| |
| |||||||
Log-Analyse und Auswertung: Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.06.2013, 12:56
| #1 |
 |  Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? Bei einem routinemäßigen Backup meines Laptops mit Windows-Backup habe ich eine Fehlermeldung über ein nicht ordnungsgemäß abgeschlossenes Backup erhalten (das war vor 8 Tagen; war jetzt 1 Woche verreist und der Computer war nicht in Verwendung). Nach einiger Suche habe ich im Internet einen Hinweis gefunden, dass die Ursache möglicherweise Schadsoftware sein könnte. Habe daraufhin einen vollständigen Scan (mache sonst meist nur Quick-Scans) mit MSE durchgeführt (gestern), bei dem die im Betreff genannten Elemente gefunden wurden. Habe diese über die in MSE integrierte Funktion entfernt, wobei Rogue:Win32/Winwebsec 20 Minuten nach dem Entfernen nochmals als "Unter Quarantäne" aufgelistet wird. Ich habe bis jetzt keine abnormalen Verhaltensweisen an meinem Rechner entdeckt (außer, dass er manchmal langsam war - das kann aber auch Einbildung - und meine Internetverbindung zeitweise abgebrochen ist; auch das kann natürlich andere Gründe haben). Das Backup habe ich mittlerweile erfolgreich durchgeführt (das letzte davor ohne die oben beschriebene Fehlermeldung war vor 7 Wochen). Vor 8 Tagen habe ich etliche Daten auf ein Netbook kopiert, das ich auf eine Reise mitgenommen habe. Dieses Netbook scheint (lt. MSE) sauber zu sein. Die Frage ist nun, ob mein Rechner (der infizierte Laptop) tatsächlich sauber ist und ob ich sicherheitshalber alle Passwörter ändern soll/muss. Der Rechner wird auch für Electronic Banking und Einkäufe in Online-Shops (Amazon, ebay, Hotel- und Flugbuchungen, etc.) verwendet. Für die Speicherung von Passwörtern verwende ich den Passwortmanager von Firefox. Die Mail-Passwörter sind in Thunderbird gespeichert. Für die Speicherung sonstiger Passwörter verwende ich KeePass. Das Passwortfile wird über Dropbox mit einem Mobiltelefon synchronisiert. Hier die Logfiles (GMER.txt reiche ich nach sobald der Scan fertig ist; läuft schon seit 6 Stunden): Code:
ATTFilter OTL logfile created on: 04.06.2013 08:07:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,45 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 65,66% Memory free 6,90 Gb Paging File | 5,66 Gb Available in Paging File | 81,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 231,86 Gb Total Space | 17,41 Gb Free Space | 7,51% Space Free | Partition Type: NTFS Drive F: | 750,00 Mb Total Space | 541,25 Mb Free Space | 72,17% Space Free | Partition Type: NTFS Computer Name: MICHAEL-NB | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.04 08:05:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe PRC - [2013.05.23 20:10:52 | 028,712,088 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe PRC - [2013.01.27 12:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MpCmdRun.exe PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe PRC - [2013.01.08 09:59:20 | 000,228,448 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.11.19 13:48:10 | 001,404,768 | ---- | M] (Jumping Bytes) -- C:\Programme\Mobile Master\MMAgent.exe PRC - [2012.11.19 13:48:04 | 000,921,440 | ---- | M] (Jumping Bytes) -- C:\Programme\Mobile Master\MMScan.exe PRC - [2012.09.17 17:40:04 | 001,910,984 | ---- | M] (A-Trust GmbH) -- C:\Programme\A-Trust GmbH\a.sign Client\ASignLauncher.exe PRC - [2012.08.20 12:51:56 | 003,609,800 | ---- | M] (A-Trust GmbH) -- C:\Programme\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe PRC - [2011.08.04 15:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2011.07.25 12:10:34 | 000,468,112 | ---- | M] (CANON INC.) -- C:\Programme\Canon\IJ Network Scanner Selector EX\CNMNSST.exe PRC - [2011.07.19 05:53:07 | 002,567,272 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009.07.01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.06.29 12:44:38 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2009.06.29 12:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\stacsv.exe PRC - [2009.06.19 14:57:40 | 000,249,856 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2009.06.09 10:53:20 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\PACTray.exe PRC - [2009.05.14 12:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe PRC - [2009.03.02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\AEstSrv.exe PRC - [2009.02.01 00:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2009.01.31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe PRC - [2008.11.24 13:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2007.12.10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\GUCI_AVS.exe PRC - [2006.10.11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4.0\OpWareSE4.exe PRC - [2003.02.21 14:16:16 | 000,061,440 | R--- | M] (Tracker Software Products) -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe ========== Modules (No Company Name) ========== MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.08.20 12:52:20 | 000,007,368 | ---- | M] () -- C:\Programme\A-Trust GmbH\Bürgerkartensoftware\XalanMessages_1_10.dll MOD - [2012.08.20 12:52:18 | 002,393,288 | ---- | M] () -- C:\Programme\A-Trust GmbH\Bürgerkartensoftware\Xalan-C_1_10.dll MOD - [2012.08.20 12:52:16 | 000,406,728 | ---- | M] () -- C:\Programme\A-Trust