| |
| |||||||
Log-Analyse und Auswertung: Windows7 Firewall startet nicht Fehler 0x8007042cWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.01.2014, 16:46
| #1 |
 |  Windows7 Firewall startet nicht Fehler 0x8007042c hier mein mit otl erstellter Log: Extra.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.01.2014 14:42:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\markus\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,75 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 73,78% Memory free
7,49 Gb Paging File | 6,47 Gb Available in Paging File | 86,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,50 Gb Total Space | 390,65 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
Computer Name: MARKUS-PC | User Name: markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-409195208-536281958-3444761892-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014A321C-07F4-4D26-9AD3-255D674F4B3B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{08A194BD-44AF-41AD-81C7-30F5251EBAF4}" = rport=138 | protocol=17 | dir=out | app=system |
"{08CBBFF3-B3ED-4764-A3DC-737150313DA0}" = lport=137 | protocol=17 | dir=in | app=system |
"{239C6E3C-C5A0-42E7-9CF4-12112501FC0C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2DEE8875-3067-434B-96DA-07D4A12C674D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39D7BA02-6822-4F9F-96DD-B47300265EE2}" = lport=138 | protocol=17 | dir=in | app=system |
"{5DBF8D5C-7A4F-44B8-B56C-D9AADFA5F911}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61145437-73B1-46C7-A19A-ED4E7C731EE1}" = rport=139 | protocol=6 | dir=out | app=system |
"{6AB72650-D8D4-42FD-B93F-389448E2C71F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6C12688C-538B-41A1-91A0-5E8E6205E79F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{74E2BA39-9FE7-4300-BA8A-B016DD35DA49}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{88B35772-0656-48F8-BF30-6E74F1FB09CD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9069F421-E9C8-4A9A-B406-340B6BEE59DA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98F7328A-50EE-4F98-B612-D4DF94B7125B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A08B6DAE-595A-424A-8548-DF4AD78D7C98}" = rport=137 | protocol=17 | dir=out | app=system |
"{ACA5AEBE-855D-4AF3-AF35-8C692C2B6813}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3096F3B-A19F-4EF0-9AD5-3C77BEB3DE31}" = lport=139 | protocol=6 | dir=in | app=system |
"{C0C618F6-4F10-4F36-B7C8-81980B41342C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C413E094-4102-4650-BB5C-C69FF162B0B4}" = rport=445 | protocol=6 | dir=out | app=system |
"{CFC5D13E-9738-4F0C-9E7D-127C6DFD1E18}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5D6F25D-6EFE-4AA3-BC4E-220134A30518}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC249FFC-FF32-4F46-A225-B7596DD6A919}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEEACE50-F37C-40BD-B88D-C81E18624C4C}" = lport=445 | protocol=6 | dir=in | app=system |
"{F633C12D-BCE2-4160-BB77-747622404A8E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7DFBB39-9E52-46E8-9152-EFC59271D26D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B4FF3B-DE4B-4442-831F-DA0338A5EC5D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{04EDF99A-88C7-4F93-A5D9-FB5C18E8B693}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{05ED3503-6472-4693-A008-6A207909D655}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{10CFE27F-AE18-454F-B2B8-80E622C5DA17}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A514028-67F2-423E-8C37-F3F7D4E627BF}" = protocol=6 | dir=out | app=system |
"{1C38475D-E579-42D7-8AF8-378D271CDC1D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1EDAD215-77EA-4414-A9F0-A84F1C9AE351}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{25972B66-BBAA-4534-BF1A-DB16B9CC58DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{291CDE7A-0133-4B21-AA7C-2522563B55C3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{37CD209A-06D6-439A-B6BC-841403D33E0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37E0AAA4-3B8D-4761-B725-CE5710B5A16B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{62B04ABF-31B7-4EE8-926B-6FFEDA0DD5A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7385E925-B4DA-4286-A495-79139FD8ADA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E010A9E-B921-4503-B579-F2B165F848D1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A3B54C86-7AE3-45A0-B6D3-81AB1265AD77}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{A952A1B6-C9EA-4529-B69A-EDF2900874E8}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B497D1F8-79CE-4882-82E5-FD0BE47B0C6C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B6C85C55-61C1-4805-B14F-B1C5B68B2270}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2161DE4-1067-40F2-B6CF-B9A8D461A976}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C3C6E4DE-9D48-4807-8AA9-7B91FC2C2687}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C69BB884-3AF3-424D-8418-5B8B098D82A4}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D0FAAD36-4E12-4161-9DD1-6E6A8CFECA20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D25E6C4B-793A-4BF4-80F9-5F9ADB17DEAE}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{DB5D0AFA-D2C1-4BFB-BEA1-F0019FC5BD53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE78E6BA-1A5E-4C53-89D5-0C01B0B5EDE2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E045763D-D69F-4155-9157-7495478F6E4B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F27D3E0F-E448-41FF-B30E-7AB3EF66BC9D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FE4F859D-1C64-48D5-9A00-CC4DA00CEEB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{3345AAB1-E31E-4DBB-B257-FE87BC136726}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{5997C0FC-D927-4F38-A680-EEF7998C9E18}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0158415-15CA-B2A0-928D-E755DD506C0D}" = ATI Catalyst Install Manager
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AD136254-E6F2-EAE8-7E36-9D65E13B0A7E}" = ccc-utility64
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"Microsoft Security Client" = Microsoft Security Essentials
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A1F857-F5C6-0842-333A-FA7806FAF70A}" = CCC Help Danish
"{038EBE9A-2AD4-9B6D-C7FB-377FF5112C16}" = CCC Help Swedish
"{08840099-3121-798D-88BB-76C5087890AF}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C808377-8C23-44ED-9016-05F42E6D4900}" = Nokia Suite
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1D7E84F5-7AA3-CD1F-3EA1-975313E9293A}" = CCC Help Portuguese
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1ED4CA4A-2ABA-9302-D7F3-A0597294828B}" = Catalyst Control Center Graphics Light
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22037905-EB4C-3427-DD8C-6ABBBE306B0D}" = CCC Help Polish
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{284B8BD0-0046-288F-79E3-160F17D18904}" = CCC Help Spanish
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29373274-977E-413C-A4DE-DC0F8E80C429}" = Nokia Connectivity Cable Driver
"{2B33E393-D2DE-E00C-95A2-96AB49FC2DBB}" = CCC Help Norwegian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37E6B486-08A4-3383-29BB-BD0591BD0E9D}" = Catalyst Control Center Core Implementation
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{401F4EB7-FDF4-1B7A-54F6-5EE7CF0C0F8F}" = CCC Help Chinese Standard
"{427DB714-23EF-6CBC-4DD1-015674AF8AB7}" = CCC Help Finnish
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4493F494-3E4D-E35C-BF37-1EF22539DCE3}" = CCC Help Korean
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{573EC8CA-E2FD-B1F7-4DAB-671AD39888A7}" = CCC Help Japanese
"{5869CFDE-54D8-D3F1-A8F5-4FCA8A910BFB}" = Catalyst Control Center Graphics Previews Common
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5B5CF192-F4BB-A213-CE03-7C8FB7A5E3E2}" = Catalyst Control Center Graphics Full New
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager
"{679A43C5-1A03-CF8F-B73E-C4A095C2687D}" = CCC Help French
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7B037B61-22B4-C382-DCD9-05DB38D1149D}" = CCC Help Italian
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81E6A85A-EF55-F1F4-3CBB-BE01F03CE3F3}" = CCC Help Hungarian
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D705770-8266-3A59-3AD8-6E666EC4CF77}" = CCC Help Thai
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B449C1A-4F64-4ED4-8C96-31B222E8377F}" = BlackBerry Desktop Software 4.2.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E0FC21F-1DC1-0B4C-E8E0-74420102C75B}" = CCC Help Chinese Traditional
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A479E320-40DB-BDA6-6CEB-A08C9DEDE80C}" = ccc-core-static
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1B7FDAA-9DC3-2408-18B2-9B4CB8CF0F80}" = CCC Help German
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BCFDADA0-04B1-6335-6362-BB854A216C23}" = CCC Help Russian
"{C214A856-F569-0065-714F-8D2A4A092C6C}" = CCC Help Turkish
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9413C02-2978-BC8B-D67C-6FF88ADBD1A3}" = CCC Help English
"{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A}" = LogMeIn
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0485C2A-6BED-4E6A-8517-A1ED3F990AB2}" = Catalyst Control Center Graphics Full Existing
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.194.1021
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D78667E4-E8EB-2B30-5029-29B9C3367B85}" = CCC Help Dutch
"{DB17E288-610C-45DC-E160-E7EB09A1FA88}" = Catalyst Control Center Localization All
"{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E45E3860-CDA5-93DF-8DAA-9AC4E556BF11}" = CCC Help Greek
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F623B2D2-9070-FF31-F47A-287802544F71}" = Catalyst Control Center InstallProxy
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BlackBerry_{9B449C1A-4F64-4ED4-8C96-31B222E8377F}" = BlackBerry Desktop Software 4.2.2
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.01" = GPL Ghostscript 9.01
"Identity Card" = Identity Card
"iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"Mozilla Thunderbird 24.2.0 (x86 de)" = Mozilla Thunderbird 24.2.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"WinLiveSuite" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.03.2013 03:06:52 | Computer Name = markus-PC | Source = Windows Search Service | ID = 7040
Description =
Error - 13.03.2013 03:06:52 | Computer Name = markus-PC | Source = Windows Search Service | ID = 7042
Description =
Error - 13.03.2013 03:06:52 | Computer Name = markus-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 13.03.2013 03:06:52 | Computer Name = markus-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 13.03.2013 03:06:52 | Computer Name = markus-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 13.03.2013 03:06:52 | Computer Name = markus-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 13.03.2013 03:06:52 | Computer Name = markus-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 13.03.2013 03:06:52 | Computer Name = markus-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 13.03.2013 05:53:09 | Computer Name = markus-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 18.03.2013 09:36:28 | Computer Name = markus-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814,
Zeitstempel: 0x5138a1d3 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814,
Zeitstempel: 0x5138a0ed Ausnahmecode: 0xc0000005 Fehleroffset: 0x00172818 ID des fehlerhaften
Prozesses: 0xad4 Startzeit der fehlerhaften Anwendung: 0x01ce23ad925ed302 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
d568e9ac-8fd0-11e2-9e00-206a8a2d8d1b
[ Media Center Events ]
Error - 03.06.2011 02:50:10 | Computer Name = markus-PC | Source = MCUpdate | ID = 0
Description = 08:50:10 - Fehler beim Herstellen der Internetverbindung. 08:50:10
- Serververbindung konnte nicht hergestellt werden..
Error - 03.06.2011 02:50:26 | Computer Name = markus-PC | Source = MCUpdate | ID = 0
Description = 08:50:16 - Fehler beim Herstellen der Internetverbindung. 08:50:16
- Serververbindung konnte nicht hergestellt werden..
Error - 04.06.2011 03:05:14 | Computer Name = markus-PC | Source = MCUpdate | ID = 0
Description = 09:05:13 - Fehler beim Herstellen der Internetverbindung. 09:05:13
- Serververbindung konnte nicht hergestellt werden..
Error - 04.06.2011 03:05:25 | Computer Name = markus-PC | Source = MCUpdate | ID = 0
Description = 09:05:19 - Fehler beim Herstellen der Internetverbindung. 09:05:19
- Serververbindung konnte nicht hergestellt werden..
