Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Wiederholter Systemstillstand für mehrere Minuten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 27.01.2015, 20:54   #1
os1
 
Windows 7: Wiederholter Systemstillstand für mehrere Minuten - Standard

Windows 7: Wiederholter Systemstillstand für mehrere Minuten



Hallo
Ich glaube eine Malware eingefangen zu haben, nachdem ich letzte Woche auf die Adobe Flash Player Version mit Sicherheitslücke (hinterher erfahren) updatet habe. Diese ist inzwischen natürlich deinstalliert.
Trotzdem scheint seither der PC wenige Minuten nach Neustart still zu stehen:
- Programme könnne weder gestartet noch geschlossen werden.
- TaskManager kann z.T. nicht gestartet werden
- Alt-Ctrl-Del reagiert häufig auch nicht.
Der Stillstand dauert 5-10 Minuten, dann wird wieder kurz 'gearbeitet' bevor der nächste Stillstand beginnt.

Hier meine Logs:
MalWareByte:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 27.01.2015
Scan Time: 15:29:24
Logfile: malwareBytes_Scan.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.11.20.06
Rootkit Database: v2014.11.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: os1

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 401446
Time Elapsed: 14 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, , [d333d8661e5ef93d737d89c7b74cfb05], 
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, , [ed1937076d0fef47e6381226ee1537c9], 
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-119511434-2858063106-181260139-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, , [d1354af44c3064d25b940c4412f18a76], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.InetStat.A, C:\Users\os1\AppData\Roaming\InetStat\inetstat.exe, , [ea1c84baa3d9a0964f59b3870af906fa], 

Physical Sectors: 0
(No malicious items detected)


(end)
         
FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by os1 (administrator) on OS1-HP-DV7-7040 on 27-01-2015 20:06:35
Running from C:\Users\os1\Downloads
Loaded Profiles: os1 (Available profiles: UpdatusUser & os1 & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2014-02-20] (IDT, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2015-01-27] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-119511434-2858063106-181260139-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-119511434-2858063106-181260139-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-119511434-2858063106-181260139-1001\...\Policies\system: [DisableChangePassword] 0
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-02-27] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-02-27] (NVIDIA Corporation)
AppInit_DLLs-x32: , c:\progra~2\citrix\icacli~1\rshook.dll => "c:\progra~2\citrix\icacli~1\rshook.dll" File Not Found
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52251;https=127.0.0.1:52251
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-119511434-2858063106-181260139-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://cag.axpo.com/vpn/index.html
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {56E4BF69-E250-4484-907A-9CBFCF673C94} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {56E4BF69-E250-4484-907A-9CBFCF673C94} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-119511434-2858063106-181260139-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-119511434-2858063106-181260139-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-119511434-2858063106-181260139-1001 -> No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\os1\AppData\Roaming\Mozilla\Firefox\Profiles\t5bg2c2y.default-1407583963475
FF Homepage: hxxp://www.srf.ch/meteo
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-27]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll No File
CHR Plugin: (Simple Pass) - C:\Users\os1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh\1.5_0\npwebsitelogon.dll (HP)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\os1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\os1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-02]
CHR Extension: (YouTube) - C:\Users\os1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-02]
CHR Extension: (Google-Suche) - C:\Users\os1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-02]
CHR Extension: (Website Logon) - C:\Users\os1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh [2012-12-02]
CHR Extension: (Google Mail) - C:\Users\os1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-27]
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-27] (AVAST Software)
S2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-27] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-27] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-27] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-27] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-27] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-27] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2014-02-20] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [919552 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [47232 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-14] (Synaptics Incorporated)
S3 CpqDfw; system32\drivers\CpqDfw.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 20:06 - 2015-01-27 20:07 - 00020213 _____ () C:\Users\os1\Downloads\FRST.txt
2015-01-27 20:06 - 2015-01-27 20:06 - 02129920 _____ (Farbar) C:\Users\os1\Downloads\FRST64.exe
2015-01-27 20:05 - 2015-01-27 20:05 - 00000470 _____ () C:\Users\os1\Desktop\defogger_disable.log
2015-01-27 20:04 - 2015-01-27 20:04 - 00000468 _____ () C:\Users\os1\Downloads\defogger_disable.log
2015-01-27 20:04 - 2015-01-27 20:04 - 00000000 _____ () C:\Users\os1\defogger_reenable
2015-01-27 20:03 - 2015-01-27 20:03 - 00050477 _____ () C:\Users\os1\Downloads\Defogger.exe
2015-01-27 19:32 - 2015-01-27 19:32 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-27 19:32 - 2015-01-27 19:32 - 00001964 _____ () C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2015-01-27 19:32 - 2015-01-27 19:32 - 00000000 ____D () C:\Users\os1\AppData\Roaming\AVAST Software
2015-01-27 19:32 - 2015-01-27 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-27 19:31 - 2015-01-27 19:31 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-01-27 19:31 - 2015-01-27 19:31 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-27 19:31 - 2015-01-27 19:31 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-27 19:31 - 2015-01-27 19:31 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-27 19:31 - 2015-01-27 19:31 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-27 19:31 - 2015-01-27 19:31 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-27 19:31 - 2015-01-27 19:31 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-27 19:31 - 2015-01-27 19:31 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-27 19:31 - 2015-01-27 19:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-27 19:31 - 2015-01-27 19:31 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-27 19:30 - 2015-01-27 19:30 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-27 19:19 - 2015-01-27 19:20 - 132469808 _____ (AVAST Software) C:\Users\os1\Downloads\avast_free_antivirus_setup.exe
2015-01-27 19:14 - 2015-01-27 19:25 - 00000000 ____D () C:\OETemp
2015-01-27 17:39 - 2015-01-27 17:39 - 00090786 _____ () C:\Users\os1\Desktop\Extras.Txt
2015-01-27 17:38 - 2015-01-27 17:38 - 00081276 _____ () C:\Users\os1\Desktop\OTL.Txt
2015-01-27 16:50 - 2015-01-27 16:50 - 00001306 _____ () C:\Users\os1\Desktop\gmer.log
2015-01-27 16:42 - 2015-01-27 16:43 - 00000928 _____ () C:\Users\os1\Desktop\Anleitung GMER.txt
2015-01-27 16:41 - 2015-01-27 16:41 - 00029489 _____ () C:\Users\os1\Desktop\FRST.txt
2015-01-27 16:40 - 2015-01-27 16:40 - 00031666 _____ () C:\Users\os1\Desktop\Addition.txt
2015-01-27 16:39 - 2015-01-27 20:06 - 00000000 ____D () C:\FRST
2015-01-27 15:45 - 2015-01-27 15:45 - 00001561 _____ () C:\Users\os1\Desktop\malwareBytes_Scan.txt
