![]() |
|
Log-Analyse und Auswertung: Windows7 Firewall startet nicht Fehler 0x8007042cWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Windows7 Firewall startet nicht Fehler 0x8007042c hier mein mit otl erstellter Log: Extra.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.01.2014 14:42:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\markus\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 73,78% Memory free 7,49 Gb Paging File | 6,47 Gb Available in Paging File | 86,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,50 Gb Total Space | 390,65 Gb Free Space | 86,52% Space Free | Partition Type: NTFS Computer Name: MARKUS-PC | User Name: markus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-409195208-536281958-3444761892-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{014A321C-07F4-4D26-9AD3-255D674F4B3B}" = rport=10243 | protocol=6 | dir=out | app=system | "{08A194BD-44AF-41AD-81C7-30F5251EBAF4}" = rport=138 | protocol=17 | dir=out | app=system | "{08CBBFF3-B3ED-4764-A3DC-737150313DA0}" = lport=137 | protocol=17 | dir=in | app=system | "{239C6E3C-C5A0-42E7-9CF4-12112501FC0C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{2DEE8875-3067-434B-96DA-07D4A12C674D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{39D7BA02-6822-4F9F-96DD-B47300265EE2}" = lport=138 | protocol=17 | dir=in | app=system | "{5DBF8D5C-7A4F-44B8-B56C-D9AADFA5F911}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{61145437-73B1-46C7-A19A-ED4E7C731EE1}" = rport=139 | protocol=6 | dir=out | app=system | "{6AB72650-D8D4-42FD-B93F-389448E2C71F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6C12688C-538B-41A1-91A0-5E8E6205E79F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{74E2BA39-9FE7-4300-BA8A-B016DD35DA49}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{88B35772-0656-48F8-BF30-6E74F1FB09CD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9069F421-E9C8-4A9A-B406-340B6BEE59DA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{98F7328A-50EE-4F98-B612-D4DF94B7125B}" = lport=10243 | protocol=6 | dir=in | app=system | "{A08B6DAE-595A-424A-8548-DF4AD78D7C98}" = rport=137 | protocol=17 | dir=out | app=system | "{ACA5AEBE-855D-4AF3-AF35-8C692C2B6813}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B3096F3B-A19F-4EF0-9AD5-3C77BEB3DE31}" = lport=139 | protocol=6 | dir=in | app=system | "{C0C618F6-4F10-4F36-B7C8-81980B41342C}" = lport=2869 | protocol=6 | dir=in | app=system | "{C413E094-4102-4650-BB5C-C69FF162B0B4}" = rport=445 | protocol=6 | dir=out | app=system | "{CFC5D13E-9738-4F0C-9E7D-127C6DFD1E18}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D5D6F25D-6EFE-4AA3-BC4E-220134A30518}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DC249FFC-FF32-4F46-A225-B7596DD6A919}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EEEACE50-F37C-40BD-B88D-C81E18624C4C}" = lport=445 | protocol=6 | dir=in | app=system | "{F633C12D-BCE2-4160-BB77-747622404A8E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F7DFBB39-9E52-46E8-9152-EFC59271D26D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03B4FF3B-DE4B-4442-831F-DA0338A5EC5D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{04EDF99A-88C7-4F93-A5D9-FB5C18E8B693}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{05ED3503-6472-4693-A008-6A207909D655}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{10CFE27F-AE18-454F-B2B8-80E622C5DA17}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1A514028-67F2-423E-8C37-F3F7D4E627BF}" = protocol=6 | dir=out | app=system | "{1C38475D-E579-42D7-8AF8-378D271CDC1D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1EDAD215-77EA-4414-A9F0-A84F1C9AE351}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{25972B66-BBAA-4534-BF1A-DB16B9CC58DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{291CDE7A-0133-4B21-AA7C-2522563B55C3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{37CD209A-06D6-439A-B6BC-841403D33E0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{37E0AAA4-3B8D-4761-B725-CE5710B5A16B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{62B04ABF-31B7-4EE8-926B-6FFEDA0DD5A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7385E925-B4DA-4286-A495-79139FD8ADA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9E010A9E-B921-4503-B579-F2B165F848D1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A3B54C86-7AE3-45A0-B6D3-81AB1265AD77}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{A952A1B6-C9EA-4529-B69A-EDF2900874E8}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{B497D1F8-79CE-4882-82E5-FD0BE47B0C6C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B6C85C55-61C1-4805-B14F-B1C5B68B2270}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C2161DE4-1067-40F2-B6CF-B9A8D461A976}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C3C6E4DE-9D48-4807-8AA9-7B91FC2C2687}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C69BB884-3AF3-424D-8418-5B8B098D82A4}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{D0FAAD36-4E12-4161-9DD1-6E6A8CFECA20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D25E6C4B-793A-4BF4-80F9-5F9ADB17DEAE}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{DB5D0AFA-D2C1-4BFB-BEA1-F0019FC5BD53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DE78E6BA-1A5E-4C53-89D5-0C01B0B5EDE2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E045763D-D69F-4155-9157-7495478F6E4B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{F27D3E0F-E448-41FF-B30E-7AB3EF66BC9D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FE4F859D-1C64-48D5-9A00-CC4DA00CEEB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{3345AAB1-E31E-4DBB-B257-FE87BC136726}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{5997C0FC-D927-4F38-A680-EEF7998C9E18}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst "{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit) "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch) "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A0158415-15CA-B2A0-928D-E755DD506C0D}" = ATI Catalyst Install Manager "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{AD136254-E6F2-EAE8-7E36-9D65E13B0A7E}" = ccc-utility64 "{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU) "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client "{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud "62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) "CCleaner" = CCleaner "Microsoft Security Client" = Microsoft Security Essentials "Redirection Port Monitor" = RedMon - Redirection Port Monitor "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01A1F857-F5C6-0842-333A-FA7806FAF70A}" = CCC Help Danish "{038EBE9A-2AD4-9B6D-C7FB-377FF5112C16}" = CCC Help Swedish "{08840099-3121-798D-88BB-76C5087890AF}" = CCC Help Czech "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C808377-8C23-44ED-9016-05F42E6D4900}" = Nokia Suite "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1D7E84F5-7AA3-CD1F-3EA1-975313E9293A}" = CCC Help Portuguese "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1ED4CA4A-2ABA-9302-D7F3-A0597294828B}" = Catalyst Control Center Graphics Light "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{22037905-EB4C-3427-DD8C-6ABBBE306B0D}" = CCC Help Polish "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{284B8BD0-0046-288F-79E3-160F17D18904}" = CCC Help Spanish "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{29373274-977E-413C-A4DE-DC0F8E80C429}" = Nokia Connectivity Cable Driver "{2B33E393-D2DE-E00C-95A2-96AB49FC2DBB}" = CCC Help Norwegian "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37E6B486-08A4-3383-29BB-BD0591BD0E9D}" = Catalyst Control Center Core Implementation "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{401F4EB7-FDF4-1B7A-54F6-5EE7CF0C0F8F}" = CCC Help Chinese Standard "{427DB714-23EF-6CBC-4DD1-015674AF8AB7}" = CCC Help Finnish "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4493F494-3E4D-E35C-BF37-1EF22539DCE3}" = CCC Help Korean "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6 "{573EC8CA-E2FD-B1F7-4DAB-671AD39888A7}" = CCC Help Japanese "{5869CFDE-54D8-D3F1-A8F5-4FCA8A910BFB}" = Catalyst Control Center Graphics Previews Common "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{5B5CF192-F4BB-A213-CE03-7C8FB7A5E3E2}" = Catalyst Control Center Graphics Full New "{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager "{679A43C5-1A03-CF8F-B73E-C4A095C2687D}" = CCC Help French "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{7B037B61-22B4-C382-DCD9-05DB38D1149D}" = CCC Help Italian "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{81E6A85A-EF55-F1F4-3CBB-BE01F03CE3F3}" = CCC Help Hungarian "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D705770-8266-3A59-3AD8-6E666EC4CF77}" = CCC Help Thai "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B449C1A-4F64-4ED4-8C96-31B222E8377F}" = BlackBerry Desktop Software 4.2.2 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E0FC21F-1DC1-0B4C-E8E0-74420102C75B}" = CCC Help Chinese Traditional "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A479E320-40DB-BDA6-6CEB-A08C9DEDE80C}" = ccc-core-static "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B1B7FDAA-9DC3-2408-18B2-9B4CB8CF0F80}" = CCC Help German "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype "{BCFDADA0-04B1-6335-6362-BB854A216C23}" = CCC Help Russian "{C214A856-F569-0065-714F-8D2A4A092C6C}" = CCC Help Turkish "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C9413C02-2978-BC8B-D67C-6FF88ADBD1A3}" = CCC Help English "{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A}" = LogMeIn "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0485C2A-6BED-4E6A-8517-A1ED3F990AB2}" = Catalyst Control Center Graphics Full Existing "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.194.1021 "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D78667E4-E8EB-2B30-5029-29B9C3367B85}" = CCC Help Dutch "{DB17E288-610C-45DC-E160-E7EB09A1FA88}" = Catalyst Control Center Localization All "{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E45E3860-CDA5-93DF-8DAA-9AC4E556BF11}" = CCC Help Greek "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F623B2D2-9070-FF31-F47A-287802544F71}" = Catalyst Control Center InstallProxy "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "BlackBerry_{9B449C1A-4F64-4ED4-8C96-31B222E8377F}" = BlackBerry Desktop Software 4.2.2 "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 9.01" = GPL Ghostscript 9.01 "Identity Card" = Identity Card "iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader "LManager" = Launch Manager "Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de) "Mozilla Thunderbird 24.2.0 (x86 de)" = Mozilla Thunderbird 24.2.