Error - 04.06.2011 04:05:33 | Computer Name = markus-PC | Source = MCUpdate | ID = 0
Description = 10:05:32 - Fehler beim Herstellen der Internetverbindung. 10:05:32
- Serververbindung konnte nicht hergestellt werden..
Error - 04.06.2011 04:05:39 | Computer Name = markus-PC | Source = MCUpdate | ID = 0
Description = 10:05:38 - Fehler beim Herstellen der Internetverbindung. 10:05:38
- Serververbindung konnte nicht hergestellt werden..
Error - 02.12.2013 22:15:50 | Computer Name = markus-PC | Source = MCUpdate | ID = 0
Description = 03:15:45 - Fehler beim Herstellen der Internetverbindung. 03:15:45
- Serververbindung konnte nicht hergestellt werden..
Error - 02.12.2013 23:16:16 | Computer Name = markus-PC | Source = MCUpdate | ID = 0
Description = 04:16:15 - Fehler beim Herstellen der Internetverbindung. 04:16:15
- Serververbindung konnte nicht hergestellt werden..
Error - 03.12.2013 00:16:22 | Computer Name = markus-PC | Source = MCUpdate | ID = 0
Description = 05:16:21 - Fehler beim Herstellen der Internetverbindung. 05:16:21
- Serververbindung konnte nicht hergestellt werden..
Error - 03.12.2013 01:16:27 | Computer Name = markus-PC | Source = MCUpdate | ID = 0
Description = 06:16:26 - Fehler beim Herstellen der Internetverbindung. 06:16:26
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 05.01.2014 09:41:07 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 05.01.2014 09:41:17 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet:
%%5
Error - 05.01.2014 09:41:17 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Basisfiltermodul" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%5
Error - 05.01.2014 09:41:34 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet:
%%5
Error - 05.01.2014 09:41:36 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet:
%%5
Error - 05.01.2014 09:41:36 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPsec-Richtlinien-Agent" ist vom Dienst "Basisfiltermodul"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%5
Error - 05.01.2014 09:41:36 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet:
%%5
Error - 05.01.2014 09:41:36 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Basisfiltermodul" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%5
Error - 05.01.2014 09:41:37 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet:
%%5
Error - 05.01.2014 09:41:37 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%5
< End of report >
OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.01.2014 14:42:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\markus\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 73,78% Memory free 7,49 Gb Paging File | 6,47 Gb Available in Paging File | 86,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,50 Gb Total Space | 390,65 Gb Free Space | 86,52% Space Free | Partition Type: NTFS Computer Name: MARKUS-PC | User Name: markus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.12.30 14:51:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\markus\Desktop\OTL.exe PRC - [2013.06.26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2013.06.26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.08.11 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2013.01.28 12:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 12:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.11.26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2010.04.27 07:49:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.12.13 19:50:17 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.12.13 13:09:13 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint) SRV - [2013.12.13 13:09:08 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2013.12.11 17:57:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.10.23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.10.23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013.06.26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2013.06.26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2013.06.21 08:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.04.30 09:57:00 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn) SRV - [2013.04.18 10:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.11 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.06.11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.12.13 13:09:08 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV:64bit: - [2013.09.27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2013.08.29 02:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2013.06.26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2013.06.26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2013.06.26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2013.06.26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2013.04.30 09:57:00 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV:64bit: - [2013.04.30 09:56:42 | 000,014,944 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\radpms.sys -- (radpms) DRV:64bit: - [2013.04.30 09:56:42 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr) DRV:64bit: - [2013.01.23 09:31:52 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2013.01.23 09:31:52 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2013.01.23 09:31:52 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2013.01.23 09:31:52 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2013.01.23 09:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2013.01.23 09:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.12.13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.10.17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.06.08 04:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2010.06.04 12:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.04.28 23:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.28 23:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.04.27 13:56:34 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.04.27 07:17:26 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.04.08 13:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.03.27 05:43:58 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.08.24 02:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2007.05.14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2007.03.23 02:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2007.01.18 14:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV - [2013.04.30 09:57:00 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys -- (LMIInfo) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-409195208-536281958-3444761892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-409195208-536281958-3444761892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2013-12-30&ent=hp&u=75D3D5BF6019789A770C3E52C19D3F14 IE - HKU\S-1-5-21-409195208-536281958-3444761892-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-409195208-536281958-3444761892-1000\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKU\S-1-5-21-409195208-536281958-3444761892-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2013-12-30&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} IE - HKU\S-1-5-21-409195208-536281958-3444761892-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms} IE - HKU\S-1-5-21-409195208-536281958-3444761892-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-409195208-536281958-3444761892-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "https://www.google.de" FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1 FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2.3 FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1024 FF - prefs.js..extensions.enabledAddons: searchyoutube%40searchyoutube.fr:1.0 FF - prefs.js..extensions.enabledAddons: trafficlight%40bitdefender.com:0.2.16 FF - prefs.js..extensions.enabledAddons: virusscan%40bullguard.com:1.0.3 FF - prefs.js..extensions.enabledAddons: %7B27c60876-b5c9-4335-b4f3-52b26782220c%7D:0.9.4 FF - prefs.js..extensions.enabledAddons: %7B4cc4a13b-94a6-7568-370d-5f9de54a9c7f%7D:2.5 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118 FF - prefs.js..extensions.enabledAddons: %7Bef62e1ce-d2a4-4cdd-b7ec-92b120366b66%7D:2.7.8 FF - prefs.js..extensions.enabledAddons: %7Bf13b157f-b174-47e7-a34d-4815ddfdfeb8%7D:0.9.89 FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: autopager%40mozilla.org:0.8.0.10 FF - prefs.js..extensions.enabledAddons: snt%40dotlabs.co:1.0 FF - prefs.js..extensions.enabledAddons: om%40offermosquito.com:1.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - prefs.js..keyword.URL: "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=" FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.13 19:49:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.12.11 15:39:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.13 19:49:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.12.11 15:39:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.03.24 22:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\Extensions [2011.03.24 22:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2014.01.02 18:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\irf01ocn.default\extensions [2013.11.17 10:54:19 | 000,000,000 | ---D | M] (Empty Cache Button) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\irf01ocn.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2013.11.27 11:50:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\irf01ocn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.12.13 19:55:13 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\irf01ocn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013.03.07 10:55:06 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\irf01ocn.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2013.11.05 10:30:29 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\irf01ocn.default\extensions\foxyproxy@eric.h.jung [2013.08.24 17:54:11 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\irf01ocn.default\extensions\LogMeInClient@logmein.com [2013.11.20 12:27:25 | 000,000,000 | ---D | M] (Bullguard Virus Scan) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\irf01ocn.default\extensions\virusscan@bullguard.com [2013.08.16 13:30:02 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.12.19 14:03:16 | 000,349,185 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\autopager@mozilla.org.xpi [2013.11.06 11:38:38 | 001,338,622 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\firefox@ghostery.com.xpi [2013.07.29 08:19:05 | 000,019,910 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\jsterm@paulrouget.com.xpi [2013.11.25 15:13:34 | 000,161,137 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\no-clickjacking@daohoangson.com.xpi [2013.12.19 18:35:06 | 000,062,798 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\om@offermosquito.com.xpi [2013.11.25 15:15:26 | 000,009,470 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\searchyoutube@searchyoutube.fr.xpi [2013.12.16 12:46:36 | 000,004,388 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\snt@dotlabs.co.xpi [2013.11.20 12:27:25 | 000,921,410 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\trafficlight@bitdefender.com.xpi [2013.11.20 12:24:52 | 000,158,589 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2013.11.20 12:27:25 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2014.01.02 18:50:30 | 000,535,529 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.10.10 15:33:54 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.12.13 19:57:38 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013.11.08 11:38:34 | 000,024,565 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013.07.29 08:19:37 | 000,210,138 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2013.12.26 18:05:30 | 000,002,438 | ---- | M] () -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\searchplugins\fbdownloader_search.xml [2014.01.02 12:38:05 | 000,001,488 | ---- | M] () -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\searchplugins\zonealarm.xml [2013.12.13 19:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.12.13 19:49:50 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.12.13 19:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.12.13 19:50:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-409195208-536281958-3444761892-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-409195208-536281958-3444761892-1000..\Run: [] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-409195208-536281958-3444761892-1000\..Trusted Domains: index.de ([dokumente] https in Trusted sites) O15 - HKU\S-1-5-21-409195208-536281958-3444761892-1000\..Trusted Domains: index.de ([ptnet] https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA589985-1030-4427-9416-8EDC9A7E39EE}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{ecf38bc9-2963-11e0-b7df-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ecf38bc9-2963-11e0-b7df-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.01.02 13:13:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2014.01.02 12:39:49 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Roaming\CheckPoint [2014.01.02 12:38:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check Point Software Technologies LTD [2014.01.02 12:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2013.12.30 17:37:02 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Roaming\LavasoftStatistics [2013.12.30 17:21:20 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Roaming\SecureSearch [2013.12.30 17:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2013.12.30 17:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2013.12.30 16:41:40 | 000,000,000 | ---D | C] -- C:\inetpub [2013.12.30 14:51:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\markus\Desktop\OTL.exe [2013.12.30 14:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013.12.30 14:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013.12.28 15:00:26 | 000,000,000 | ---D | C] -- C:\Windows\Migration [2013.12.26 18:04:57 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Roaming\Snz [2013.12.16 12:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.12.13 19:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.12.11 15:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.12.09 11:57:37 | 000,000,000 | ---D | C] -- C:\Users\markus\STI [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.01.05 14:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.01.05 14:47:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014.01.05 14:47:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.01.05 14:42:06 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.01.05 14:42:06 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.01.05 14:34:43 | 000,343,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.01.05 14:34:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.01.05 14:34:21 | 3018,461,184 | -HS- | M] () -- C:\hiberfil.sys [2013.12.30 18:16:43 | 000,000,402 | ---- | M] () -- C:\Users\markus\Desktop\Repair.bat [2013.12.30 16:39:21 | 001,622,236 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.12.30 16:39:21 | 000,700,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.12.30 16:39:21 | 000,654,932 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.12.30 16:39:21 | 000,149,984 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.12.30 16:39:21 | 000,122,546 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.12.30 14:51:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\markus\Desktop\OTL.exe [2013.12.30 14:27:32 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.12.30 13:06:27 | 000,018,712 | ---- | M] () -- C:\Windows\wininit.ini [2013.12.28 15:19:23 | 001,596,516 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.12.13 13:09:08 | 000,107,368 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll [2013.12.13 13:09:08 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll [2013.12.13 13:09:08 | 000,035,656 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.01.05 14:34:27 | 000,343,000 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.12.30 18:16:43 | 000,000,402 | ---- | C] () -- C:\Users\markus\Desktop\Repair.bat [2013.12.30 14:27:19 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013.06.14 20:52:49 | 000,018,712 | ---- | C] () -- C:\Windows\wininit.ini [2012.05.31 14:17:31 | 000,104,125 | ---- | C] () -- C:\ProgramData\1338470141.bdinstall.bin [2012.05.31 14:06:00 | 000,223,544 | ---- | C] () -- C:\ProgramData\1338469128.bdinstall.bin [2011.03.24 23:06:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.19 05:11:21 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.01 11:39:00 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Blackberry Desktop [2014.01.02 12:39:49 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\CheckPoint [2013.06.14 16:27:13 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2013.06.14 20:42:34 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Common [2013.07.23 21:42:47 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\DataMgr [2013.06.14 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\FBDownloader [2013.12.10 08:47:15 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\iFunbox_UserCache [2013.12.26 18:05:15 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Intermediate [2013.06.14 13:16:29 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Nokia [2013.06.14 13:15:52 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Nokia Suite [2011.03.24 21:56:33 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\OpenOffice.org [2011.04.05 17:57:25 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Participatory Culture Foundation [2013.06.14 13:15:47 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\PC Suite [2011.04.05 18:17:51 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\PCF-VLC [2013.12.30 14:38:20 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\QuickScan [2013.06.01 11:48:55 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Research In Motion [2013.11.29 09:05:45 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\SCheck [2013.12.30 17:21:20 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\SecureSearch [2013.12.26 18:05:02 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Snz [2013.12.28 14:59:07 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\SoftGrid Client [2013.06.14 20:42:38 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\SSync [2013.06.14 12:38:30 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Systweak [2011.03.24 22:02:36 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Thunderbird [2011.03.24 21:29:33 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\TP [2013.12.13 17:29:26 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Virus Scan [2011.03.27 18:44:20 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728 < End of report > Ich bitte um Hilfe, was ich tun kann. VG M. |
|
05.01.2014, 18:53
| #2 |
| /// the machine /// TB-Ausbilder    | Windows7 Firewall startet nicht Fehler 0x8007042c hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
05.01.2014, 19:54
| #3 |
| | Windows7 Firewall startet nicht Fehler 0x8007042c Hi Schrauber,
__________________hier die txt´s.... VG Markus Addition Editor:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2014
Ran by markus at 2014-01-05 19:43:24
Running from C:\Users\markus\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acer Backup Manager (x32 Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.194.1021 (x32 Version: 1.1.194.1021 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (x32 Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (x32 Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (x32 Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (x32 Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.1124.2010 - Acer Incorporated)
Acer Updater (x32 Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (x32 Version: 9.5.5 - Adobe Systems Incorporated)
Airport Mania First Flight (x32 Version: - Oberon Media)
Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden
ALPS Touch Pad Driver (Version: 7.105.2015.1111 - Alps Electric)
Amazonia (x32 Version: - Oberon Media)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (Version: 3.0.769.0 - ATI Technologies, Inc.)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
BlackBerry Desktop Software 4.2.2 (x32 Version: 4.2.2.14 - Research in Motion Ltd.)
