| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Webseiten werden auf Werbung umgeleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.05.2014, 12:27
| #5 |
 |  Windows 7: Webseiten werden auf Werbung umgeleitet Hallo Matthias, hier die entsprechenden Logfiles: ADW-Cleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.207 - Bericht erstellt am 11/05/2014 um 12:19:14
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Admin-***** - USER-PC
# Gestartet von : C:\Users\Admin-*****\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : SystemStoreService
[#] Dienst Gelöscht : vosr
Dienst Gelöscht : wStLibG64
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\PriceMeterLiveUpdate
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Windows\SysWOW64\AI_RecycleBin
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\VOPackage
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\Tasks\AppCloudUpdater.job
Datei Gelöscht : C:\Windows\System32\Tasks\AppCloudUpdater
Datei Gelöscht : C:\Windows\System32\Tasks\Freemium1ClickMaint
Datei Gelöscht : C:\Windows\Tasks\MySearchDial.job
Datei Gelöscht : C:\Windows\System32\Tasks\MySearchDial
Datei Gelöscht : C:\Windows\System32\Tasks\pricemeterdownloader
Datei Gelöscht : C:\Windows\System32\Tasks\pricemetertask
Datei Gelöscht : C:\Windows\System32\Tasks\pricemeterwatcher
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater Ui
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLivid.torrent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424446}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\SoftwareUpdater
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\mysearchdial
Schlüssel Gelöscht : HKLM\Software\PerformerSoft
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC6E9B2A-A7E6-4B17-8A6C-29D519673E12}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [6946 octets] - [11/05/2014 12:17:42]
AdwCleaner[S0].txt - [6409 octets] - [11/05/2014 12:19:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6469 octets] ##########
JUnkware Removal Tool: JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Admin-***** on 11.05.2014 at 12:27:37,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricemeterd_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricemeterd_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricemeterd_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricemeterd_RASMANCS
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\user.js
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.05.2014 at 12:32:08,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 11.05.2014 Suchlauf-Zeit: 12:51:45 Logdatei: 140511_1253_MBAM_ber.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.11.03 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Admin-***** Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 346355 Verstrichene Zeit: 10 Min, 14 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) hier weitere Logfiles: zoek: Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Admin-***** on 11.05.2014 at 12:58:28,42.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Admin-*****\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
11.05.2014 12:59:25 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\ADMIN-~1\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\prefs.js:
Added to C:\Users\ADMIN-~1\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\prefs.js:
Added to C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\ADMIN-~1\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default
user.js not found
---- Lines a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926 removed from prefs.js ----
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.a16eede4812e94c79bd54c82622138533630d8a3473af4e0
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.a16eede4812e94c79bd54c82622138533630d8a3473af4e0
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.active", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.addressbar", "NA");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.addressbarenhanced", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncdb.was_copied", "true");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncdb_dbWasSet", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncinternaldb.was_copied", "true");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncinternaldb_dbWasSet", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.backgroundver", 1);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.certdomaininstaller", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.changeprevious", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.cookie.InstallationTime.value", "%221396531389%2
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.description", "We give superior shopping experie
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.domain", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.enablesearch", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.homepage", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.iframe", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.InstallationThankYouPage", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.InstallationTime", 1396531389);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.__defualt_browser__.value", "%22ch%22
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_appVer.value", "28");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_lastVersion.value", "2");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_nextCheck.expiration", "Fri
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.lastDailyReport", "1399647318133");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.lastUpdate", "1399647317331");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.manifesturl", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.name", "SmartSaver+ 8");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.newtab", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.opensearch", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.pluginsurl", "hxxp://js.clientdemostack.com/plug
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.pluginsversion", 22);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.publisher", "smart-saverplus");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.searchstatus", 0);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.setnewtab", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.thankyou", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.updateinterval", 360);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.ver", 28);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.apps", "48926");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.bic", "145922b46fdfd4de0464c893ff7c4608");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.cid", 48926);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.FilesValidatorDueTime", "1399647376590");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.firstrun", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.hadappinstalled", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.installationdate", 1399647317);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.modetype", "production");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.reportInstall", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.statsDailyCounter", 1);
---- FireFox user.js and prefs.js backups ----
prefs__1306_.backup
ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ktiq9js.default
user.js not found
---- Lines a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926 removed from prefs.js ----