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nokia Suite" = Nokia Suite "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "WinLiveSuite" = Windows Live Essentials "Winload Toolbar" = Winload Toolbar "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.03.2013 03:06:52 | Computer Name = markus-PC | Source = Windows Search Service | ID = 7040 Description = Error - 13.03.2013 03:06:52 | Computer Name = markus-PC | Source = Windows Search Service | ID = 7042 Description = Error - 13.03.2013 03:06:52 | Computer Name = markus-PC | Source = Windows Search Service | ID = 9002 Description = Error - 13.03.2013 03:06:52 | Computer Name = markus-PC | Source = Windows Search Service | ID = 3029 Description = Error - 13.03.2013 03:06:52 | Computer Name = markus-PC | Source = Windows Search Service | ID = 3029 Description = Error - 13.03.2013 03:06:52 | Computer Name = markus-PC | Source = Windows Search Service | ID = 3028 Description = Error - 13.03.2013 03:06:52 | Computer Name = markus-PC | Source = Windows Search Service | ID = 3058 Description = Error - 13.03.2013 03:06:52 | Computer Name = markus-PC | Source = Windows Search Service | ID = 7010 Description = Error - 13.03.2013 05:53:09 | Computer Name = markus-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 18.03.2013 09:36:28 | Computer Name = markus-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814, Zeitstempel: 0x5138a1d3 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814, Zeitstempel: 0x5138a0ed Ausnahmecode: 0xc0000005 Fehleroffset: 0x00172818 ID des fehlerhaften Prozesses: 0xad4 Startzeit der fehlerhaften Anwendung: 0x01ce23ad925ed302 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung: d568e9ac-8fd0-11e2-9e00-206a8a2d8d1b [ Media Center Events ] Error - 03.06.2011 02:50:10 | Computer Name = markus-PC | Source = MCUpdate | ID = 0 Description = 08:50:10 - Fehler beim Herstellen der Internetverbindung. 08:50:10 - Serververbindung konnte nicht hergestellt werden.. Error - 03.06.2011 02:50:26 | Computer Name = markus-PC | Source = MCUpdate | ID = 0 Description = 08:50:16 - Fehler beim Herstellen der Internetverbindung. 08:50:16 - Serververbindung konnte nicht hergestellt werden.. Error - 04.06.2011 03:05:14 | Computer Name = markus-PC | Source = MCUpdate | ID = 0 Description = 09:05:13 - Fehler beim Herstellen der Internetverbindung. 09:05:13 - Serververbindung konnte nicht hergestellt werden.. Error - 04.06.2011 03:05:25 | Computer Name = markus-PC | Source = MCUpdate | ID = 0 Description = 09:05:19 - Fehler beim Herstellen der Internetverbindung. 09:05:19 - Serververbindung konnte nicht hergestellt werden.. Error - 04.06.2011 04:05:33 | Computer Name = markus-PC | Source = MCUpdate | ID = 0 Description = 10:05:32 - Fehler beim Herstellen der Internetverbindung. 10:05:32 - Serververbindung konnte nicht hergestellt werden.. Error - 04.06.2011 04:05:39 | Computer Name = markus-PC | Source = MCUpdate | ID = 0 Description = 10:05:38 - Fehler beim Herstellen der Internetverbindung. 10:05:38 - Serververbindung konnte nicht hergestellt werden.. Error - 02.12.2013 22:15:50 | Computer Name = markus-PC | Source = MCUpdate | ID = 0 Description = 03:15:45 - Fehler beim Herstellen der Internetverbindung. 03:15:45 - Serververbindung konnte nicht hergestellt werden.. Error - 02.12.2013 23:16:16 | Computer Name = markus-PC | Source = MCUpdate | ID = 0 Description = 04:16:15 - Fehler beim Herstellen der Internetverbindung. 04:16:15 - Serververbindung konnte nicht hergestellt werden.. Error - 03.12.2013 00:16:22 | Computer Name = markus-PC | Source = MCUpdate | ID = 0 Description = 05:16:21 - Fehler beim Herstellen der Internetverbindung. 05:16:21 - Serververbindung konnte nicht hergestellt werden.. Error - 03.12.2013 01:16:27 | Computer Name = markus-PC | Source = MCUpdate | ID = 0 Description = 06:16:26 - Fehler beim Herstellen der Internetverbindung. 06:16:26 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 05.01.2014 09:41:07 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. Error - 05.01.2014 09:41:17 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet: %%5 Error - 05.01.2014 09:41:17 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Windows-Firewall" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%5 Error - 05.01.2014 09:41:34 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet: %%5 Error - 05.01.2014 09:41:36 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet: %%5 Error - 05.01.2014 09:41:36 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "IPsec-Richtlinien-Agent" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%5 Error - 05.01.2014 09:41:36 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet: %%5 Error - 05.01.2014 09:41:36 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Windows-Firewall" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%5 Error - 05.01.2014 09:41:37 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet: %%5 Error - 05.01.2014 09:41:37 | Computer Name = markus-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%5 < End of report > OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.01.2014 14:42:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\markus\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 73,78% Memory free 7,49 Gb Paging File | 6,47 Gb Available in Paging File | 86,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,50 Gb Total Space | 390,65 Gb Free Space | 86,52% Space Free | Partition Type: NTFS Computer Name: MARKUS-PC | User Name: markus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.12.30 14:51:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\markus\Desktop\OTL.exe PRC - [2013.06.26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2013.06.26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.08.11 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2013.01.28 12:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 12:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.11.26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2010.04.27 07:49:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.12.13 19:50:17 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.12.13 13:09:13 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint) SRV - [2013.12.13 13:09:08 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2013.12.11 17:57:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.10.23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.10.23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013.06.26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2013.06.26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2013.06.21 08:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.04.30 09:57:00 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn) SRV - [2013.04.18 10:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.11 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.06.11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.12.13 13:09:08 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV:64bit: - [2013.09.27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2013.08.29 02:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2013.06.26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2013.06.26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2013.06.26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2013.06.26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2013.04.30 09:57:00 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV:64bit: - [2013.04.30 09:56:42 | 000,014,944 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\radpms.sys -- (radpms) DRV:64bit: - [2013.04.30 09:56:42 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr) DRV:64bit: - [2013.01.23 09:31:52 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2013.01.23 09:31:52 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2013.01.23 09:31:52 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2013.01.23 09:31:52 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2013.01.23 09:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2013.01.23 09:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.12.13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.10.17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.06.08 04:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2010.06.04 12:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.04.28 23:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.28 23:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.04.27 13:56:34 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.04.27 07:17:26 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.04.08 13:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.03.27 05:43:58 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.08.24 02:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2007.05.14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2007.03.23 02:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2007.01.18 14:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV - [2013.04.30 09:57:00 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys -- (LMIInfo) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-409195208-536281958-3444761892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-409195208-536281958-3444761892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2013-12-30&ent=hp&u=75D3D5BF6019789A770C3E52C19D3F14 IE - HKU\S-1-5-21-409195208-536281958-3444761892-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-409195208-536281958-3444761892-1000\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKU\S-1-5-21-409195208-536281958-3444761892-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2013-12-30&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} IE - HKU\S-1-5-21-409195208-536281958-3444761892-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms} IE - HKU\S-1-5-21-409195208-536281958-3444761892-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-409195208-536281958-3444761892-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "https://www.google.de" FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1 FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2.3 FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1024 FF - prefs.js..extensions.enabledAddons: searchyoutube%40searchyoutube.fr:1.0 FF - prefs.js..extensions.enabledAddons: trafficlight%40bitdefender.com:0.2.16 FF - prefs.js..extensions.enabledAddons: virusscan%40bullguard.com:1.0.3 FF - prefs.js..extensions.enabledAddons: %7B27c60876-b5c9-4335-b4f3-52b26782220c%7D:0.9.4 FF - prefs.js..extensions.enabledAddons: %7B4cc4a13b-94a6-7568-370d-5f9de54a9c7f%7D:2.5 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118 FF - prefs.js..extensions.enabledAddons: %7Bef62e1ce-d2a4-4cdd-b7ec-92b120366b66%7D:2.7.8 FF - prefs.js..extensions.enabledAddons: %7Bf13b157f-b174-47e7-a34d-4815ddfdfeb8%7D:0.9.89 FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: autopager%40mozilla.org:0.8.0.10 FF - prefs.js..extensions.enabledAddons: snt%40dotlabs.co:1.0 FF - prefs.js..extensions.enabledAddons: om%40offermosquito.com:1.