BlackBerry Desktop Software 4.2.2 (x32 Version: 4.2.2.14 - Research in Motion Ltd.) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (Version: 14.2.4.2 - Broadcom Corporation)
Cake Mania (x32 Version: - Oberon Media)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0426.2136.36953 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help English (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help French (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help German (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0426.2136.36953 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0426.2136.36953 - ATI) Hidden
CCleaner (Version: 4.02 - Piriform)
Click to Call with Skype (x32 Version: 5.5.8013 - Skype Technologies S.A.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3216.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3216.50 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (x32 Version: - Oberon Media)
eBay Worldwide (x32 Version: 2.1.0901 - OEM)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Farm Frenzy 2 (x32 Version: - Oberon Media)
FreePDF (Remove only) (x32 Version: - )
Galapago (x32 Version: - Oberon Media)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPL Ghostscript 9.01 (x32 Version: - )
Heroes of Hellas (x32 Version: - Oberon Media)
iCloud (Version: 3.0.2.163 - Apple Inc.)
Identity Card (x32 Version: 1.00.3003 - Acer Incorporated)
iFunbox (v2.1.2228.731), iFunbox DevTeam (x32 Version: v2.1.2228.731 - )
Internet-TV für Windows Media Center (x32 Version: 4.2.2.0 - Microsoft Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (x32 Version: 4.0.14 - Acer Inc.)
LogMeIn (x32 Version: 4.1.3268 - LogMeIn, Inc.)
Merriam Websters Spell Jam (x32 Version: - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nokia Connectivity Cable Driver (x32 Version: 7.1.172.0 - Nokia)
Nokia Suite (x32 Version: 3.8.30.0 - Nokia)
Nokia Suite (x32 Version: 3.8.30.0 - Nokia) Hidden
NTI Backup Now 5 (x32 Version: 5.1.2.630 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden
NTI Media Maker 8 (x32 Version: 8.0.12.6636 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6636 - NewTech Infosystems) Hidden
OpenOffice.org 3.3 (x32 Version: 3.3.9567 - OpenOffice.org)
PC Connectivity Solution (x32 Version: 12.0.109.0 - Nokia)
Poker Pop (x32 Version: - Oberon Media)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (Version: - )
Roxio Media Manager (x32 Version: 9.1.072 - Roxio) Hidden
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype™ 6.6 (x32 Version: 6.6.106 - Skype Technologies S.A.)
Spin & Win (x32 Version: - Oberon Media)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Welcome Center (x32 Version: 1.02.3005 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0 - Nokia)
Winload Toolbar (x32 Version: 6.3.3.3 - )
WinZip 14.5 (x32 Version: 14.5.9095 - WinZip Computing, S.L. )
ZoneAlarm LTD Toolbar (Version: - Check Point Software Technologies)
ZoneAlarm Security Toolbar (x32 Version: 1.8.11.11 - Check Point Software Technologies LTD) Hidden
==================== Restore Points =========================
21-12-2013 09:06:03 Windows Update
24-12-2013 14:14:30 Windows Update
28-12-2013 13:55:14 Windows Update
28-12-2013 13:58:03 Windows Update
28-12-2013 14:16:37 Windows Update
30-12-2013 12:35:01 Removed Norton Online Backup
30-12-2013 15:41:17 Windows Modules Installer
30-12-2013 15:44:19 Windows Modules Installer
30-12-2013 16:18:59 AA11
30-12-2013 16:39:02 AA11
01-01-2014 16:18:03 Windows Update
05-01-2014 10:29:36 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {340E08DD-558B-401B-B555-B38DE3CD1D80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26] (Google Inc.)
Task: {3BD8716E-670E-4D80-9B5F-EDA821EBC0FE} - System32\Tasks\{9ACE3602-C595-489B-8EDC-22B4B069372E} => Firefox.exe Skype auf Ihren Computer herunterladen ? Mac, Windows, Linux*?*Skype
Task: {416F0B3D-3511-4CFA-8324-B23E334D7999} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5E5B4D0A-D78F-4897-99B6-AEFD1A8B4078} - System32\Tasks\{05CF5D44-ECA3-4F3F-A70F-8E2305A8A879} => C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23] (Microsoft Corporation)
Task: {5F1288A1-5F9E-40FB-BADF-B2264228387E} - System32\Tasks\{B829887B-8159-4920-BE9F-79FA7D748AF7} => C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23] (Microsoft Corporation)
Task: {69CA71CB-7B4E-4B9F-A7FC-5EB17D0F39D3} - System32\Tasks\{AA068EDA-0AF5-407C-A700-718AF4693C1C} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {6B07B94F-B430-4E07-B2D0-AD1D03AFAB94} - System32\Tasks\{E5368432-C0A3-4210-B408-1B1D83E5DAC1} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {8D12DE31-66EE-47FE-A1DD-F701EB7FE8F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {A99F73C4-7FED-45BC-BC9B-F334983975DB} - System32\Tasks\{5DDC7D02-91B6-4F66-99CE-B8920C89CE6C} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {B255DB6F-523A-454F-B3C0-80F4300978CA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {BF5F5A3A-BBD5-4F93-ACAB-BED0DC3BD0EB} - System32\Tasks\{7D3D8BFC-AB74-4C84-87E6-DED545033AEC} => C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23] (Microsoft Corporation)
Task: {BFA64F3D-ED6C-46E0-AC09-67BFFE01D23E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26] (Google Inc.)
Task: {C6070357-3E11-4CB1-9726-E2B2BB30B287} - System32\Tasks\{C91DF27C-DAE0-4599-8912-EA56AFA00740} => C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-12-13 19:49 - 2013-12-13 19:49 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-11 17:57 - 2013-12-11 17:57 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/05/2014 07:00:00 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (01/02/2014 01:13:30 PM) (Source: Microsoft-Windows-RestartManager) (User: markus-PC)
Description: Die Anwendung oder der Dienst "Install.exe" konnte nicht heruntergefahren werden.
