2015-01-20 02:15 - 00000000 ____D () C:\Windows\Panther
2015-01-20 00:54 - 2015-01-20 00:54 - 00262144 _____ () C:\Windows\system32\config\userdiff
2015-01-20 00:30 - 2015-01-20 01:53 - 00000000 ___HD () C:\$WINDOWS.~Q
2015-01-20 00:25 - 2015-01-20 00:29 - 00000000 ___HD () C:\$INPLACE.~TR
2015-01-19 23:11 - 2015-01-20 01:52 - 00006137 _____ () C:\Windows\comsetup.log
2015-01-19 22:59 - 2015-01-19 22:59 - 00000199 _____ () C:\Windows\system32\2015-01-19-21-59-47.056-AvastVBoxSVC.exe-2804.log
2015-01-19 22:47 - 2015-01-19 22:47 - 00000249 _____ () C:\Windows\system32\2015-01-19-21-47-40.038-aswFe.exe-912.log
2015-01-19 22:25 - 2015-01-19 22:47 - 00000249 _____ () C:\Windows\system32\2015-01-19-21-25-01.028-aswFe.exe-3604.log
2015-01-19 22:24 - 2015-01-19 22:24 - 00000199 _____ () C:\Windows\system32\2015-01-19-21-24-52.051-AvastVBoxSVC.exe-2552.log
2015-01-19 22:14 - 2015-01-20 01:19 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-10 02:18 - 2015-01-10 02:18 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-****-BOOKLET-Microsoft-Windows-7-Starter-(32-bit).dat
2015-01-10 02:18 - 2015-01-10 02:18 - 00000000 ____D () C:\RegBackup
2015-01-07 20:53 - 2015-01-07 20:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2015-01-07 20:52 - 2015-01-20 01:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-01-07 20:50 - 2015-01-20 01:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-01-07 20:49 - 2015-01-20 01:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVAST Software
2015-01-07 20:49 - 2010-06-29 13:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2015-01-05 22:04 - 2015-01-20 01:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-04 22:30 - 2014-12-04 05:38 - 00728576 ____N (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-04 22:30 - 2014-12-04 05:38 - 00610304 ____N (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-04 22:30 - 2014-12-02 00:28 - 01160872 ____N (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-04 22:29 - 2014-12-04 05:38 - 00337920 ____N (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-04 22:29 - 2014-12-04 05:38 - 00315392 ____N (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-04 22:27 - 2015-01-04 22:29 - 00380416 _____ () C:\Users\****\Downloads\Gmer-19357.exe
2015-01-04 22:12 - 2014-11-21 08:16 - 02861568 ____N (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-04 22:09 - 2015-01-04 22:13 - 00022829 _____ () C:\Users\****\Downloads\Addition.txt
2015-01-04 22:04 - 2015-01-04 22:13 - 00020476 _____ () C:\Users\****\Downloads\FRST.txt
2015-01-04 22:02 - 2015-01-25 20:37 - 00000000 ____D () C:\FRST
2015-01-04 21:59 - 2015-01-04 22:01 - 01115136 _____ (Farbar) C:\Users\****\Downloads\FRST.exe
2015-01-04 21:56 - 2015-01-04 21:57 - 00000472 _____ () C:\Users\****\Downloads\defogger_disable.log
2015-01-04 21:56 - 2015-01-04 21:56 - 00000000 _____ () C:\Users\****\defogger_reenable
2015-01-04 21:54 - 2015-01-04 21:55 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe
2015-01-01 16:07 - 2015-01-01 16:07 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-01 16:07 - 2015-01-01 16:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 20:11 - 2014-01-21 21:51 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 20:07 - 2013-01-13 01:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-25 20:07 - 2013-01-13 01:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 20:07 - 2011-06-15 00:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 20:01 - 2014-01-21 21:51 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 19:59 - 2009-07-14 03:04 - 00000580 _____ () C:\Windows\win.ini
2015-01-25 19:58 - 2009-07-14 05:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 19:58 - 2009-07-14 05:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 19:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-25 19:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-23 21:27 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 21:27 - 2009-07-14 05:39 - 00250831 _____ () C:\Windows\setupact.log