2015-01-27 15:29 - 2015-01-27 15:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 15:29 - 2015-01-27 15:29 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-27 15:29 - 2015-01-27 15:29 - 00001102 _____ () C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-27 15:29 - 2015-01-27 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-27 15:29 - 2015-01-27 15:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-27 15:29 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-27 15:29 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-27 15:29 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-27 15:08 - 2015-01-27 15:08 - 00000000 ____D () C:\Users\os1\AppData\Local\MFAData
2015-01-27 15:08 - 2015-01-27 15:08 - 00000000 ____D () C:\Users\os1\AppData\Local\Avg2015
2015-01-27 15:08 - 2015-01-27 15:08 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-27 09:44 - 2015-01-27 19:58 - 00640976 _____ () C:\Windows\PFRO.log
2015-01-26 23:43 - 2015-01-27 19:22 - 00000952 _____ () C:\Windows\setupact.log
2015-01-26 23:43 - 2015-01-26 23:43 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-25 22:29 - 2015-01-27 19:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-25 22:27 - 2015-01-27 19:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-22 22:05 - 2015-01-22 22:05 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-22 22:05 - 2015-01-22 22:05 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-22 22:05 - 2015-01-22 22:05 - 00000822 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2015-01-22 22:05 - 2015-01-22 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-22 22:05 - 2015-01-22 22:05 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-22 10:20 - 2015-01-22 10:20 - 00001606 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
2015-01-22 10:19 - 2015-01-22 10:20 - 00000000 ____D () C:\ProgramData\Citrix
2015-01-22 09:06 - 2015-01-22 09:06 - 00000000 ____D () C:\Users\os1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2015-01-16 14:19 - 2015-01-16 14:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-15 11:17 - 2015-01-27 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-13 22:32 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 22:32 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 22:31 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 22:31 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 22:31 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 22:31 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 22:31 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 22:31 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 22:31 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 22:31 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 22:31 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 22:31 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 22:31 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 20:04 - 2012-06-05 19:03 - 00000000 ____D () C:\Users\os1
2015-01-27 19:42 - 2012-12-02 21:42 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 19:31 - 2012-06-05 19:02 - 01049635 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 19:30 - 2009-07-14 05:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 19:30 - 2009-07-14 05:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 19:23 - 2012-12-02 21:42 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 19:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 15:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-01-27 15:45 - 2014-11-30 20:27 - 00000000 ____D () C:\Users\os1\AppData\Roaming\InetStat
2015-01-27 15:07 - 2012-03-03 01:38 - 00729176 _____ () C:\Windows\system32\perfh007.dat
2015-01-27 15:07 - 2012-03-03 01:38 - 00159172 _____ () C:\Windows\system32\perfc007.dat
2015-01-27 15:07 - 2009-07-14 06:13 - 01678284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 14:09 - 2014-09-25 07:33 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForos1.job
2015-01-26 21:37 - 2013-05-23 19:00 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EE509C6A-D7EB-4AEE-9B61-3D636DF60392}
2015-01-26 21:26 - 2012-06-17 18:47 - 01623584 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-22 22:20 - 2012-06-18 22:13 - 00000000 ____D () C:\Users\os1\Documents\Daten
2015-01-22 22:18 - 2013-05-15 19:18 - 00000000 ____D () C:\Users\os1\AppData\Roaming\TeamViewer
2015-01-22 22:17 - 2012-11-02 23:38 - 00000000 ____D () C:\Users\os1\AppData\Local\CrashDumps
2015-01-22 22:17 - 2012-07-15 19:17 - 00000000 ____D () C:\Windows\Minidump
2015-01-22 22:17 - 2007-01-02 02:25 - 00000000 ____D () C:\Windows\Panther
2015-01-22 22:02 - 2012-06-25 10:14 - 00000000 ____D () C:\Users\os1\AppData\Local\Adobe
2015-01-22 14:09 - 2014-09-25 07:33 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForos1
2015-01-22 10:20 - 2012-06-19 20:48 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-01-22 10:20 - 2012-06-18 20:17 - 00000000 ____D () C:\Users\os1\AppData\Local\Citrix
2015-01-22 10:01 - 2012-10-01 14:36 - 00000000 ____D () C:\Users\os1\AppData\Roaming\FreePDF
2015-01-22 10:01 - 2012-10-01 14:36 - 00000000 ____D () C:\Program Files (x86)\FreePDF_XP
2015-01-22 09:58 - 2014-12-02 10:28 - 00000093 _____ () C:\Users\os1\AppData\Roaming\ARCompanion.log
2015-01-22 09:56 - 2012-10-07 15:59 - 00000000 ____D () C:\Users\Gast\AppData\Local\Citrix
2015-01-22 09:56 - 2012-03-02 17:32 - 00000000 ____D () C:\ProgramData\Skype
2015-01-22 09:25 - 2014-04-08 10:14 - 00000000 ____D () C:\Users\os1\AppData\Roaming\Dropbox
2015-01-22 09:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-22 08:31 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-20 13:46 - 2014-04-08 10:15 - 00000000 ___RD () C:\Users\os1\Dropbox
2015-01-15 08:42 - 2013-08-15 00:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 08:36 - 2012-06-17 21:14 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-08 08:08 - 2012-07-19 20:17 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-08 08:08 - 2012-06-20 21:47 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-12-02 10:28 - 2015-01-22 09:58 - 0000093 _____ () C:\Users\os1\AppData\Roaming\ARCompanion.log
2012-06-19 21:39 - 2012-06-19 21:39 - 0000600 _____ () C:\Users\os1\AppData\Roaming\winscp.rnd
2012-11-05 23:14 - 2012-11-05 23:14 - 0004608 _____ () C:\Users\os1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-23 20:40 - 2014-11-23 20:40 - 0007602 _____ () C:\Users\os1\AppData\Local\Resmon.ResmonCfg
2014-04-28 22:35 - 2014-09-08 21:16 - 0001534 _____ () C:\ProgramData\ss.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-15 13:03