Error: (01/02/2014 00:57:47 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error: (01/02/2014 11:26:39 AM) (Source: Application Hang) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: eac
Startzeit: 01cf07a4f23ab9e3
Endzeit: 10
Anwendungspfad: C:\Users\markus\Desktop\OTL.exe
Berichts-ID: 58caf6b2-7398-11e3-946c-206a8a2d8d1b
Error: (01/01/2014 07:43:18 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (12/30/2013 06:01:47 PM) (Source: Application Hang) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1038
Startzeit: 01cf057e8fff7b03
Endzeit: 10
Anwendungspfad: C:\Users\markus\Desktop\OTL.exe
Berichts-ID: c0142735-7173-11e3-8302-206a8a2d8d1b
Error: (12/30/2013 03:12:43 PM) (Source: Application Hang) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 710
Startzeit: 01cf05663e32b2a7
Endzeit: 10
Anwendungspfad: C:\Users\markus\Desktop\OTL.exe
Berichts-ID: 6b56c8ca-715c-11e3-b90c-206a8a2d8d1b
Error: (12/30/2013 03:11:36 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (12/30/2013 02:44:52 PM) (Source: Application Hang) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: ee0
Startzeit: 01cf0563f50a8277
Endzeit: 10
Anwendungspfad: C:\Users\markus\Desktop\OTL.exe
Berichts-ID: 8b11cd31-7158-11e3-8b8e-206a8a2d8d1b
Error: (12/30/2013 02:34:58 PM) (Source: Application Hang) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: be0
Startzeit: 01cf05633cc1a652
Endzeit: 10
Anwendungspfad: C:\Users\markus\Desktop\OTL.exe
Berichts-ID: 1609efa3-7157-11e3-8b8e-206a8a2d8d1b
System errors:
=============
Error: (01/05/2014 04:20:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Firewall" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%5
Error: (01/05/2014 04:20:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet:
%%5
Error: (01/05/2014 04:19:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%5
Error: (01/05/2014 04:19:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet:
%%5
Error: (01/05/2014 04:19:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet:
%%5
Error: (01/05/2014 04:19:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Firewall" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%5
Error: (01/05/2014 04:19:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%5
Error: (01/05/2014 04:19:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet:
%%5
Error: (01/05/2014 04:19:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet:
%%5
Error: (01/05/2014 04:19:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Firewall" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%5
Microsoft Office Sessions:
=========================
Error: (01/05/2014 07:00:00 PM) (Source: Windows Backup)(User: )
Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (01/02/2014 01:13:30 PM) (Source: Microsoft-Windows-RestartManager)(User: markus-PC)
Description: 1C:\Program Files (x86)\CheckPoint\Install\Install.exeInstall.exe0111733240
Error: (01/02/2014 00:57:47 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error: (01/02/2014 11:26:39 AM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.0eac01cf07a4f23ab9e310C:\Users\markus\Desktop\OTL.exe58caf6b2-7398-11e3-946c-206a8a2d8d1b
Error: (01/01/2014 07:43:18 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (12/30/2013 06:01:47 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.0103801cf057e8fff7b0310C:\Users\markus\Desktop\OTL.exec0142735-7173-11e3-8302-206a8a2d8d1b
Error: (12/30/2013 03:12:43 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.071001cf05663e32b2a710C:\Users\markus\Desktop\OTL.exe6b56c8ca-715c-11e3-b90c-206a8a2d8d1b
Error: (12/30/2013 03:11:36 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\markus\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe
Error: (12/30/2013 02:44:52 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.0ee001cf0563f50a827710C:\Users\markus\Desktop\OTL.exe8b11cd31-7158-11e3-8b8e-206a8a2d8d1b
Error: (12/30/2013 02:34:58 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.0be001cf05633cc1a65210C:\Users\markus\Desktop\OTL.exe1609efa3-7157-11e3-8b8e-206a8a2d8d1b
CodeIntegrity Errors:
===================================
Date: 2012-05-31 15:08:37.025
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_000_001\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 48%
Total physical RAM: 3838.17 MB
Available physical RAM: 1961 MB
Total Pagefile: 7674.52 MB
Available Pagefile: 5764.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:451.5 GB) (Free:390.5 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: DEE4DEE4)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Editor: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by markus (administrator) on MARKUS-PC on 05-01-2014 19:42:47
Running from C:\Users\markus\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [] - [x]
MountPoints2: {ecf38bc9-2963-11e0-b7df-806e6f6e6963} - D:\start.exe
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Lavasoft
URLSearchHook: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
URLSearchHook: HKCU - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2013-12-30&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2013-12-30&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default
FF user.js: detected! => C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\user.js
FF SearchEngineOrder.1: Search By ZoneAlarm
FF Homepage: https://www.google.de
FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\searchplugins\fbdownloader_search.xml
FF SearchPlugin: C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Standard - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\foxyproxy@eric.h.jung
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\LogMeInClient@logmein.com
FF Extension: Bullguard Virus Scan - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\virusscan@bullguard.com
FF Extension: Empty Cache Button - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
FF Extension: WOT - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Bitdefender QuickScan - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: FoxLingo - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF Extension: Adblock Plus Pop-up Addon - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: AutoPager - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\autopager@mozilla.org.xpi
FF Extension: Ghostery - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\jsterm@paulrouget.com.xpi
FF Extension: Clickjacking Reveal - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\no-clickjacking@daohoangson.com.xpi
FF Extension: OfferMosquito - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\om@offermosquito.com.xpi
FF Extension: Search in YouTube - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\searchyoutube@searchyoutube.fr.xpi
FF Extension: Simple New Tab - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\snt@dotlabs.co.xpi
FF Extension: TrafficLight - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\trafficlight@bitdefender.com.xpi
FF Extension: Webutation - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi
FF Extension: Malware Search - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
FF Extension: NoScript - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: BetterPrivacy - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: QuickJava - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
FF Extension: JavaScript Debugger - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
FF Extension: Click to call with Skype - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
==================== Services (Whitelisted) =================
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-12-13] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-12-13] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
==================== Drivers (Whitelisted) ====================
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2013-04-30] (LogMeIn, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [x]
U4 bdselfpr;
S3 PDNMp50; \??\C:\Windows\system32\drivers\PDNMp50.sys [x]
S3 PDNSp50; \??\C:\Windows\system32\drivers\PDNSp50.sys [x]
S3 PDNSp50a64; System32\Drivers\PDNSp50a64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-05 19:42 - 2014-01-05 19:43 - 00015703 _____ C:\Users\markus\Desktop\FRST.txt
2014-01-05 19:42 - 2014-01-05 19:42 - 00000000 ____D C:\FRST
2014-01-05 19:41 - 2014-01-05 19:41 - 01931368 _____ (Farbar) C:\Users\markus\Desktop\FRST64.exe
2014-01-05 14:41 - 2014-01-05 14:41 - 00079600 _____ C:\Users\markus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-05 14:34 - 2014-01-05 14:34 - 00343000 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-05 14:34 - 2014-01-05 14:34 - 00000056 _____ C:\Windows\setupact.log
2014-01-05 14:34 - 2014-01-05 14:34 - 00000000 _____ C:\Windows\setuperr.log
2014-01-02 12:49 - 2014-01-05 16:20 - 00147102 _____ C:\Windows\WindowsUpdate.log
2014-01-02 12:39 - 2014-01-02 12:39 - 00000000 ____D C:\Users\markus\AppData\Roaming\CheckPoint
2014-01-02 12:38 - 2014-01-02 12:38 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD
2014-01-02 12:36 - 2014-01-02 12:36 - 00000000 ____D C:\ProgramData\CheckPoint
2014-01-02 12:35 - 2014-01-02 12:36 - 02402208 _____ (Check Point Software Technologies LTD) C:\Users\markus\Downloads\zafwSetupWeb_110_000_504.exe
2013-12-31 12:02 - 2013-12-31 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\markus\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-30 18:27 - 2013-11-26 12:25 - 00230048 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MpSigStub.exe
2013-12-30 18:16 - 2013-12-30 18:16 - 00000402 _____ C:\Users\markus\Desktop\Repair.bat
2013-12-30 17:37 - 2013-12-30 17:37 - 00000000 ____D C:\Users\markus\AppData\Roaming\LavasoftStatistics
2013-12-30 17:21 - 2013-12-30 17:21 - 00000000 ____D C:\Users\markus\AppData\Roaming\SecureSearch
2013-12-30 17:20 - 2013-12-30 17:38 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-12-30 17:18 - 2013-12-30 17:18 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-30 16:41 - 2013-12-30 16:44 - 00000000 ____D C:\inetpub
2013-12-30 14:51 - 2013-12-30 14:51 - 00602112 _____ (OldTimer Tools) C:\Users\markus\Desktop\OTL.exe
2013-12-30 14:27 - 2013-12-30 14:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-30 14:27 - 2013-12-30 14:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-26 18:04 - 2013-12-26 18:05 - 00000000 ____D C:\Users\markus\AppData\Roaming\Snz
2013-12-13 19:49 - 2013-12-13 19:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-11 20:40 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 20:40 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 20:40 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 20:40 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 20:38 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 20:38 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 20:38 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 20:38 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 20:38 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 20:38 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 20:38 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 20:38 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 20:38 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 20:38 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 20:38 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 20:38 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 20:38 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 20:38 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 20:38 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 20:38 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 20:38 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 20:38 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 20:38 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 20:38 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 20:38 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 20:38 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 20:38 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 20:38 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 20:38 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 20:38 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 20:38 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 20:38 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 20:38 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 20:38 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 20:38 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 17:57 - 2013-12-11 17:57 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-11 15:39 - 2013-12-11 15:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-11 08:27 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 08:27 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 08:27 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 08:27 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 08:27 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 08:27 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 08:27 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 08:27 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 08:27 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 08:27 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 08:27 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 08:27 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 08:27 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 08:27 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 08:27 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 08:27 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 08:27 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 08:27 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 08:27 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 11:57 - 2013-12-10 11:43 - 00000000 ____D C:\Users\markus\STI
==================== One Month Modified Files and Folders =======
2014-01-05 19:43 - 2014-01-05 19:42 - 00015703 _____ C:\Users\markus\Desktop\FRST.txt
2014-01-05 19:42 - 2014-01-05 19:42 - 00000000 ____D C:\FRST
2014-01-05 19:41 - 2014-01-05 19:41 - 01931368 _____ (Farbar) C:\Users\markus\Desktop\FRST64.exe
2014-01-05 18:57 - 2013-03-07 10:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-05 18:47 - 2011-05-26 15:34 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-05 16:20 - 2014-01-02 12:49 - 00147102 _____ C:\Windows\WindowsUpdate.log
2014-01-05 14:47 - 2011-05-26 15:34 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-05 14:42 - 2009-07-14 05:45 - 00017376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 14:42 - 2009-07-14 05:45 - 00017376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-05 14:41 - 2014-01-05 14:41 - 00079600 _____ C:\Users\markus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-05 14:34 - 2014-01-05 14:34 - 00343000 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-05 14:34 - 2014-01-05 14:34 - 00000056 _____ C:\Windows\setupact.log
2014-01-05 14:34 - 2014-01-05 14:34 - 00000000 _____ C:\Windows\setuperr.log
2014-01-05 14:34 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-02 13:19 - 2011-04-17 15:22 - 00000000 ____D C:\Users\markus\Documents\Registry
2014-01-02 13:17 - 2013-11-19 13:05 - 00000000 ____D C:\Users\markus\Reg Clean UnDo
2014-01-02 12:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-02 12:39 - 2014-01-02 12:39 - 00000000 ____D C:\Users\markus\AppData\Roaming\CheckPoint
2014-01-02 12:38 - 2014-01-02 12:38 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD
2014-01-02 12:36 - 2014-01-02 12:36 - 00000000 ____D C:\ProgramData\CheckPoint
2014-01-02 12:36 - 2014-01-02 12:35 - 02402208 _____ (Check Point Software Technologies LTD) C:\Users\markus\Downloads\zafwSetupWeb_110_000_504.exe
2014-01-01 17:07 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-31 12:02 - 2013-12-31 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\markus\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-30 21:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-30 18:16 - 2013-12-30 18:16 - 00000402 _____ C:\Users\markus\Desktop\Repair.bat
2013-12-30 17:38 - 2013-12-30 17:20 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-12-30 17:37 - 2013-12-30 17:37 - 00000000 ____D C:\Users\markus\AppData\Roaming\LavasoftStatistics
2013-12-30 17:21 - 2013-12-30 17:21 - 00000000 ____D C:\Users\markus\AppData\Roaming\SecureSearch
2013-12-30 17:18 - 2013-12-30 17:18 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-30 16:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2013-12-30 16:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\inetsrv
2013-12-30 16:44 - 2013-12-30 16:41 - 00000000 ____D C:\inetpub
2013-12-30 16:39 - 2011-01-27 01:44 - 00700134 _____ C:\Windows\system32\perfh007.dat
2013-12-30 16:39 - 2011-01-27 01:44 - 00149984 _____ C:\Windows\system32\perfc007.dat
2013-12-30 16:39 - 2009-07-14 06:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-30 14:51 - 2013-12-30 14:51 - 00602112 _____ (OldTimer Tools) C:\Users\markus\Desktop\OTL.exe
2013-12-30 14:38 - 2011-04-27 10:57 - 00000000 ____D C:\Users\markus\AppData\Roaming\QuickScan
2013-12-30 14:27 - 2013-12-30 14:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-30 14:27 - 2013-12-30 14:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-30 14:27 - 2011-03-24 17:55 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-30 13:06 - 2013-06-14 20:52 - 00018712 _____ C:\Windows\wininit.ini
2013-12-28 15:19 - 2011-03-24 17:54 - 01596516 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-28 14:59 - 2011-03-24 21:29 - 00000000 ____D C:\Users\markus\AppData\Roaming\SoftGrid Client
2013-12-27 09:20 - 2013-08-24 17:40 - 00000000 ____D C:\ProgramData\LogMeIn
2013-12-26 18:05 - 2013-12-26 18:04 - 00000000 ____D C:\Users\markus\AppData\Roaming\Snz
2013-12-26 18:05 - 2013-06-14 20:42 - 00000000 ____D C:\Users\markus\AppData\Roaming\Intermediate
2013-12-16 12:48 - 2011-05-26 15:34 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-14 08:00 - 2013-08-14 07:34 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 07:52 - 2011-03-25 07:54 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 07:49 - 2012-05-02 10:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-13 19:50 - 2013-12-13 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-13 17:29 - 2013-11-20 12:27 - 00000000 ____D C:\Users\markus\AppData\Roaming\Virus Scan
2013-12-13 13:09 - 2013-08-24 17:40 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2013-12-13 13:09 - 2013-08-24 17:40 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2013-12-13 13:09 - 2013-08-24 17:40 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2013-12-13 13:09 - 2013-08-24 17:40 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2013-12-12 07:01 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-11 17:57 - 2013-12-11 17:57 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-11 17:57 - 2013-03-07 10:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 17:57 - 2013-03-07 10:45 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 17:57 - 2011-05-19 18:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 15:39 - 2013-12-11 15:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-10 11:43 - 2013-12-09 11:57 - 00000000 ____D C:\Users\markus\STI
2013-12-10 08:47 - 2013-06-19 15:27 - 00000000 ____D C:\Users\markus\AppData\Roaming\iFunbox_UserCache
2013-12-10 08:37 - 2013-06-19 21:23 - 00000000 ___RD C:\Users\markus\Desktop\WhatsApp
2013-12-09 16:26 - 2011-07-29 11:10 - 00000000 ____D C:\Users\markus\spirit21
2013-12-09 13:05 - 2011-03-30 17:48 - 00000000 ____D C:\Users\markus\AppData\Local\FreePDF_XP
2013-12-09 11:57 - 2011-03-24 16:28 - 00000000 ____D C:\Users\markus
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-30 16:00
==================== End Of Log ============================
|
|
06.01.2014, 16:31
| #4 | |
| /// the machine /// TB-Ausbilder | Windows7 Firewall startet nicht Fehler 0x8007042cCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.01.2014, 17:20
| #5 |
| | Windows7 Firewall startet nicht Fehler 0x8007042c Hi Schrauber, hier der ComboFix Log. Security Essentials kann ich nur den Echtzeitschutz deaktivieren. Müsste ich sonst deinstallieren. mein Firefox hat etwas gesponnen...?? VG Markus Combofix Logfile: Code:
ATTFilter ComboFix 14-01-04.03 - markus 06.01.2014 16:59:42.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3838.2417 [GMT 1:00]
ausgeführt von:: c:\users\markus\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\markus\Desktop\RegClean.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-06 bis 2014-01-06 ))))))))))))))))))))))))))))))
.