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.a16eede4812e94c79bd54c82622138533630d8a3473af4e0
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.a16eede4812e94c79bd54c82622138533630d8a3473af4e0
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.active", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.addressbar", "NA");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.addressbarenhanced", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncdb.was_copied", "true");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncdb_dbWasSet", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncinternaldb.was_copied", "true");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncinternaldb_dbWasSet", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.backgroundver", 1);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.certdomaininstaller", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.changeprevious", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.cookie.InstallationTime.value", "%221396531389%2
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.description", "We give superior shopping experie
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.domain", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.enablesearch", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.homepage", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.iframe", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.InstallationThankYouPage", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.InstallationTime", 1396531389);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.__defualt_browser__.value", "%22ch%22
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledUrls.value
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_appVer.value", "27");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_lastVersion.value", "2");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_nextCheck.expiration", "Thu
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_remote_resources.expiration
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.lastDailyReport", "1398937313883");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.lastUpdate", "1398937349248");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.manifesturl", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.name", "SmartSaver+ 8");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.newtab", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.opensearch", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.pluginsversion", 21);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.publisher", "smart-saverplus");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.searchstatus", 0);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.setnewtab", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.thankyou", "");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.updateinterval", 360);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.ver", 27);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.apps", "48926");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.bic", "1459e36ccd5389c0926e01dab602d867");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.cid", 48926);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.FilesValidatorDueTime", "1398937373242");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.firstrun", false);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.hadappinstalled", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.installationdate", 1398518763);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.modetype", "production");
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.reportInstall", true);
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.statsDailyCounter", 2);
---- FireFox user.js and prefs.js backups ----
prefs__1306_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Covus Freemium deleted
C:\PROGRA~3\Package Cache deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"otis@digitalpersona.com"="C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt" [02.05.2012 15:37]
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[03.03.2014 10:53]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== shortcuts on Users Desktops ======================
C:\Users\Admin-*****\Desktop\000_INSTALL - Verknüpfung.lnk -
C:\Users\Admin-*****\Desktop\Scratch Live.lnk - C:\Program Files (x86)\Serato\ScratchLIVE\ScratchLive.exe
C:\Users\Gast\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Hp\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\User\Desktop\Scratch Live 2.5.0\asio_installer - Verknüpfung.lnk -
C:\Users\User\Desktop\Scratch Live 2.5.0\driver_updater - Verknüpfung.lnk -
C:\Users\User\Desktop\Scratch Live 2.5.0\remove_all_drivers - Verknüpfung.lnk -
C:\Users\User\Desktop\Scratch Live 2.5.0\ScratchLive - Verknüpfung.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Acronis*True*Image*Home 11.0.lnk -
C:\Users\Public\Desktop\Avira.lnk - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\Users\Public\Desktop\HP Connection Manager.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe -FromDesktop
C:\Users\Public\Desktop\HP Software Setup.lnk - C:\swsetup\appinstl\hpsoftwaresetup.exe
C:\Users\Public\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato\Scratch LIVE\Install ASIO Drivers.lnk - C:\Program Files (x86)\Serato\asio_installer.bat
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato\Scratch LIVE\Scratch Live.lnk - C:\Program Files (x86)\Serato\ScratchLIVE\ScratchLive.exe
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato\Scratch LIVE\Uninstall.lnk - C:\Windows\SysWOW64\msiexec.exe /x{EA21EB55-073F-4CF5-A964-0412E755955A}
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato\Scratch LIVE\Update Drivers.lnk - C:\Program Files (x86)\Serato\driver_updater.bat -noasio
C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis*True*Image*Home\Acronis*True*Image*Home.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis*True*Image*Home\Rescue Media Builder.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus Hilfe.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avwin.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus starten.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira im Internet.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\My Avira\Avira.lnk - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm
==== shortcuts in Quick Launch ======================
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Admin-*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://istart.webssearches.com/?type=sc&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://istart.webssearches.com/?type=sc&ts=1396206522&from=tugs&uid=SAMSUNGXMMCRE28G5MXP-0VBH1_YC01A51012SY012A4532
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer (2).lnk - C:\Windows\explorer.exe
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player (2).lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ScratchLive - Verknüpfung.lnk -
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
==== shortcuts After Repair ======================
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin-*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin-*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\0ktiq9js.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== Reset WMI ======================
Die folgenden Dienste h„ngen vom Dienst Windows-Verwaltungsinstrumentation ab.
Das Beenden des Dienstes Windows-Verwaltungsinstrumentation beendet auch diese Dienste.
Sicherheitscenter
IP-Hilfsdienst
Intel(R) Rapid Storage Technology
HP Power Assistant Service
Avira Service Host
Sicherheitscenter wird beendet.