==================== End Of Log ============================
         
FRST Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by os1 at 2015-01-27 20:07:59
Running from C:\Users\os1\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Banana Buchhaltung 5.0 (HKLM-x32\...\Banana50_is1) (Version: 5.0.5.0 - Banana.ch SA - Lugano (Switzerland))
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.140 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3700 - Broadcom Corporation)
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.2.4725 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DXF Editor 1 (HKLM-x32\...\DXF Editor 1) (Version:  - )
EasyTax 2011 AG 1.0 (HKLM-x32\...\EasyTax 2011 AG 1.0) (Version:  - HWI Solutions AG)
EasyTax 2012 AG 1.0 (HKLM-x32\...\3785-6780-1293-3574) (Version: 1.0 - HWI Solutions AG)
EasyTax 2013 AG 1.0 (HKLM-x32\...\4093-4123-1528-3000) (Version: 1.0 - HWI Solutions AG)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
FreeRIP MP3 Converter 4.5.1 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.1 - GreenTree Applications SRL)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{B288E426-9954-451C-B811-B0F234CF0EDD}) (Version: 1.3.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{18F4179A-385F-40EE-AE2D-FA0E1BE62753}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2626 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.3.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Firefox 35.0 (x86 de) (HKU\S-1-5-21-119511434-2858063106-181260139-1001\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 13.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 13.0.1 (x86 de)) (Version: 13.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKU\S-1-5-21-119511434-2858063106-181260139-1001\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
NVIDIA Grafiktreiber 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.00 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
Self-Service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
SketchUp 8 (HKLM-x32\...\{B8F4A45C-581C-4707-8EF2-2B9E6722270C}) (Version: 3.0.16944 - Trimble Navigation Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{DA83578A-7DB2-4CF6-9453-CF24C7917AB8}) (Version: 4.3.301.0 - Validity Sensors, Inc.)
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinSCP 4.3.8 (HKLM-x32\...\winscp3_is1) (Version: 4.3.8 - Martin Prikryl)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-01-2015 19:29:11 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E2BE6D6-77FC-4BC0-9570-2C1A9C8083F3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2654385A-4048-4328-ADDA-DF3F90889DF3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-27] (AVAST Software)
Task: {2F77C56C-5783-433E-B5D0-647AED9772ED} - System32\Tasks\HPCeeScheduleForos1 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {62AB74C1-CD83-4614-8D76-9B89FB9BA61B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {670C40A0-DA37-40FE-8F27-45626C479861} - System32\Tasks\{09D8B7D7-5FF7-472E-BD7E-E6D439E63D11} => pcalua.exe -a E:\Scheduler\sched_install.exe -d E:\Scheduler
Task: {77F1679B-3593-4A4D-B118-95F67A886CDE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {79422F6C-0E05-46D3-A8C8-DADCECDEBD53} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-08-19] (Hewlett-Packard Development Company, L.P.)
Task: {7E49E0E3-A9AD-4B24-A363-3506AF77C681} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {83500030-BCFF-40EC-B25B-ECA17D03E993} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {83B84B58-91D3-4256-8B95-7831CA3F38B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {9D9C67BF-1F45-48C2-A896-8682D76910FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {A0E27370-1949-435A-B69D-5B38FCEA074E} - System32\Tasks\{17730322-4802-4151-ABE3-638ECFB8DFBA} => pcalua.exe -a C:\Users\os1\AppData\Roaming\qone8\UninstallManager.exe -c  -ptid=smt
Task: {B1B33C9F-98E5-4C73-8088-732114B955B2} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForos1.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2015-01-16 14:19 - 2015-01-16 14:19 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-01-16 14:19 - 2015-01-16 14:19 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-16 14:19 - 2015-01-16 14:19 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-01-15 11:17 - 2015-01-15 11:17 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-119511434-2858063106-181260139-500 - Administrator - Disabled)
Gast (S-1-5-21-119511434-2858063106-181260139-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-119511434-2858063106-181260139-1003 - Limited - Enabled)
os1 (S-1-5-21-119511434-2858063106-181260139-1001 - Administrator - Enabled) => C:\Users\os1
UpdatusUser (S-1-5-21-119511434-2858063106-181260139-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2015 08:05:24 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/27/2015 08:05:24 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/27/2015 08:00:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 07:59:55 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/27/2015 07:59:55 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/27/2015 07:49:33 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/27/2015 07:49:33 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/27/2015 07:29:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary rgntjilu.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/27/2015 07:24:30 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/27/2015 07:24:30 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (01/27/2015 08:07:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/27/2015 08:07:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/27/2015 08:07:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/27/2015 08:06:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/27/2015 08:06:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/27/2015 08:06:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/27/2015 08:03:57 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (01/27/2015 08:03:57 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (01/27/2015 08:03:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/27/2015 08:03:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (05/09/2013 09:44:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4954 seconds with 3960 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-05-30 17:05:29.845
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-30 17:05:29.804
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-30 17:05:27.202
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-30 17:05:27.151
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-30 17:05:25.086
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-30 17:05:25.045
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-30 17:05:22.993
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-30 17:05:22.951
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-30 17:05:20.803
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-30 17:05:20.762
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 16%
Total physical RAM: 8087.31 MB
Available physical RAM: 6762.37 MB
Total Pagefile: 16172.8 MB
Available Pagefile: 14902.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:783.46 GB) (Free:650.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:24.19 GB) (Free:2.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2D0CA8EA)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=783.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=24.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)