.
2014-01-06 16:05 . 2014-01-06 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-06 14:51 . 2013-12-03 18:28 10315576 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9FD2E0-9AD2-4FE9-B2F7-2BDE5925485A}\mpengine.dll ERROR(0x00000005)
2014-01-05 18:42 . 2014-01-05 18:42 -------- d-----w- C:\FRST
2014-01-05 10:30 . 2013-12-03 18:28 10315576 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2014-01-02 11:39 . 2014-01-02 11:39 -------- d-----w- c:\users\markus\AppData\Roaming\CheckPoint
2014-01-02 11:38 . 2014-01-02 11:38 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
2013-12-30 17:27 . 2013-11-26 11:25 230048 ------w- c:\windows\SysWow64\MpSigStub.exe
2013-12-30 16:37 . 2013-12-30 16:37 -------- d-----w- c:\users\markus\AppData\Roaming\LavasoftStatistics
2013-12-30 16:21 . 2013-12-30 16:21 -------- d-----w- c:\users\markus\AppData\Roaming\SecureSearch
2013-12-30 16:20 . 2013-12-30 16:38 -------- d-----w- c:\program files (x86)\Lavasoft
2013-12-30 15:41 . 2013-12-30 15:44 -------- d-----w- C:\inetpub
2013-12-30 13:27 . 2013-12-30 13:27 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-12-30 13:27 . 2013-12-30 13:27 -------- d-----w- c:\program files\Microsoft Security Client
2013-12-28 14:00 . 2013-12-28 14:00 -------- d-----w- c:\windows\Migration
2013-12-26 17:04 . 2013-12-26 17:05 -------- d-----w- c:\users\markus\AppData\Roaming\Snz
2013-12-11 19:40 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 19:40 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 19:40 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 19:40 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-11 19:40 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 16:57 . 2013-12-11 16:57 9293192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-12-11 14:39 . 2013-12-11 14:39 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-12-09 10:57 . 2013-12-10 10:43 -------- d-----w- c:\users\markus\STI
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-14 06:58 . 2011-03-28 07:53 893552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll ERROR(0x00000005)
2013-12-14 06:58 . 2011-03-28 07:52 42168 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll ERROR(0x00000005)
2013-12-14 06:52 . 2011-03-25 06:54 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-13 12:09 . 2013-08-24 16:40 35656 ----a-w- c:\windows\system32\LMIport.dll
2013-12-13 12:09 . 2013-08-24 16:40 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-12-13 12:09 . 2013-08-24 16:40 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-12-11 16:57 . 2013-03-07 09:45 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 16:57 . 2011-05-19 17:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-03 17:54 . 2013-12-03 17:54 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 17:54 . 2013-12-03 17:54 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-03 17:54 . 2013-12-03 17:54 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 17:54 . 2013-12-03 17:54 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-03 17:54 . 2013-12-03 17:54 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-03 17:54 . 2013-12-03 17:54 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-03 17:54 . 2013-12-03 17:54 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-03 17:54 . 2013-12-03 17:54 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-03 17:54 . 2013-12-03 17:54 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-03 17:54 . 2013-12-03 17:54 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 17:54 . 2013-12-03 17:54 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-03 17:54 . 2013-12-03 17:54 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-03 17:54 . 2013-12-03 17:54 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-03 17:54 . 2013-12-03 17:54 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-03 17:54 . 2013-12-03 17:54 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 17:54 . 2013-12-03 17:54 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-03 17:54 . 2013-12-03 17:54 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 17:54 . 2013-12-03 17:54 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 17:54 . 2013-12-03 17:54 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-03 17:54 . 2013-12-03 17:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-03 17:54 . 2013-12-03 17:54 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-03 17:54 . 2013-12-03 17:54 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-03 17:54 . 2013-12-03 17:54 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-03 17:54 . 2013-12-03 17:54 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 17:54 . 2013-12-03 17:54 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-03 17:54 . 2013-12-03 17:54 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 17:54 . 2013-12-03 17:54 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 17:54 . 2013-12-03 17:54 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-03 17:54 . 2013-12-03 17:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-03 17:54 . 2013-12-03 17:54 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-03 17:54 . 2013-12-03 17:54 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-03 17:54 . 2013-12-03 17:54 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-03 17:54 . 2013-12-03 17:54 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-03 17:54 . 2013-12-03 17:54 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-03 17:54 . 2013-12-03 17:54 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-03 17:54 . 2013-12-03 17:54 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-03 17:54 . 2013-12-03 17:54 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-03 17:54 . 2013-12-03 17:54 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-03 17:54 . 2013-12-03 17:54 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-03 17:54 . 2013-12-03 17:54 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-03 17:54 . 2013-12-03 17:54 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-03 17:54 . 2013-12-03 17:54 413696 ----a-w- c:\windows\system32\html.iec
2013-12-03 17:54 . 2013-12-03 17:54 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 17:54 . 2013-12-03 17:54 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-03 17:54 . 2013-12-03 17:54 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-03 17:54 . 2013-12-03 17:54 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-03 17:54 . 2013-12-03 17:54 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-03 17:54 . 2013-12-03 17:54 235520 ----a-w- c:\windows\system32\url.dll
2013-12-03 17:54 . 2013-12-03 17:54 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-03 17:54 . 2013-12-03 17:54 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-03 17:54 . 2013-12-03 17:54 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-03 17:54 . 2013-12-03 17:54 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-03 17:54 . 2013-12-03 17:54 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-03 17:54 . 2013-12-03 17:54 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-03 17:54 . 2013-12-03 17:54 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-03 17:54 . 2013-12-03 17:54 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-03 17:54 . 2013-12-03 17:54 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-03 17:54 . 2013-12-03 17:54 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-03 17:54 . 2013-12-03 17:54 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-28 14:24 . 2011-03-26 13:00 893552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll ERROR(0x00000005)
2013-11-28 14:24 . 2011-03-26 13:00 42776 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll ERROR(0x00000005)
2013-11-19 03:32 . 2011-03-25 20:44 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-29 11:32 . 2013-08-24 16:40 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-10-14 17:00 . 2013-12-03 17:58 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-14 07:09 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-14 07:09 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-14 07:09 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-14 07:09 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 07:09 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Winload\prxtbWin0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys;c:\windows\SYSNATIVE\drivers\PDNMp50.sys [x]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys;c:\windows\SYSNATIVE\drivers\PDNSp50.sys [x]
R3 PDNSp50a64;PDNSp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PDNSp50a64.sys;c:\windows\SYSNATIVE\Drivers\PDNSp50a64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys;c:\windows\SYSNATIVE\DRIVERS\radpms.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-07 16:57]
.
2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 14:34]
.
2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 14:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2013-04-30 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2013-12-30&ent=hp&u=75D3D5BF6019789A770C3E52C19D3F14
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: index.de\dokumente
Trusted Zone: index.de\ptnet
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de
FF - ExtSQL: 2013-11-13 17:30; snt@dotlabs.co; c:\users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\extensions\snt@dotlabs.co.xpi
FF - ExtSQL: 2013-11-20 12:24; {15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}; c:\users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi
FF - ExtSQL: 2013-11-20 12:27; {27c60876-b5c9-4335-b4f3-52b26782220c}; c:\users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
FF - ExtSQL: 2013-11-20 12:27; virusscan@bullguard.com; c:\users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\extensions\virusscan@bullguard.com
FF - ExtSQL: 2013-11-20 12:27; trafficlight@bitdefender.com; c:\users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\extensions\trafficlight@bitdefender.com.xpi
FF - ExtSQL: 2013-11-25 15:13; no-clickjacking@daohoangson.com; c:\users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\extensions\no-clickjacking@daohoangson.com.xpi
FF - ExtSQL: 2013-11-25 15:15; searchyoutube@searchyoutube.fr; c:\users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\extensions\searchyoutube@searchyoutube.fr.xpi
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=3695b274f900431f969f1c5a83e867c4&tu=10OW000Bo1B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 5eb284c5000000000000889ffaa4b342
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16072
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1112:38
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1520
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN121270779001795-1520
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&gu=3695b274f900431f969f1c5a83e867c4&tu=10OW000Bo1B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-01-06 17:12:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-01-06 16:12
.
Vor Suchlauf: 10 Verzeichnis(se), 418.592.837.632 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 418.412.605.440 Bytes frei
.
- - End Of File - - 29679A884A80099065235EB6C5B45F50
5C616939100B85E558DA92B899A0FC36 |
|
07.01.2014, 10:09
| #6 |
| /// the machine /// TB-Ausbilder | Windows7 Firewall startet nicht Fehler 0x8007042c Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows7 Firewall startet nicht Fehler 0x8007042c |
|
07.01.2014, 18:21
| #7 |
| | Windows7 Firewall startet nicht Fehler 0x8007042c Hallo Schrauber, die Firewall läuft schon wieder. Soll ich trotzdem Malwarebytes und AdwCleaner sowie JunkwareRT runterladen und starten? VG Markus Hallo Schrauber, habs mal laufen lassen MalwareBytes hat nichts gefunden.. hier der log von Adw:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 07/01/2014 um 17:52:16
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : markus - MARKUS-PC
# Gestartet von : C:\Users\markus\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Program Files (x86)\Winload
Ordner Gelöscht : C:\Users\markus\AppData\Local\Winload
Ordner Gelöscht : C:\Users\markus\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\markus\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\markus\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\markus\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\markus\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\markus\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\markus\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\markus\AppData\Roaming\fbDownloader
Ordner Gelöscht : C:\Users\markus\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\markus\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\markus\AppData\Roaming\Snz
Ordner Gelöscht : C:\Users\markus\AppData\Roaming\SSync
Ordner Gelöscht : C:\Users\markus\AppData\Roaming\Systweak
Datei Gelöscht : C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\om@offermosquito.com.xpi
Datei Gelöscht : C:\Windows\SysWOW64\conduitEngine.tmp
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\invalidprefs.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
Datei Gelöscht : C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\searchplugins\fbdownloader_search.xml
Datei Gelöscht : C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\searchplugins\zonealarm.xml
Datei Gelöscht : C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22310585-39B5-46D7-9B9A-C0D721A7071B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22310585-39B5-46D7-9B9A-C0D721A7071B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{22310585-39B5-46D7-9B9A-C0D721A7071B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92C08A61-C381-4562-B554-064DDB18F405}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80232BCF-40E7-4C57-BE13-7D32CEB50F69}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKCU\Software\OfferMosquito
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Winload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Winload
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
Zeile gelöscht : user_pref("extensions.TrafficLightSettings.ph_white", "thecrims.com\nhattrick.org\nraiffeisenonline.ro\nbrd-net.ro\ningonline.ro\nbancpost.ro\nbtrl.ro\ncrediteurope.ro\nalphabank.ro\nromexterra.ro\not[...]