GmbH\a.sign Client\plug_acSecurityLayer.dll MOD - [2009.07.20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll MOD - [2009.05.14 12:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe MOD - [2008.12.12 16:48:50 | 000,507,904 | ---- | M] () -- C:\Programme\Common Files\BCL Technologies\NitroPDF6\bepprint.dll MOD - [2003.04.27 16:02:28 | 000,011,264 | R--- | M] () -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\fmt_xmf.dll MOD - [2003.02.05 16:22:04 | 000,017,920 | R--- | M] () -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\xc_local.dll MOD - [2003.01.23 14:55:00 | 000,018,944 | R--- | M] () -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\fmt_xcx.dll MOD - [2003.01.22 18:29:32 | 000,024,576 | R--- | M] () -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\fmt_jb2.dll ========== Services (SafeList) ========== SRV - [2013.05.15 09:40:36 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.09.13 18:39:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.06.29 12:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\stacsv.exe -- (STacSV) SRV - [2009.03.02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\AEstSrv.exe -- (AESTFilters) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.03.26 14:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2012.01.31 16:37:42 | 000,587,136 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA) DRV - [2012.01.31 16:37:42 | 000,551,168 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM) DRV - [2012.01.31 16:37:42 | 000,032,512 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.11.16 09:56:26 | 000,059,136 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser) DRV - [2010.11.16 09:56:26 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm) DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2010.02.22 10:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.10.28 09:57:32 | 000,544,000 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GUCI_AVS.sys -- (GUCI_AVS) DRV - [2009.07.29 13:46:24 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.07.14 01:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpials.sys -- (acpials) DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.06.29 12:44:38 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009.06.25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.06.17 18:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2009.06.17 18:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2009.06.15 13:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt) DRV - [2009.06.13 01:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) DRV - [2009.05.28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv) DRV - [2008.09.18 17:03:00 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid) DRV - [2008.06.03 09:30:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 71 12 C8 E2 98 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "file:///C:/Users/Michael/Documents/_MPO/Computer/Internet/Startseite/Startseite.html" FF - prefs.js..browser.search.useDBForOrder: "false" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.16 18:41:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.26 17:39:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.26 12:55:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.26 17:44:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.05.26 12:55:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\ [2012.12.08 14:34:41 | 000,000,000 | ---D | M] [2012.10.20 12:23:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012.10.26 08:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e0uuplke.default\extensions [2013.05.26 17:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.26 17:39:16 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [ACSW14DE] "C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe" /pid ACSW14DE File not found O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe () O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [PACTray] C:\Windows\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [acSecurityLayer] C:\Programme\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.21.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39A0E855-CD77-4DE4-9F63-EB21BBBA998B}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EEF76ED-55AE-4BB2-896C-D02FF104533E}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.26 13:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync [2013.05.26 13:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileSync [2013.05.11 15:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime Alternative [2013.05.11 15:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic [2013.05.11 15:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative [2013.05.11 14:14:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\4Free [2013.05.11 14:08:20 | 034,173,045 | ---- | C] (4Free Studio ) -- C:\Users\Admin\Desktop\4free_video_converter_3-3.exe [2013.05.06 09:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java ========== Files - Modified Within 30 Days ========== [2013.06.04 08:07:25 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 08:07:25 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 08:00:48 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.04 