2015-01-23 21:26 - 2010-11-20 22:48 - 00011858 _____ () C:\Windows\PFRO.log
2015-01-23 21:08 - 2011-09-10 10:31 - 00000000 ____D () C:\Users\****\AppData\Local\Google
2015-01-23 21:08 - 2010-11-20 22:01 - 01629396 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 20:59 - 2014-01-21 21:51 - 00000000 ____D () C:\Program Files\Google
2015-01-22 23:11 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-22 22:31 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-20 21:09 - 2012-11-19 09:53 - 00000000 ____D () C:\Users\****\AppData\Local\Wuala
2015-01-20 21:07 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\restore
2015-01-20 20:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-20 02:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-20 02:15 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-20 02:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\Recovery
2015-01-20 02:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-20 02:11 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-20 02:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Registration
2015-01-20 01:51 - 2009-07-14 05:39 - 00005715 _____ () C:\Windows\setuperr.log
2015-01-20 01:44 - 2009-07-14 05:33 - 00287424 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-20 01:41 - 2009-07-14 05:34 - 00005157 _____ () C:\Windows\DtcInstall.log
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:38 - 2010-07-18 21:53 - 00000000 ____D () C:\Users\****\Downloads\LinuxKDE(eng).gdd
2015-01-20 01:38 - 2010-07-18 21:47 - 00000000 ____D () C:\Users\****\Downloads\SNP88.gdd
2015-01-20 01:38 - 2010-07-18 21:41 - 00000000 ____D () C:\Users\****\Downloads\CrepusculumByPingwinGTS.gdd
2015-01-20 01:38 - 2010-07-18 21:34 - 00000000 ____D () C:\Users\****\Downloads\diamond-v04
2015-01-20 01:38 - 2010-07-12 22:23 - 00000000 ____D () C:\Users\****\GDesk
2015-01-20 01:37 - 2014-01-21 21:41 - 00000000 ____D () C:\Users\****\AppData\Roaming\AVAST Software
2015-01-20 01:37 - 2012-08-18 10:14 - 00000000 ____D () C:\Users\****\AppData\Roaming\SoftGrid Client
2015-01-20 01:37 - 2012-08-18 10:14 - 00000000 ____D () C:\Users\****\AppData\Local\SoftGrid Client
2015-01-20 01:37 - 2010-07-13 00:04 - 00000000 ____D () C:\Users\****\AppData\Roaming\WinRAR
2015-01-20 01:37 - 2010-07-13 00:02 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-20 01:37 - 2010-07-05 09:33 - 00000000 ____D () C:\Users\****\AppData\Roaming\Macromedia
2015-01-20 01:37 - 2010-07-05 09:33 - 00000000 ____D () C:\Users\****\AppData\Roaming\Adobe
2015-01-20 01:37 - 2010-07-05 09:19 - 00000000 ____D () C:\Users\****\AppData\Roaming\Mozilla
2015-01-20 01:37 - 2010-07-05 09:19 - 00000000 ____D () C:\Users\****\AppData\Local\Mozilla
2015-01-20 01:37 - 2010-07-01 22:09 - 00000000 ____D () C:\Users\****\AppData\Roaming\Nokia Ovi Suite
2015-01-20 01:37 - 2010-07-01 21:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Nokia
2015-01-20 01:37 - 2010-07-01 21:56 - 00000000 ____D () C:\Users\****\AppData\Local\NokiaAccount
2015-01-20 01:37 - 2010-07-01 21:53 - 00000000 ____D () C:\Users\****\AppData\Local\Nokia
2015-01-20 01:37 - 2010-07-01 21:50 - 00000000 ____D () C:\Users\****\AppData\Roaming\PC Suite
2015-01-20 01:36 - 2011-01-26 21:53 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2015-01-20 01:19 - 2014-07-26 20:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-20 01:19 - 2011-07-30 15:11 - 00000000 ____D () C:\Windows\system32\SPReview
2015-01-20 01:19 - 2011-07-16 23:18 - 00000000 ____D () C:\Windows\system32\EventProviders
2015-01-20 01:19 - 2010-07-05 09:32 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-20 01:19 - 2010-04-23 10:54 - 00000000 ____D () C:\Windows\{9BA86693-F49A-4DA1-BBB3-827DFB688228}
2015-01-20 01:19 - 2010-04-23 10:53 - 00000000 ____D () C:\Windows\system32\Lang