*************************
AdwCleaner[R0].txt - [9809 octets] - [07/01/2014 17:51:06]
AdwCleaner[S0].txt - [8310 octets] - [07/01/2014 17:52:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8370 octets] ##########
hier der JRT log:JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by markus on 07.01.2014 at 17:59:26,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-409195208-536281958-3444761892-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{014B976C-2DF5-4CCE-93B4-13E200C2B472}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{02E84128-7B53-44BE-BACC-115EF8759B7F}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{057F65C1-A6F2-4D33-9390-FE30DB2D196B}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{0598883C-E77C-41E4-81CF-A827E2A91FF6}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{0974A6E5-237D-42BA-BF24-ADB02586F2E0}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{0B721253-7653-4CAC-92E5-F2AE9DC8CB26}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{0CD38D90-4DEC-4F10-BFA1-DB3A3351C853}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{115B9C1C-ACD9-4DAD-88C7-A28531D39B13}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{15511F2E-9830-45BE-9CAF-D4A7791EF491}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{18B1F111-853E-4717-A021-19AFD3BF6ACB}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{18EC50E7-DEA7-48D9-89E4-612F552447B3}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{1A1BAE16-D16B-4E98-A653-609FB2DEFA69}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{1D73A810-69AF-4ADC-9644-93D1E6E19909}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{213B0470-77DF-4263-99E8-1E1ED7E512B4}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{2505BD92-71BC-4F75-B91F-FFFD96FB68B0}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{29F53107-CD67-41B7-BC1E-3F750255A986}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{2EB74D3C-522B-4607-8380-3CF679442461}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{31B51356-155B-46DC-8D45-C4E0FC03E9F6}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{3F8EDBF2-F83D-4DC6-888B-38D3F768839E}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{43AC4580-36DF-45E3-8706-EDDC57B55593}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{453085CB-728F-4E2C-9065-D79CB35BC1D4}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{461566BE-E5AE-4D8C-A6BA-2760AFC641D2}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{49C03320-0869-4C48-AE08-1A0629A6B315}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{5AA306EB-DEAB-45C1-BDCB-0DEF7280A9DC}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{64C8AE53-45F0-4B2B-9B82-F047FFE03A02}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{69A33653-2E4F-4161-8B91-40D37F9234C5}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{6A67DE93-5B1B-4C5D-950C-A6FD109A31E7}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{6C74D3CA-84E6-4CDF-AD36-F84551A11BC6}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{6CC9E404-35A3-44C8-B736-7DCF689BC22C}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{6F4771C3-2AA1-4B21-BCEE-720B1A2EC57D}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{7C9901BE-EF65-43D8-B57D-7E7970810ED0}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{7EC5EC11-A8E9-4F3B-A928-C610ACEE1F20}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{7FA0C384-59C8-4762-B59F-FFF0EA755C7F}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{853E6405-301E-4CDA-A7B3-F832CDB2AC45}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{8811EEBB-D3CE-4D0D-98EE-F93AED4D76E7}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{8C705C88-AF27-4392-9634-74E7ABE5F1AD}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{9AA4E340-4A27-47CB-BDE3-04D64D2048E5}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{AC90D2CF-9382-42E8-823B-11BC9E774075}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{AE57A712-C440-45AE-B0C0-F286A5904DC4}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{B05FBA96-2D10-4FA9-8030-09CF72FC5883}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{B375D080-C918-47EF-8C4B-47E2759CB21D}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{BA03F4F2-D2EC-4473-91E6-448ABCA132E7}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{C0D6A4E6-A98F-492F-B17B-032E07A31395}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{C3A98BC8-F599-4186-AB7F-71D702C531C8}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{CA275458-3710-47F3-8EEC-85E5B5DA4668}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{D16BD769-7B79-4D4B-AC3D-FEAE9E5CFDDF}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{D68B8487-ECE8-4BBB-ADEA-441E56F4B650}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{D7B2F1A6-0E9F-4074-8C59-84E6B363AF41}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{DB3BDB79-1375-46BD-803F-810367E3B2ED}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{DCB44CCF-788B-4406-B700-5CB671664499}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{DDC80AB6-41B6-46BB-930F-AEB164FB646B}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{DF599004-86AD-4372-85B1-448CC032FA2E}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{E508A216-235A-40D8-B513-C448D4DB3329}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{E65C6553-0350-4395-A68F-37D753CBA7DC}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{EABD86B9-A33E-4D45-9401-8629690E188E}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{EC35B386-96B6-450F-A9E0-ECDFD5629278}
Successfully deleted: [Empty Folder] C:\Users\markus\appdata\local\{F8C9B1D9-E28D-410C-993E-9C3277BB942E}
~~~ FireFox
Successfully deleted the following from C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\prefs.js
user_pref("extensions.TrafficLightSettings.an", "0");
user_pref("extensions.TrafficLightSettings.date", "6 January 2014");
user_pref("extensions.TrafficLightSettings.firstTime", "3");
user_pref("extensions.TrafficLightSettings.ls_social", "1");
user_pref("extensions.TrafficLightSettings.ph_sign", "/****************************************************************************************\r\n****************************
Emptied folder: C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\minidumps [139 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.01.2014 at 18:06:59,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und FRST: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by markus (administrator) on MARKUS-PC on 07-01-2014 18:15:29
Running from C:\Users\markus\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default
FF SearchEngineOrder.1: Search By ZoneAlarm
FF Homepage: https://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Standard - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\foxyproxy@eric.h.jung
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\LogMeInClient@logmein.com
FF Extension: Bullguard Virus Scan - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\virusscan@bullguard.com
FF Extension: Empty Cache Button - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
FF Extension: WOT - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Bitdefender QuickScan - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: FoxLingo - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF Extension: Adblock Plus Pop-up Addon - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: AutoPager - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\autopager@mozilla.org.xpi
FF Extension: Ghostery - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\jsterm@paulrouget.com.xpi
FF Extension: Clickjacking Reveal - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\no-clickjacking@daohoangson.com.xpi
FF Extension: Search in YouTube - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\searchyoutube@searchyoutube.fr.xpi
FF Extension: Simple New Tab - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\snt@dotlabs.co.xpi
FF Extension: TrafficLight - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\trafficlight@bitdefender.com.xpi
FF Extension: Webutation - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi
FF Extension: Malware Search - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
FF Extension: NoScript - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: BetterPrivacy - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: QuickJava - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
FF Extension: JavaScript Debugger - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
FF Extension: Click to call with Skype - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
==================== Services (Whitelisted) =================
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-12-13] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-12-13] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
==================== Drivers (Whitelisted) ====================
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2013-04-30] (LogMeIn, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [x]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U4 bdselfpr;
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 PDNMp50; \??\C:\Windows\system32\drivers\PDNMp50.sys [x]
S3 PDNSp50; \??\C:\Windows\system32\drivers\PDNSp50.sys [x]
S3 PDNSp50a64; System32\Drivers\PDNSp50a64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-07 18:15 - 2014-01-07 18:15 - 00013740 _____ C:\Users\markus\Desktop\FRST.txt
2014-01-07 18:15 - 2014-01-07 18:15 - 00000000 ____D C:\Users\markus\Desktop\FRST-OlderVersion
2014-01-07 17:59 - 2014-01-07 17:59 - 00000000 ____D C:\Windows\ERUNT
2014-01-07 17:58 - 2014-01-07 17:58 - 01036305 _____ (Thisisu) C:\Users\markus\Desktop\JRT.exe
2014-01-07 17:50 - 2014-01-07 17:52 - 00000000 ____D C:\AdwCleaner
2014-01-07 17:50 - 2014-01-07 17:50 - 01233962 _____ C:\Users\markus\Desktop\adwcleaner.exe
2014-01-07 16:27 - 2014-01-07 16:27 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-07 16:27 - 2014-01-07 16:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-07 16:27 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-07 16:26 - 2014-01-07 16:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\markus\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-06 18:59 - 2014-01-06 18:59 - 00079600 _____ C:\Users\markus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-06 18:56 - 2014-01-07 17:53 - 00000224 _____ C:\Windows\setupact.log
2014-01-06 18:56 - 2014-01-06 18:56 - 00343000 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-06 18:56 - 2014-01-06 18:56 - 00000000 _____ C:\Windows\setuperr.log
2014-01-06 17:12 - 2014-01-06 17:12 - 00028934 _____ C:\ComboFix.txt
2014-01-06 16:57 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-06 16:57 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-06 16:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-06 16:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-06 16:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-06 16:57 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-06 16:57 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-06 16:57 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-06 16:56 - 2014-01-06 17:12 - 00000000 ____D C:\Qoobox
2014-01-06 16:55 - 2014-01-06 17:11 - 00000000 ____D C:\Windows\erdnt
2014-01-06 16:54 - 2014-01-06 16:54 - 05160001 ____R (Swearware) C:\Users\markus\Desktop\ComboFix.exe
2014-01-05 19:42 - 2014-01-07 18:15 - 00000000 ____D C:\FRST
2014-01-05 19:41 - 2014-01-07 18:15 - 01931762 _____ (Farbar) C:\Users\markus\Desktop\FRST64.exe
2014-01-02 12:49 - 2014-01-07 18:05 - 00265456 _____ C:\Windows\WindowsUpdate.log
2014-01-02 12:39 - 2014-01-02 12:39 - 00000000 ____D C:\Users\markus\AppData\Roaming\CheckPoint
2014-01-02 12:38 - 2014-01-02 12:38 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD
2014-01-02 12:36 - 2014-01-02 12:36 - 00000000 ____D C:\ProgramData\CheckPoint
2014-01-02 12:35 - 2014-01-02 12:36 - 02402208 _____ (Check Point Software Technologies LTD) C:\Users\markus\Downloads\zafwSetupWeb_110_000_504.exe
2013-12-31 12:02 - 2013-12-31 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\markus\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-30 18:27 - 2013-11-26 12:25 - 00230048 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MpSigStub.exe
2013-12-30 17:37 - 2013-12-30 17:37 - 00000000 ____D C:\Users\markus\AppData\Roaming\LavasoftStatistics
2013-12-30 17:21 - 2013-12-30 17:21 - 00000000 ____D C:\Users\markus\AppData\Roaming\SecureSearch
2013-12-30 17:20 - 2013-12-30 17:38 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-12-30 17:18 - 2013-12-30 17:18 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-30 16:41 - 2013-12-30 16:44 - 00000000 ____D C:\inetpub