Sicherheitscenter wurde erfolgreich beendet.
IP-Hilfsdienst wird beendet.
IP-Hilfsdienst wurde erfolgreich beendet.
Intel(R) Rapid Storage Technology wird beendet.
Intel(R) Rapid Storage Technology wurde erfolgreich beendet.
HP Power Assistant Service wurde erfolgreich beendet.
Avira Service Host wird beendet.
Avira Service Host wurde erfolgreich beendet.
Windows-Verwaltungsinstrumentation wird beendet.
Windows-Verwaltungsinstrumentation wurde erfolgreich beendet.
C:\Windows\system32\wbem\repository renamed to repository.old
C:\Windows\syswow64\wbem\repository renamed to repository.old
==== C:\zoek_backup content ======================
C:\zoek_backup (files=16 folders=7 5012733 bytes)
==== Empty Temp Folders ======================
C:\Users\Admin-*****\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gast\AppData\Local\Temp emptied successfully
C:\Users\Hp\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\ADMIN-~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on 11.05.2014 at 13:09:39,61 ======================
Code:
ATTFilter
LastRegBack: 2014-05-09 08:04
==================== End Of Log ============================
FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2014 01
Ran by Admin-***** at 2014-05-11 13:15:37
Running from C:\Users\Admin-*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acronis*True*Image*Home (HKLM-x32\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8064 - Acronis)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{41042E28-CCA1-4147-869F-9E928B38F04C}) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.16.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.16.0 - Alcor Micro Corp.) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{D5526B83-25C4-88A8-A984-98F871DA1415}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{f470942e-6237-4c78-ba45-7e9b17a95709}) (Version: 1.1.11.32360 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.11.32360 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0206.1335.24298 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help English (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help French (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help German (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
ccc-utility64 (Version: 2011.0206.1335.24298 - ATI) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Embedded Security for HP ProtectTools (HKLM\...\{87821717-5688-4AE6-887A-6B11571D0CD7}) (Version: 6.0.100.2572 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Client Automation Agent Preload (HKLM-x32\...\{52B18ABC-AD5F-4C3C-B391-04F57B380449}) (Version: 7.5 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Mobile Broadband Drivers (HKLM-x32\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 6.3.3.3 - Ericsson AB)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 6.00.888 - Hewlett-Packard Company) Hidden
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.25.0 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
HQVid8.1 (HKLM-x32\...\HQVid8.1) (Version: 1.34.3.28 - High-QualityV9) <==== ATTENTION
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.20.00 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.56.1 - JMicron Technology Corp.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.57 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
Rane SL 4 (ver. 1.0.1f4) (HKLM\...\RaneAsioSL4_is1) (Version: - Rane Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Scratch Live 2.5.0 (11) (HKLM-x32\...\{EA21EB55-073F-4CF5-A964-0412E755955A}) (Version: 2.5.0 - Serato Inc LP)
SDK (x32 Version: 2.24.025 - Portrait Displays, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
==================== Restore Points =========================
11-05-2014 10:59:20 zoek.exe restore point
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-05-11 12:59 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1BC22A45-F2A8-4EC0-AC70-2C35A54E4CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {1D4FE741-660B-4181-A426-46ED0AA15869} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2013-01-09] (Hewlett-Packard)
Task: {22A065E0-AF10-4381-AC16-3C282751EBDE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {28F1AAE3-F8EE-4535-A31D-AB053F5F4160} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-04-22] (Microsoft)
Task: {351B6D0A-1F23-45F3-B67D-DA31D5B2A5F7} - \Freemium1ClickMaint No Task File <==== ATTENTION
Task: {461B3278-D291-4145-AC48-736CBC027E5A} - \pricemetertask No Task File <==== ATTENTION
Task: {4FA62DF8-9D65-4D8E-A714-2CCE6D3F3A95} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {50CCEF51-92A2-4ADC-AEA4-5525FD59A58A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {59822E90-B4D5-4FB3-951B-F6C986C7B3B2} - System32\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6} => C:\Program Files\V-bates\PrefHelper.exe
Task: {5FBFA157-E3E2-47B8-BCB0-8D5077B9974A} - \pricemeterwatcher No Task File <==== ATTENTION
Task: {7882B8C7-28A6-4837-83C3-BC1F6826A8DA} - \MySearchDial No Task File <==== ATTENTION
Task: {798496F1-23F1-4B3E-9353-4B32AD0C79A8} - \AppCloudUpdater No Task File <==== ATTENTION
Task: {860AE3E8-F2DB-4589-B7A4-FCB0EB171FBB} - \Software Updater No Task File <==== ATTENTION
Task: {9DC2B816-2301-4175-BE94-3B85A2E8A195} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {B1815EC6-14FB-4624-87D8-5A350CAA44F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-03] (Adobe Systems Incorporated)
Task: {D9C29D9B-34AF-4FE0-AB52-17B8FF42999E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E118032A-D576-4A50-A416-D76DED81F3D4} - \Software Updater Ui No Task File <==== ATTENTION