2015-01-20 01:19 - 2010-04-23 10:51 - 00000000 ____D () C:\Windows\system32\Microsoft.VC80.MFC
2015-01-20 01:19 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\it-IT
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\el-GR
2015-01-20 01:18 - 2010-07-05 11:03 - 00000000 ____D () C:\Windows\pss
2015-01-20 01:18 - 2010-06-29 13:20 - 00000000 ____D () C:\Windows\SHELLNEW
2015-01-20 01:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-20 01:16 - 2014-08-02 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-20 01:16 - 2014-01-21 21:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-20 01:16 - 2013-02-11 22:20 - 00000000 ____D () C:\ProgramData\Ask
2015-01-20 01:16 - 2013-01-25 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-01-20 01:16 - 2013-01-25 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-20 01:16 - 2012-11-19 09:58 - 00000000 ____D () C:\ProgramData\Sun
2015-01-20 01:16 - 2011-01-26 21:46 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-20 01:16 - 2011-01-26 21:42 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-20 01:16 - 2010-08-30 14:53 - 00000000 ____D () C:\ProgramData\Alwil Software
2015-01-20 01:16 - 2010-08-13 20:51 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2015-01-20 01:16 - 2010-07-13 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-20 01:16 - 2010-07-13 00:01 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-20 01:16 - 2010-07-01 21:50 - 00000000 ____D () C:\ProgramData\PC Suite
2015-01-20 01:16 - 2010-07-01 21:35 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2015-01-20 01:16 - 2010-06-30 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2015-01-20 01:16 - 2010-06-30 23:11 - 00000000 ____D () C:\Program Files\Nokia
2015-01-20 01:16 - 2010-06-29 13:31 - 00000000 ____D () C:\ProgramData\fssg
2015-01-20 01:16 - 2010-06-29 13:30 - 00000000 ____D () C:\ProgramData\f-secure
2015-01-20 01:16 - 2010-06-29 13:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-20 01:16 - 2010-04-23 11:44 - 00000000 ____D () C:\ProgramData\temp
2015-01-20 01:16 - 2010-04-23 10:58 - 00000000 ____D () C:\Program Files\Option
2015-01-20 01:16 - 2010-04-23 10:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-20 01:16 - 2010-04-23 10:56 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-20 01:16 - 2010-04-23 10:51 - 00000000 ____D () C:\ProgramData\win7_32
2015-01-20 01:16 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\Power Management
2015-01-20 01:16 - 2010-04-23 10:29 - 00000000 ____D () C:\ProgramData\Nokia
2015-01-20 01:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-20 01:15 - 2014-11-11 21:13 - 00000000 ____D () C:\Program Files\GUM8EBC.tmp
2015-01-20 01:15 - 2013-09-04 21:05 - 00000000 ____D () C:\Program Files\Java
2015-01-20 01:15 - 2013-01-25 11:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-20 01:15 - 2012-08-18 10:08 - 00000000 ____D () C:\Program Files\Microsoft Application Virtualization Client
2015-01-20 01:15 - 2010-07-05 09:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-20 01:15 - 2010-06-29 13:22 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-20 01:15 - 2010-06-29 13:22 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2015-01-20 01:15 - 2010-06-29 13:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-20 01:15 - 2010-04-23 10:57 - 00000000 ____D () C:\Program Files\Microsoft Office Suite Activation Assistant
2015-01-20 01:15 - 2010-04-23 10:52 - 00000000 ____D () C:\Program Files\Intel
2015-01-20 01:15 - 2010-04-23 10:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-20 01:15 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\HotKey
2015-01-20 01:14 - 2014-11-11 21:14 - 00000000 ____D () C:\Program Files\GUM1317.tmp