2013-12-30 14:27 - 2013-12-30 14:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-30 14:27 - 2013-12-30 14:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-13 19:49 - 2013-12-13 19:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-11 20:40 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 20:40 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 20:40 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 20:40 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 20:38 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 20:38 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 20:38 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 20:38 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 20:38 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 20:38 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 20:38 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 20:38 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 20:38 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 20:38 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 20:38 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 20:38 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 20:38 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 20:38 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 20:38 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 20:38 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 20:38 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 20:38 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 20:38 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 20:38 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 20:38 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 20:38 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 20:38 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 20:38 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 20:38 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 20:38 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 20:38 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 20:38 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 20:38 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 20:38 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 20:38 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 17:57 - 2013-12-11 17:57 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-11 15:39 - 2013-12-11 15:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-11 08:27 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 08:27 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 08:27 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 08:27 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 08:27 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 08:27 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 08:27 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 08:27 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 08:27 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 08:27 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 08:27 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 08:27 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 08:27 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 08:27 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 08:27 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 08:27 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 08:27 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 08:27 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 08:27 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 11:57 - 2013-12-10 11:43 - 00000000 ____D C:\Users\markus\STI
==================== One Month Modified Files and Folders =======
2014-01-07 18:15 - 2014-01-07 18:15 - 00013740 _____ C:\Users\markus\Desktop\FRST.txt
2014-01-07 18:15 - 2014-01-07 18:15 - 00000000 ____D C:\Users\markus\Desktop\FRST-OlderVersion
2014-01-07 18:15 - 2014-01-05 19:42 - 00000000 ____D C:\FRST
2014-01-07 18:15 - 2014-01-05 19:41 - 01931762 _____ (Farbar) C:\Users\markus\Desktop\FRST64.exe
2014-01-07 18:10 - 2011-04-27 10:57 - 00000000 ____D C:\Users\markus\AppData\Roaming\QuickScan
2014-01-07 18:05 - 2014-01-02 12:49 - 00265456 _____ C:\Windows\WindowsUpdate.log
2014-01-07 18:00 - 2009-07-14 05:45 - 00017376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-07 18:00 - 2009-07-14 05:45 - 00017376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-07 17:59 - 2014-01-07 17:59 - 00000000 ____D C:\Windows\ERUNT
2014-01-07 17:58 - 2014-01-07 17:58 - 01036305 _____ (Thisisu) C:\Users\markus\Desktop\JRT.exe
2014-01-07 17:57 - 2013-03-07 10:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-07 17:53 - 2014-01-06 18:56 - 00000224 _____ C:\Windows\setupact.log
2014-01-07 17:53 - 2011-05-26 15:34 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-07 17:53 - 2011-03-24 17:16 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2014-01-07 17:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-07 17:52 - 2014-01-07 17:50 - 00000000 ____D C:\AdwCleaner
2014-01-07 17:52 - 2014-01-02 12:39 - 00000000 ____D C:\Users\markus\AppData\Roaming\CheckPoint
2014-01-07 17:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2014-01-07 17:50 - 2014-01-07 17:50 - 01233962 _____ C:\Users\markus\Desktop\adwcleaner.exe
2014-01-07 17:47 - 2011-05-26 15:34 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-07 16:27 - 2014-01-07 16:27 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-07 16:27 - 2014-01-07 16:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-07 16:26 - 2014-01-07 16:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\markus\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-06 18:59 - 2014-01-06 18:59 - 00079600 _____ C:\Users\markus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-06 18:56 - 2014-01-06 18:56 - 00343000 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-06 18:56 - 2014-01-06 18:56 - 00000000 _____ C:\Windows\setuperr.log
2014-01-06 18:53 - 2013-11-20 12:27 - 00000000 ____D C:\Users\markus\AppData\Roaming\Virus Scan
2014-01-06 17:12 - 2014-01-06 17:12 - 00028934 _____ C:\ComboFix.txt
2014-01-06 17:12 - 2014-01-06 16:56 - 00000000 ____D C:\Qoobox
2014-01-06 17:12 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-06 17:11 - 2014-01-06 16:55 - 00000000 ____D C:\Windows\erdnt
2014-01-06 17:07 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-06 16:54 - 2014-01-06 16:54 - 05160001 ____R (Swearware) C:\Users\markus\Desktop\ComboFix.exe
2014-01-02 13:19 - 2011-04-17 15:22 - 00000000 ____D C:\Users\markus\Documents\Registry
2014-01-02 13:17 - 2013-11-19 13:05 - 00000000 ____D C:\Users\markus\Reg Clean UnDo
2014-01-02 12:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-02 12:38 - 2014-01-02 12:38 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD
2014-01-02 12:36 - 2014-01-02 12:36 - 00000000 ____D C:\ProgramData\CheckPoint
2014-01-02 12:36 - 2014-01-02 12:35 - 02402208 _____ (Check Point Software Technologies LTD) C:\Users\markus\Downloads\zafwSetupWeb_110_000_504.exe
2014-01-01 17:07 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-31 12:02 - 2013-12-31 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\markus\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-30 21:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-30 17:38 - 2013-12-30 17:20 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-12-30 17:37 - 2013-12-30 17:37 - 00000000 ____D C:\Users\markus\AppData\Roaming\LavasoftStatistics
2013-12-30 17:21 - 2013-12-30 17:21 - 00000000 ____D C:\Users\markus\AppData\Roaming\SecureSearch
2013-12-30 17:18 - 2013-12-30 17:18 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-30 16:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2013-12-30 16:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\inetsrv
2013-12-30 16:44 - 2013-12-30 16:41 - 00000000 ____D C:\inetpub
2013-12-30 16:39 - 2011-01-27 01:44 - 00700134 _____ C:\Windows\system32\perfh007.dat
2013-12-30 16:39 - 2011-01-27 01:44 - 00149984 _____ C:\Windows\system32\perfc007.dat
2013-12-30 16:39 - 2009-07-14 06:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-30 14:27 - 2013-12-30 14:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-30 14:27 - 2013-12-30 14:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-30 14:27 - 2011-03-24 17:55 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-30 13:06 - 2013-06-14 20:52 - 00018712 _____ C:\Windows\wininit.ini
2013-12-28 15:19 - 2011-03-24 17:54 - 01596516 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-28 14:59 - 2011-03-24 21:29 - 00000000 ____D C:\Users\markus\AppData\Roaming\SoftGrid Client
2013-12-27 09:20 - 2013-08-24 17:40 - 00000000 ____D C:\ProgramData\LogMeIn
2013-12-16 12:48 - 2011-05-26 15:34 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-14 08:00 - 2013-08-14 07:34 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 07:52 - 2011-03-25 07:54 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 07:49 - 2012-05-02 10:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-13 19:50 - 2013-12-13 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-13 13:09 - 2013-08-24 17:40 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2013-12-13 13:09 - 2013-08-24 17:40 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2013-12-13 13:09 - 2013-08-24 17:40 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2013-12-13 13:09 - 2013-08-24 17:40 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2013-12-12 07:01 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-11 17:57 - 2013-12-11 17:57 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-11 17:57 - 2013-03-07 10:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 17:57 - 2013-03-07 10:45 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 17:57 - 2011-05-19 18:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 15:39 - 2013-12-11 15:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-10 11:43 - 2013-12-09 11:57 - 00000000 ____D C:\Users\markus\STI
2013-12-10 08:47 - 2013-06-19 15:27 - 00000000 ____D C:\Users\markus\AppData\Roaming\iFunbox_UserCache
2013-12-10 08:37 - 2013-06-19 21:23 - 00000000 ___RD C:\Users\markus\Desktop\WhatsApp
2013-12-09 16:26 - 2011-07-29 11:10 - 00000000 ____D C:\Users\markus\spirit21
2013-12-09 13:05 - 2011-03-30 17:48 - 00000000 ____D C:\Users\markus\AppData\Local\FreePDF_XP
2013-12-09 11:57 - 2011-03-24 16:28 - 00000000 ____D C:\Users\markus
Some content of TEMP:
====================
C:\Users\markus\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-30 16:00
==================== End Of Log ============================
--- --- --- --- --- --- Hallo Schrauber, eine Frage noch: ich benutze regelmässig CCleaner, reicht das aus?? VG Markus |
|
08.01.2014, 09:35
| #8 |
| /// the machine /// TB-Ausbilder | Windows7 Firewall startet nicht Fehler 0x8007042cESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.01.2014, 09:52
| #9 |
| | Windows7 Firewall startet nicht Fehler 0x8007042c Hallo Schrauber, es läuft doch schon alles.... muss ich die Prozeduren noch ausführen? VG Markus |
|
08.01.2014, 14:41
| #10 |
| /// the machine /// TB-Ausbilder | Windows7 Firewall startet nicht Fehler 0x8007042c Das sind Kontrollscans auf Reste sowie ein Sicherheitscheck deiner installierten Software.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.01.2014, 17:38
| #11 |
| | Windows7 Firewall startet nicht Fehler 0x8007042c ok, war alles sauber :-) kannst Du mir noch einen Tip geben ob ich mit CCleaner gut fahre oder gibt es was anderes zum säubern? MalWare Scan habe ich auch keinen, nur MSEssentials als Virenscanner. Was empfiehlst Du da?? Vielen Dank!!!!!!!!!!!!!!!!!!!! und viele Grüße Markus FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014
Ran by markus (administrator) on MARKUS-PC on 08-01-2014 17:31:48
Running from C:\Users\markus\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default
FF SearchEngineOrder.1: Search By ZoneAlarm
FF Homepage: https://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Standard - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\foxyproxy@eric.h.jung
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\LogMeInClient@logmein.com
FF Extension: Bullguard Virus Scan - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\virusscan@bullguard.com
FF Extension: Empty Cache Button - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
FF Extension: WOT - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Bitdefender QuickScan - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: FoxLingo - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF Extension: Adblock Plus Pop-up Addon - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: AutoPager - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\autopager@mozilla.org.xpi
FF Extension: Ghostery - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\jsterm@paulrouget.com.xpi
FF Extension: Clickjacking Reveal - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\no-clickjacking@daohoangson.com.xpi
FF Extension: Search in YouTube - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\searchyoutube@searchyoutube.fr.xpi
FF Extension: Simple New Tab - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\snt@dotlabs.co.xpi
FF Extension: TrafficLight - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\trafficlight@bitdefender.com.xpi
FF Extension: Webutation - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi
FF Extension: Malware Search - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
FF Extension: NoScript - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: BetterPrivacy - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: QuickJava - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
FF Extension: JavaScript Debugger - C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\irf01ocn.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
FF Extension: Click to call with Skype - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
==================== Services (Whitelisted) =================
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-12-13] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-12-13] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
==================== Drivers (Whitelisted) ====================
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2013-04-30] (LogMeIn, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [x]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U4 bdselfpr;
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 PDNMp50; \??\C:\Windows\system32\drivers\PDNMp50.sys [x]
S3 PDNSp50; \??\C:\Windows\system32\drivers\PDNSp50.sys [x]
S3 PDNSp50a64; System32\Drivers\PDNSp50a64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-08 17:31 - 2014-01-08 17:31 - 00987410 _____ C:\Users\markus\Desktop\SecurityCheck.exe
2014-01-08 17:31 - 2014-01-08 17:31 - 00013082 _____ C:\Users\markus\Desktop\FRST.txt
2014-01-08 17:30 - 2014-01-08 17:30 - 01932624 _____ (Farbar) C:\Users\markus\Desktop\FRST64.exe