==================== End Of Log ============================
         

Würde mich sehr über Unterstützung freuen und bitte um Nachsicht, da ich ein absoluter Foren-Neuling bin.
Vielen Dank im Voraus,
OS1

 

Themen zu Windows 7: Wiederholter Systemstillstand für mehrere Minuten
adware, antivirus, browser, computer, converter, desktop, device driver, excel, fehler, firefox, flash player, helper, home, homepage, iexplore.exe, install.exe, installmanager.exe, malware, mozilla, mp3, realtek, security, services.exe, software, stillstand, system, taskmanager, usb, windows




Ähnliche Themen: Windows 7: Wiederholter Systemstillstand für mehrere Minuten


  1. Windows 7 lädt ca. 6 Minuten, Desktop dann 2 weitere Minuten, Combofix zeigte Infektion
    Log-Analyse und Auswertung - 30.08.2015 (25)
  2. Windows 7 lädt ca. 6 Minuten, Desktop dann 2 weitere Minuten, Combofix zeigte Infektion
    Alles rund um Windows - 09.08.2015 (4)
  3. Windows Vista braucht ca. 10 Minuten zum booten
    Alles rund um Windows - 16.06.2015 (21)
  4. Windows 7: Bootzeit von 10 Minuten, keine Malware sonder Windows Problem.
    Alles rund um Windows - 10.11.2014 (9)
  5. Windows 7: Bootzeit von 10 Minuten
    Log-Analyse und Auswertung - 10.11.2014 (17)
  6. Windows 8.1 Anmeldung dauert bis zu drei Minuten
    Alles rund um Windows - 01.08.2014 (2)
  7. Windows 7: Wiederholter Befall mit Softango.A, TR/Dropper.Gen und WIN.Adware.Solimba-3
    Log-Analyse und Auswertung - 10.02.2014 (5)
  8. PC hängt sich auf wenn ich mehrere Minuten in Mozilla Firefox surfe.
    Log-Analyse und Auswertung - 02.12.2013 (13)
  9. Wiederholter Befall mit "PUP.Optional.Conduit.A"
    Log-Analyse und Auswertung - 15.10.2013 (7)
  10. Windows regiert nicht mehr - Jede 2 Minuten :(
    Plagegeister aller Art und deren Bekämpfung - 02.10.2013 (5)
  11. Windows 7: PC springt alle paar Minuten auf den Desktop
    Log-Analyse und Auswertung - 25.09.2013 (17)
  12. Windows Systemstart dauert über 2 Minuten (Windows XP)
    Alles rund um Windows - 08.08.2012 (6)
  13. Windows XP Bootvorgang dauert Minuten
    Log-Analyse und Auswertung - 02.06.2008 (2)
  14. pc braucht 10 minuten zum hochfahren,programme brauchen minuten zum starten,hängt si.
    Plagegeister aller Art und deren Bekämpfung - 16.08.2007 (22)
  15. Windows ändert sich anch 5 minuten!
    Log-Analyse und Auswertung - 28.08.2006 (6)

Zum Thema Windows 7: Wiederholter Systemstillstand für mehrere Minuten - Hallo Ich glaube eine Malware eingefangen zu haben, nachdem ich letzte Woche auf die Adobe Flash Player Version mit Sicherheitslücke (hinterher erfahren) updatet habe. Diese ist inzwischen natürlich deinstalliert. Trotzdem - Windows 7: Wiederholter Systemstillstand für mehrere Minuten...
Archiv
Du betrachtest: Windows 7: Wiederholter Systemstillstand für mehrere Minuten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.