2015-01-20 01:14 - 2014-08-02 11:53 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-20 01:14 - 2014-07-04 23:22 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-20 01:14 - 2013-10-25 08:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-20 01:14 - 2011-06-21 21:14 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-20 01:14 - 2011-01-12 22:48 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2015-01-20 01:14 - 2010-07-01 21:43 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2015-01-20 01:14 - 2010-07-01 21:42 - 00000000 ____D () C:\Program Files\DIFX
2015-01-20 01:14 - 2010-06-29 13:32 - 00000000 ____D () C:\Program Files\F-Secure
2015-01-20 01:14 - 2010-04-23 10:56 - 00000000 ____D () C:\Program Files\ASIX Electronics Corporation
2015-01-20 01:14 - 2010-04-23 10:55 - 00000000 ____D () C:\Program Files\CSR
2015-01-20 01:14 - 2010-04-23 10:54 - 00000000 ____D () C:\Program Files\Atheros
2015-01-20 01:14 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-20 01:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-20 01:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-20 01:13 - 2011-06-21 21:14 - 00000000 ____D () C:\Program Files\Adobe
2015-01-20 01:13 - 2010-08-30 14:53 - 00000000 ____D () C:\Program Files\Alwil Software
2015-01-20 01:04 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 00:56 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-20 00:56 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-01-20 00:14 - 2010-06-30 04:00 - 01702239 _____ () C:\Windows\WindowsUpdate (1).log
2015-01-19 23:01 - 2011-02-28 23:45 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-19 22:59 - 2010-08-30 14:54 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-08 09:55 - 2010-06-29 14:33 - 00249488 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 20:31 - 2014-11-11 22:09 - 00044846 _____ () C:\Windows\IE11_main.log
2015-01-05 21:24 - 2013-08-12 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-01 20:28 - 2010-06-29 14:21 - 00002334 _____ () C:\Users\****\Desktop\graf kaffee Extern.RDP
2015-01-01 17:20 - 2011-06-21 21:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-01-01 16:07 - 2014-07-09 21:36 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-01 16:07 - 2014-01-21 21:25 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-01 16:07 - 2013-04-16 21:35 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-01 16:07 - 2013-04-16 21:35 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-01 16:07 - 2012-04-17 18:18 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-01 16:07 - 2010-08-30 14:54 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
==================== Files in the root of some directories =======
2014-11-11 21:14 - 2014-11-11 21:14 - 6000640 _____ () C:\Program Files\GUT1328.tmp
2014-11-11 21:13 - 2014-11-11 21:24 - 6000640 _____ () C:\Program Files\GUT8ECC.tmp
2015-01-22 20:28 - 2015-01-22 20:28 - 0000000 _____ () C:\ProgramData\HDPSetting.ini
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\NEventMessages.dll
C:\Users\****\AppData\Local\Temp\NEventMessages.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-20 20:41
==================== End Of Log ============================
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01
Ran by **** at 2015-01-25 20:39:52
Running from C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK8PFYBX
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Atheros 802.11 bgn Network Adapter (HKLM\...\InstallShield_{06A6143C-0703-4946-9E20-355F306ADF11}) (Version: 1.0.0.0 - Atheros)
Atheros 802.11 bgn Network Adapter (Version: 1.0.0.0 - Atheros) Hidden
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
AX88772A & AX88772 Windows 7 Drivers (HKLM\...\InstallShield_{620DA0EB-574D-45B5-B3E9-B85AECA41D59}) (Version: 1.0.0.0 - ASIX Electronics Corporation)
AX88772A & AX88772 Windows 7 Drivers (Version: 1.0.0.0 - ASIX Electronics Corporation) Hidden
Bluetooth Feature Pack 5.0 (HKLM\...\{0439D13F-C7CD-458A-90DE-44135CBD40B8}) (Version: 5.0.12 - CSR Plc.)
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Dynamo Combo (HKLM\...\Dynamo Combo) (Version: 2015.01.23.192328 - Dynamo Combo) <==== ATTENTION!