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - prefs.js..keyword.URL: "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=" FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.13 19:49:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.12.11 15:39:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.13 19:49:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.12.11 15:39:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.03.24 22:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\Extensions [2011.03.24 22:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2014.01.02 18:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\irf01ocn.default\extensions [2013.11.17 10:54:19 | 000,000,000 | ---D | M] (Empty Cache Button) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\irf01ocn.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2013.11.27 11:50:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\irf01ocn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.12.13 19:55:13 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\irf01ocn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013.03.07 10:55:06 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\irf01ocn.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2013.11.05 10:30:29 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\irf01ocn.default\extensions\foxyproxy@eric.h.jung [2013.08.24 17:54:11 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\irf01ocn.default\extensions\LogMeInClient@logmein.com [2013.11.20 12:27:25 | 000,000,000 | ---D | M] (Bullguard Virus Scan) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\irf01ocn.default\extensions\virusscan@bullguard.com [2013.08.16 13:30:02 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.12.19 14:03:16 | 000,349,185 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\autopager@mozilla.org.xpi [2013.11.06 11:38:38 | 001,338,622 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\firefox@ghostery.com.xpi [2013.07.29 08:19:05 | 000,019,910 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\jsterm@paulrouget.com.xpi [2013.11.25 15:13:34 | 000,161,137 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\no-clickjacking@daohoangson.com.xpi [2013.12.19 18:35:06 | 000,062,798 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\om@offermosquito.com.xpi [2013.11.25 15:15:26 | 000,009,470 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\searchyoutube@searchyoutube.fr.xpi [2013.12.16 12:46:36 | 000,004,388 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\snt@dotlabs.co.xpi [2013.11.20 12:27:25 | 000,921,410 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\trafficlight@bitdefender.com.xpi [2013.11.20 12:24:52 | 000,158,589 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2013.11.20 12:27:25 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2014.01.02 18:50:30 | 000,535,529 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.10.10 15:33:54 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.12.13 19:57:38 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013.11.08 11:38:34 | 000,024,565 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013.07.29 08:19:37 | 000,210,138 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2013.12.26 18:05:30 | 000,002,438 | ---- | M] () -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\searchplugins\fbdownloader_search.xml [2014.01.02 12:38:05 | 000,001,488 | ---- | M] () -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\irf01ocn.default\searchplugins\zonealarm.xml [2013.12.13 19:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.12.13 19:49:50 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.12.13 19:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.12.13 19:50:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-409195208-536281958-3444761892-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-409195208-536281958-3444761892-1000..\Run: [] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-409195208-536281958-3444761892-1000\..Trusted Domains: index.de ([dokumente] https in Trusted sites) O15 - HKU\S-1-5-21-409195208-536281958-3444761892-1000\..Trusted Domains: index.de ([ptnet] https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA589985-1030-4427-9416-8EDC9A7E39EE}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{ecf38bc9-2963-11e0-b7df-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ecf38bc9-2963-11e0-b7df-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.01.02 13:13:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2014.01.02 12:39:49 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Roaming\CheckPoint [2014.01.02 12:38:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check Point Software Technologies LTD [2014.01.02 12:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2013.12.30 17:37:02 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Roaming\LavasoftStatistics [2013.12.30 17:21:20 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Roaming\SecureSearch [2013.12.30 17:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2013.12.30 17:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2013.12.30 16:41:40 | 000,000,000 | ---D | C] -- C:\inetpub [2013.12.30 14:51:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\markus\Desktop\OTL.exe [2013.12.30 14:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013.12.30 14:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013.12.28 15:00:26 | 000,000,000 | ---D | C] -- C:\Windows\Migration [2013.12.26 18:04:57 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Roaming\Snz [2013.12.16 12:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.12.13 19:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.12.11 15:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.12.09 11:57:37 | 000,000,000 | ---D | C] -- C:\Users\markus\STI [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.01.05 14:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.01.05 14:47:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014.01.05 14:47:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.01.05 14:42:06 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.01.05 14:42:06 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.01.05 14:34:43 | 000,343,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.01.05 14:34:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.01.05 14:34:21 | 3018,461,184 | -HS- | M] () -- C:\hiberfil.sys [2013.12.30 18:16:43 | 000,000,402 | ---- | M] () -- C:\Users\markus\Desktop\Repair.bat [2013.12.30 16:39:21 | 001,622,236 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.12.30 16:39:21 | 000,700,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.12.30 16:39:21 | 000,654,932 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.12.30 16:39:21 | 000,149,984 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.12.30 16:39:21 | 000,122,546 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.12.30 14:51:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\markus\Desktop\OTL.exe [2013.12.30 14:27:32 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.12.30 13:06:27 | 000,018,712 | ---- | M] () -- C:\Windows\wininit.ini [2013.12.28 15:19:23 | 001,596,516 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.12.13 13:09:08 | 000,107,368 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll [2013.12.13 13:09:08 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll [2013.12.13 13:09:08 | 000,035,656 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.01.05 14:34:27 | 000,343,000 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.12.30 18:16:43 | 000,000,402 | ---- | C] () -- C:\Users\markus\Desktop\Repair.bat [2013.12.30 14:27:19 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013.06.14 20:52:49 | 000,018,712 | ---- | C] () -- C:\Windows\wininit.ini [2012.05.31 14:17:31 | 000,104,125 | ---- | C] () -- C:\ProgramData\1338470141.bdinstall.bin [2012.05.31 14:06:00 | 000,223,544 | ---- | C] () -- C:\ProgramData\1338469128.bdinstall.bin [2011.03.24 23:06:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.19 05:11:21 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.01 11:39:00 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Blackberry Desktop [2014.01.02 12:39:49 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\CheckPoint [2013.06.14 16:27:13 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2013.06.14 20:42:34 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Common [2013.07.23 21:42:47 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\DataMgr [2013.06.14 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\FBDownloader [2013.12.10 08:47:15 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\iFunbox_UserCache [2013.12.26 18:05:15 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Intermediate [2013.06.14 13:16:29 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Nokia [2013.06.14 13:15:52 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Nokia Suite [2011.03.24 21:56:33 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\OpenOffice.org [2011.04.05 17:57:25 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Participatory Culture Foundation [2013.06.14 13:15:47 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\PC Suite [2011.04.05 18:17:51 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\PCF-VLC [2013.12.30 14:38:20 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\QuickScan [2013.06.01 11:48:55 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Research In Motion [2013.11.29 09:05:45 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\SCheck [2013.12.30 17:21:20 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\SecureSearch [2013.12.26 18:05:02 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Snz [2013.12.28 14:59:07 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\SoftGrid Client [2013.06.14 20:42:38 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\SSync [2013.06.14 12:38:30 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Systweak [2011.03.24 22:02:36 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Thunderbird [2011.03.24 21:29:33 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\TP [2013.12.13 17:29:26 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Virus Scan [2011.03.27 18:44:20 | 000,000,000 | ---D | M] -- C:\Users\markus\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728 < End of report > Ich bitte um Hilfe, was ich tun kann. VG M. |
Themen zu Windows7 Firewall startet nicht Fehler 0x8007042c |
0x8007042, autorun, basisfiltermodul, bho, ebay, error, fehler, flash player, format, google, home, homepage, iexplore.exe, install.exe, launch, logfile, microsoft office starter 2010, mozilla, realtek, registry, remote access, rundll, scan, security, server, software, svchost.exe, tcp, udp, usb, windows |