2014-01-08 17:30 - 2014-01-08 17:30 - 00079600 _____ C:\Users\markus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-08 17:04 - 2014-01-08 17:04 - 00343000 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-08 17:04 - 2014-01-08 17:04 - 00000056 _____ C:\Windows\setupact.log
2014-01-08 17:04 - 2014-01-08 17:04 - 00000000 _____ C:\Windows\setuperr.log
2014-01-08 16:46 - 2014-01-08 17:03 - 00011388 _____ C:\Windows\WindowsUpdate.log
2014-01-08 14:14 - 2014-01-08 14:15 - 02347384 _____ (ESET) C:\Users\markus\Downloads\esetsmartinstaller_enu.exe
2014-01-07 17:59 - 2014-01-07 17:59 - 00000000 ____D C:\Windows\ERUNT
2014-01-07 17:50 - 2014-01-07 17:52 - 00000000 ____D C:\AdwCleaner
2014-01-07 16:26 - 2014-01-07 16:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\markus\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-06 17:12 - 2014-01-06 17:12 - 00028934 _____ C:\ComboFix.txt
2014-01-06 16:57 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-06 16:57 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-06 16:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-06 16:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-06 16:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-06 16:57 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-06 16:57 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-06 16:57 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-06 16:56 - 2014-01-06 17:12 - 00000000 ____D C:\Qoobox
2014-01-06 16:55 - 2014-01-06 17:11 - 00000000 ____D C:\Windows\erdnt
2014-01-05 19:42 - 2014-01-07 18:15 - 00000000 ____D C:\FRST
2014-01-02 12:39 - 2014-01-07 17:52 - 00000000 ____D C:\Users\markus\AppData\Roaming\CheckPoint
2014-01-02 12:38 - 2014-01-02 12:38 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD
2014-01-02 12:36 - 2014-01-02 12:36 - 00000000 ____D C:\ProgramData\CheckPoint
2014-01-02 12:35 - 2014-01-02 12:36 - 02402208 _____ (Check Point Software Technologies LTD) C:\Users\markus\Downloads\zafwSetupWeb_110_000_504.exe
2013-12-31 12:02 - 2013-12-31 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\markus\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-30 18:27 - 2013-11-26 12:25 - 00230048 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MpSigStub.exe
2013-12-30 17:37 - 2013-12-30 17:37 - 00000000 ____D C:\Users\markus\AppData\Roaming\LavasoftStatistics
2013-12-30 17:21 - 2013-12-30 17:21 - 00000000 ____D C:\Users\markus\AppData\Roaming\SecureSearch
2013-12-30 17:20 - 2013-12-30 17:38 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-12-30 17:18 - 2013-12-30 17:18 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-30 16:41 - 2013-12-30 16:44 - 00000000 ____D C:\inetpub
2013-12-30 14:27 - 2013-12-30 14:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-30 14:27 - 2013-12-30 14:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-13 19:49 - 2013-12-13 19:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-11 20:40 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 20:40 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 20:40 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 20:40 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 20:38 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 20:38 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 20:38 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 20:38 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 20:38 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 20:38 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 20:38 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 20:38 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 20:38 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 20:38 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 20:38 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 20:38 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 20:38 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 20:38 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 20:38 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 20:38 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 20:38 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 20:38 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 20:38 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 20:38 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 20:38 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 20:38 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 20:38 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 20:38 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 20:38 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 20:38 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 20:38 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 20:38 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 20:38 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 20:38 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 20:38 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 17:57 - 2013-12-11 17:57 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-11 15:39 - 2013-12-11 15:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-11 08:27 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 08:27 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 08:27 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 08:27 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 08:27 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 08:27 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 08:27 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 08:27 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 08:27 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 08:27 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 08:27 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 08:27 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 08:27 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 08:27 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 08:27 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 08:27 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 08:27 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 08:27 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 08:27 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 11:57 - 2013-12-10 11:43 - 00000000 ____D C:\Users\markus\STI
==================== One Month Modified Files and Folders =======
2014-01-08 17:32 - 2014-01-08 17:31 - 00013082 _____ C:\Users\markus\Desktop\FRST.txt
2014-01-08 17:31 - 2014-01-08 17:31 - 00987410 _____ C:\Users\markus\Desktop\SecurityCheck.exe
2014-01-08 17:30 - 2014-01-08 17:30 - 01932624 _____ (Farbar) C:\Users\markus\Desktop\FRST64.exe
2014-01-08 17:30 - 2014-01-08 17:30 - 00079600 _____ C:\Users\markus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-08 17:11 - 2009-07-14 05:45 - 00017376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-08 17:11 - 2009-07-14 05:45 - 00017376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-08 17:07 - 2014-01-08 16:46 - 00011388 _____ C:\Windows\WindowsUpdate.log
2014-01-08 17:06 - 2011-05-26 15:34 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-08 17:04 - 2014-01-08 17:04 - 00343000 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-08 17:04 - 2014-01-08 17:04 - 00000056 _____ C:\Windows\setupact.log
2014-01-08 17:04 - 2014-01-08 17:04 - 00000000 _____ C:\Windows\setuperr.log
2014-01-08 17:04 - 2011-03-24 17:16 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2014-01-08 17:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-08 17:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2014-01-08 16:57 - 2013-03-07 10:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-08 16:47 - 2011-05-26 15:34 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-08 14:15 - 2014-01-08 14:14 - 02347384 _____ (ESET) C:\Users\markus\Downloads\esetsmartinstaller_enu.exe
2014-01-07 19:01 - 2013-06-19 21:23 - 00000000 ___RD C:\Users\markus\Desktop\WhatsApp
2014-01-07 18:56 - 2011-03-25 17:32 - 00000000 ___RD C:\Users\markus\Desktop\Microsoft Office Starter
2014-01-07 18:15 - 2014-01-05 19:42 - 00000000 ____D C:\FRST
2014-01-07 18:10 - 2011-04-27 10:57 - 00000000 ____D C:\Users\markus\AppData\Roaming\QuickScan
2014-01-07 17:59 - 2014-01-07 17:59 - 00000000 ____D C:\Windows\ERUNT
2014-01-07 17:52 - 2014-01-07 17:50 - 00000000 ____D C:\AdwCleaner
2014-01-07 17:52 - 2014-01-02 12:39 - 00000000 ____D C:\Users\markus\AppData\Roaming\CheckPoint
2014-01-07 17:52 - 2013-06-14 20:42 - 00000000 ____D C:\Users\markus\AppData\Roaming\Common
2014-01-07 16:26 - 2014-01-07 16:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\markus\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-06 18:53 - 2013-11-20 12:27 - 00000000 ____D C:\Users\markus\AppData\Roaming\Virus Scan
2014-01-06 17:12 - 2014-01-06 17:12 - 00028934 _____ C:\ComboFix.txt
2014-01-06 17:12 - 2014-01-06 16:56 - 00000000 ____D C:\Qoobox
2014-01-06 17:12 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-06 17:11 - 2014-01-06 16:55 - 00000000 ____D C:\Windows\erdnt
2014-01-06 17:07 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-02 13:19 - 2011-04-17 15:22 - 00000000 ____D C:\Users\markus\Documents\Registry
2014-01-02 13:17 - 2013-11-19 13:05 - 00000000 ____D C:\Users\markus\Reg Clean UnDo
2014-01-02 12:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-02 12:38 - 2014-01-02 12:38 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD
2014-01-02 12:36 - 2014-01-02 12:36 - 00000000 ____D C:\ProgramData\CheckPoint
2014-01-02 12:36 - 2014-01-02 12:35 - 02402208 _____ (Check Point Software Technologies LTD) C:\Users\markus\Downloads\zafwSetupWeb_110_000_504.exe
2014-01-01 17:07 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-31 12:02 - 2013-12-31 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\markus\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-30 21:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-30 17:38 - 2013-12-30 17:20 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-12-30 17:37 - 2013-12-30 17:37 - 00000000 ____D C:\Users\markus\AppData\Roaming\LavasoftStatistics
2013-12-30 17:21 - 2013-12-30 17:21 - 00000000 ____D C:\Users\markus\AppData\Roaming\SecureSearch
2013-12-30 17:18 - 2013-12-30 17:18 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-30 16:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2013-12-30 16:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\inetsrv
2013-12-30 16:44 - 2013-12-30 16:41 - 00000000 ____D C:\inetpub
2013-12-30 16:39 - 2011-01-27 01:44 - 00700134 _____ C:\Windows\system32\perfh007.dat
2013-12-30 16:39 - 2011-01-27 01:44 - 00149984 _____ C:\Windows\system32\perfc007.dat
2013-12-30 16:39 - 2009-07-14 06:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-30 14:27 - 2013-12-30 14:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-30 14:27 - 2013-12-30 14:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-30 14:27 - 2011-03-24 17:55 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-30 13:06 - 2013-06-14 20:52 - 00018712 _____ C:\Windows\wininit.ini
2013-12-28 15:19 - 2011-03-24 17:54 - 01596516 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-28 14:59 - 2011-03-24 21:29 - 00000000 ____D C:\Users\markus\AppData\Roaming\SoftGrid Client
2013-12-27 09:20 - 2013-08-24 17:40 - 00000000 ____D C:\ProgramData\LogMeIn
2013-12-16 12:48 - 2011-05-26 15:34 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-14 08:00 - 2013-08-14 07:34 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 07:52 - 2011-03-25 07:54 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 07:49 - 2012-05-02 10:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-13 19:50 - 2013-12-13 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-13 13:09 - 2013-08-24 17:40 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2013-12-13 13:09 - 2013-08-24 17:40 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2013-12-13 13:09 - 2013-08-24 17:40 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2013-12-13 13:09 - 2013-08-24 17:40 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2013-12-12 07:01 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-11 17:57 - 2013-12-11 17:57 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-11 17:57 - 2013-03-07 10:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 17:57 - 2013-03-07 10:45 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 17:57 - 2011-05-19 18:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 15:39 - 2013-12-11 15:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-10 11:43 - 2013-12-09 11:57 - 00000000 ____D C:\Users\markus\STI
2013-12-10 08:47 - 2013-06-19 15:27 - 00000000 ____D C:\Users\markus\AppData\Roaming\iFunbox_UserCache
2013-12-09 16:26 - 2011-07-29 11:10 - 00000000 ____D C:\Users\markus\spirit21
2013-12-09 13:05 - 2011-03-30 17:48 - 00000000 ____D C:\Users\markus\AppData\Local\FreePDF_XP
2013-12-09 11:57 - 2011-03-24 16:28 - 00000000 ____D C:\Users\markus
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-30 16:00
==================== End Of Log ============================
--- --- --- --- --- --- Results of screen317's Security Check version 0.99.78 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 11.9.900.170 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (26.0) Mozilla Thunderbird (24.2.0) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
09.01.2014, 12:14
| #12 |
| /// the machine /// TB-Ausbilder | Windows7 Firewall startet nicht Fehler 0x8007042c Adobe updaten. Ccleaner kannste behalten, aber Finger weg von der Registry, nur Temps leeren. Ich empfehle immer Emsisoft. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows7 Firewall startet nicht Fehler 0x8007042c |
| 0x8007042, autorun, basisfiltermodul, bho, ebay, error, fehler, flash player, format, google, home, homepage, iexplore.exe, install.exe, launch, logfile, microsoft office starter 2010, mozilla, realtek, registry, remote access, rundll, scan, security, server, software, svchost.exe, tcp, udp, usb, windows |
Linear-Darstellung