Google Chrome (HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hard Disk Protection (HKLM\...\InstallShield_{08188833-CF3E-4067-B884-6049B0A38A35}) (Version: 1.0.0.18C - Nokia)
Hard Disk Protection (Version: 1.0.0.18C - Nokia) Hidden
Hotkey Utility (HKLM\...\InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}) (Version: 1.0.0.21C - Nokia)
Hotkey Utility (Version: 1.0.0.21C - Nokia) Hidden
Intel(R) Graphics Media Accelerator 500 (HKLM\...\LPCO) (Version: - Intel Corporation)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Microsoft .NET Framework 4.5.1 (DEU) (HKLM\...\{9E871D09-064D-3BC9-963B-3AB8ABE1273D}) (Version: - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{4903D172-DCCB-392F-93A3-34CA9D47FE3D}) (Version: - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Miniprogramm zum Abrufen von Nokia Ovi Suite (HKLM\...\{3A519502-3354-4290-A852-7A1835BA678F}) (Version: 1.0.45 - Nokia)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Booklet Software Updater (HKLM\...\{8C7AC9E7-A635-4C73-B360-FE6AE4E8DD93}) (Version: 1.1.100 - Nokia)
Nokia Connectivity Cable Driver (HKLM\...\{F1FDAA01-988C-423F-AC12-0D8F333943FD}) (Version: 7.1.31.0 - Nokia)
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 2.2.0.245 - Nokia)
Nokia Ovi Suite (Version: 2.2.0.245 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM\...\{A0D65C73-F2C5-432F-8788-90F8A2E99B98}) (Version: 02.05.002.42441 - Nokia Corporation)
Nokia Social Hub (HKLM\...\{F4A31D1A-8ABB-4977-848E-26F76F5212B0}) (Version: 1.0.585 - Nokia)
Option WWAN Driver 5.1.37.0 Installer (HKLM\...\{884BB5CC-108E-41a9-936D-955C999C06A1}_x) (Version: 3.5.1.1140 - Option NV)
Option WWAN Driver 5.1.37.0 Installer (Version: 3.5.1.1140 - Option NV) Hidden
Ovi Desktop Sync Engine (Version: 1.4.78.0 - Nokia) Hidden
Ovi Maps Gadget (HKLM\...\{698A3082-B4AF-4113-8068-79C868C4B0C9}) (Version: 1.0.13867 - Nokia)
OviMPlatform (Version: 2.6.195.0 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{29F563F4-8807-4496-8463-441EAA0E96AB}) (Version: 10.26.0.0 - Nokia)
Power Management (HKLM\...\InstallShield_{C36E5EC0-A87E-4994-844B-1DE75ED22BD8}) (Version: 1.0.0.18C - Nokia)
Power Management (Version: 1.0.0.18C - Nokia) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5999 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoamingHelperSetup (HKLM\...\{C358D274-1BA4-4F57-95C4-4669AE126B99}) (Version: 1.0.0 - Option)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
Tap to wake up (HKLM\...\InstallShield_{0B23E38B-F4D8-44A9-A3D3-95020D35D8C9}) (Version: 1.0.0.19C - Nokia)
Tap to wake up (Version: 1.0.0.19C - Nokia) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Utility Common Driver (Version: 1.77.0.2C - NOKIA) Hidden
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.91\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
==================== Restore Points =========================
20-01-2015 21:07:30 Removed Windows 7 USB/DVD Download Tool
22-01-2015 22:14:43 Installed Bonjour Print Services
23-01-2015 20:49:30 Revo Uninstaller's restore point - Google Chrome
23-01-2015 21:15:12 Revo Uninstaller's restore point - PC Speed Maximizer v4.0
23-01-2015 21:18:27 Revo Uninstaller's restore point - Vosteran
23-01-2015 21:21:19 Revo Uninstaller's restore point - WSE_Vosteran
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2015-01-10 02:56 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {3201A1B4-6C25-46D5-BC40-232F14D989FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {383EBE8B-3945-465D-AFEB-2A81F916B7CC} - \SidebarExecute No Task File <==== ATTENTION
Task: {5FC356A9-9467-4AE8-BED5-F787D160D1B1} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-01-01] (AVAST Software)
Task: {773C2256-6E9D-4A26-B6A8-2B2B69FDB1FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {7E476722-6C80-4EA0-8B46-48B6F562E67C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {A320242A-44DE-4938-A0A7-6476C923136C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {A6B2DB9E-6523-460F-A1F1-6F1C15D943E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {DF4F6C72-D05F-409D-BB27-9014CFBBC242} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {E3457BE7-F260-4266-BE08-4DEE4761FA99} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {E7CE1F64-F0B0-4581-96EE-3E2882FEF1E6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F762FFD0-B96E-4EB6-933D-A91579976F09} - System32\Tasks\Nokia\Booklet software updater\Check for updates => NBSUTool.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-04-23 10:56 - 2009-12-24 19:13 - 00180224 _____ () C:\WINDOWS\system32\HDPSrv.exe
2010-04-23 10:51 - 2010-04-23 10:51 - 00011776 _____ () C:\Windows\system32\PrLdrSrv.exe
2010-04-23 10:51 - 2010-04-23 10:51 - 00024576 _____ () C:\Windows\system32\EKECioCtl.dll
2010-04-23 10:56 - 2009-12-24 19:13 - 00180224 _____ () C:\Windows\System32\HDPSrv.exe
2010-04-21 12:39 - 2010-04-21 12:39 - 02145792 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtCore4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 07983616 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtGui4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00335360 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtXml4.dll
2010-04-21 12:38 - 2010-04-21 12:38 - 00925184 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtNetwork4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00187904 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtSql4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00022528 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qgif4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00027648 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qico4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00119808 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qjpeg4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00220672 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qmng4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00278528 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qtiff4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00417792 _____ () C:\Program Files\Nokia\Nokia Social Hub\sqldrivers\qsqlite4.dll