Task: {E285CBD6-5A6D-4E9B-80FE-4F161265D318} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {F5154549-3FBE-40C3-A9A3-021B6EE81AEC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FCDAFE7E-38F2-44E9-BEBD-EFC0CAB5E099} - \pricemeterdownloader No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6}.job => C:\Program Files\V-bates\PrefHelper.exe
==================== Loaded Modules (whitelisted) =============
2011-01-31 20:54 - 2011-01-31 20:54 - 00107008 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-02-09 13:04 - 2011-02-09 13:04 - 02905600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-12-07 07:17 - 2010-12-07 07:17 - 00204112 _____ () C:\Windows\system32\PassThroughOTP.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\Windows\system32\LIBEAY32.dll
2011-02-09 12:28 - 2011-02-09 12:28 - 01318912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2007-12-03 11:26 - 2007-12-03 11:26 - 00498792 _____ () C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2011-02-09 12:51 - 2011-02-09 12:51 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2011-01-27 03:14 - 2011-01-27 03:14 - 00036408 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll
2012-05-02 15:35 - 2011-01-27 02:34 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2011-01-27 03:13 - 2011-01-27 03:13 - 00080440 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2011-01-27 03:13 - 2011-01-27 03:13 - 00047160 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2010-06-24 11:21 - 2010-06-24 11:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-04-24 07:20 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-02-09 12:48 - 2011-02-09 12:48 - 02637824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-02-09 12:27 - 2011-02-09 12:27 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-02-09 12:51 - 2011-02-09 12:51 - 02650112 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-02-09 12:29 - 2011-02-09 12:29 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-02-09 12:30 - 2011-02-09 12:30 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2012-05-02 15:10 - 2010-02-17 20:20 - 00065576 ____R () C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
2014-04-15 19:00 - 2014-04-15 19:00 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-04-15 18:59 - 2014-04-15 18:59 - 00064592 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2007-12-03 10:58 - 2007-12-03 10:58 - 01336600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
2014-05-11 13:09 - 2014-04-15 18:59 - 00049744 _____ () C:\Users\Admin-*****\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-04-04 18:38 - 2014-04-04 18:38 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2012-05-02 15:08 - 2011-01-13 03:56 - 00058880 ____R () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-06-24 11:19 - 2010-06-24 11:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
==================== Faulty Device Manager Devices =============
Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "0816" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "013" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "010" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "00C" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "00A" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "006" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "001" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "0816" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "013" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "010" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
System errors:
=============
Error: (05/11/2014 01:09:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/11/2014 01:09:17 PM) (Source: Application Popup) (User: ) (EventID: 875)
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (05/11/2014 01:06:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 01:06:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 01:06:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 01:06:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 01:06:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 00:36:08 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/11/2014 00:36:08 PM) (Source: Application Popup) (User: ) (EventID: 875)
Description: Treiber atksgt.sys konnte nicht geladen werden.
Microsoft Office Sessions:
=========================
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 08168020000002D010000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0138020000002D010000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0108020000002D010000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 00C8020000002D010000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 00A8020000002D010000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0068020000002D010000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0018020000002D010000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0816120200000000000000AF000000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 013120200000000000000AF000000
Error: (05/11/2014 01:13:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 010120200000000000000AF000000
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 4046.36 MB
Available physical RAM: 1751.31 MB
Total Pagefile: 8090.9 MB
Available Pagefile: 5327.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:115.23 GB) (Free:78.84 GB) NTFS
Drive d: (HP_TOOLS) (Fixed) (Total:9.99 GB) (Free:9.99 GB) FAT32
Drive e: (MUSIK) (Fixed) (Total:113.14 GB) (Free:2.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: B71EBFEC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=115 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=113 GB) - (Type=05)
Partition 4: (Not Active) - (Size=10 GB) - (Type=0C)
==================== End Of Log ============================
|
Baum-Darstellung