2015-01-23 20:23 - 2015-01-23 21:33 - 00632568 _____ () C:\Program Files\Dynamo Combo\updateDynamoCombo.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3075977200-4285461987-214124539-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-3075977200-4285461987-214124539-501 - Limited - Disabled)
**** (S-1-5-21-3075977200-4285461987-214124539-1000 - Administrator - Enabled) => C:\Users\****
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/25/2015 08:41:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/25/2015 08:41:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/25/2015 08:41:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/25/2015 08:41:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/25/2015 08:41:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/25/2015 08:41:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/25/2015 08:41:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/25/2015 08:41:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/25/2015 08:41:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/25/2015 08:41:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (01/25/2015 07:59:54 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14
Error: (01/23/2015 09:48:35 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.
Error: (01/23/2015 09:48:32 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14
Error: (01/23/2015 09:27:33 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14
Error: (01/23/2015 09:27:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! Antivirus" wurde aufgrund folgenden Fehlers nicht gestartet:
%%14001
Error: (01/23/2015 09:25:16 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14
Error: (01/23/2015 09:00:18 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14
Error: (01/23/2015 09:00:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! Antivirus" wurde aufgrund folgenden Fehlers nicht gestartet:
%%14001
Error: (01/23/2015 08:57:57 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14
Error: (01/23/2015 08:40:25 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14
Microsoft Office Sessions:
=========================
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-25 21:34:32
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1235GSL rev.PV010A 111.79GB
Running: Gmer-19357.exe; Driver: C:\Users\****\AppData\Local\Temp\pwtdaaob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8963EAC4]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x896FA0BA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8963F5A2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8964B63C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8964B688]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8964B822]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8964B5AA]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x896FA494]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8964B5F2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x896FA724]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x896FA80E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8964B7DC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x89640390]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8963EB2A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x89643B86]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8963E716]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x896FA574]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8963EB90]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x89643F7C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x89640E78]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8964B666]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8964B6AA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8964B846]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8964B5D0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8964347E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8964B75A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8964B61A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8964386A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8964B800]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x896FA312]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x89640CEC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x896409FA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8963EBF6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8963EC5C]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x896FA670]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8963E7B0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8963E982]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8963E910]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8964055A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x896406BC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8963EA0A]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x896FA3E0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x896401EA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8963ECC2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x896FA244]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 8207A339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820B3D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 820BADC0 4 Bytes [C4, EA, 63, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 820BADE8 4 Bytes [BA, A0, 6F, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 820BAE48 4 Bytes [A2, F5, 63, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 820BAE9C 8 Bytes [3C, B6, 64, 89, 88, B6, 64, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 820BAEA8 4 Bytes [22, B8, 64, 89]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713255abf
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\002713255abf (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\002713255abf (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
---- EOF - GMER 2.1 ----
Bin gespannt ob Du noch etwas auffälliges findest.
Gruss
Schümli |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