08:00:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.04 08:00:04 | 2780,745,728 | -HS- | M] () -- C:\hiberfil.sys [2013.06.04 07:59:01 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2013.06.04 07:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.04 07:34:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.02 22:50:50 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.02 22:50:50 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.02 22:50:50 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.02 22:50:50 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.15 11:10:57 | 000,408,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.13 08:51:06 | 000,007,626 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg [2013.05.11 14:10:02 | 034,173,045 | ---- | M] (4Free Studio ) -- C:\Users\Admin\Desktop\4free_video_converter_3-3.exe ========== Files Created - No Company Name ========== [2013.06.04 07:58:44 | 000,000,020 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2013.05.26 17:39:32 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.16 17:31:22 | 000,007,626 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg [2012.09.21 13:49:02 | 000,002,157 | ---- | C] () -- C:\Windows\System32\GUCI_AVS.ini [2012.09.18 11:12:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL [2012.09.18 11:10:17 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll [2012.09.18 11:06:58 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI [2012.09.18 11:02:03 | 000,003,072 | ---- | C] () -- C:\Windows\System32\CNCFLbNL.DLL [2012.09.14 15:46:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.09.13 03:16:08 | 000,696,870 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.09.13 03:16:08 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.09.13 03:16:08 | 000,148,134 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.09.13 03:16:08 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2012.08.21 15:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.05.11 14:14:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\4Free [2013.04.19 14:53:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\A-Trust GmbH [2012.10.08 09:04:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ACD Systems [2012.12.20 20:52:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon [2012.10.26 13:37:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GoPal Assistant [2012.10.14 22:16:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\iSpy [2012.10.17 19:59:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech [2013.03.01 12:41:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mindjet [2012.12.20 20:39:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NewSoft [2012.12.12 15:24:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PE International [2012.09.18 11:06:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ScanSoft ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.06.2013 08:07:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,45 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 65,66% Memory free
6,90 Gb Paging File | 5,66 Gb Available in Paging File | 81,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231,86 Gb Total Space | 17,41 Gb Free Space | 7,51% Space Free | Partition Type: NTFS
Drive F: | 750,00 Mb Total Space | 541,25 Mb Free Space | 72,17% Space Free | Partition Type: NTFS
Computer Name: MICHAEL-NB | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 14.Manage] -- "C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeQV14.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0043E0F3-2D10-4553-B609-FAC703062E42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{06598837-B626-454C-9AB5-5B8A1356E630}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{278FA260-A016-45C5-8214-AFACE767A16D}" = rport=138 | protocol=17 | dir=out | app=system |
"{27F47857-3003-4F17-964B-585852F9AF63}" = rport=137 | protocol=17 | dir=out | app=system |
"{2C751129-A713-4452-9D95-12E3463A4A64}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2CDA500E-9AA5-481C-809F-EA87ECDD5521}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C95FD9A-9622-4417-9564-7AACFC0AA17E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4E42DF28-432A-4F18-8E63-16590DDB9912}" = rport=445 | protocol=6 | dir=out | app=system |
"{511F6A57-0B3A-49E0-B254-7C6FA74CCF07}" = lport=138 | protocol=17 | dir=in | app=system |
"{5894C8CF-E855-4F5B-AC74-4993CC8C4665}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D56C665-B148-4239-867A-F8187162886E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{60EDB3ED-411B-49B7-B7FA-0EDFC5B39A0D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{64302A08-7105-42CD-AF55-A216FB4E5011}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73D7D09D-AC30-42F3-A03B-3EE905DFCB1A}" = rport=139 | protocol=6 | dir=out | app=system |
"{82BE1EDB-8A91-4FF4-B267-381357709692}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99E6C71C-13CD-4CAC-9419-4226A610BB1F}" = lport=445 | protocol=6 | dir=in | app=system |
"{9F915A0B-E517-4C39-8DA4-45FB26C8226B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6B88FE1-94A6-42E0-AEFE-DB8A388D6BF3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{D1AFED1E-0D24-4EE9-AB13-37B907782896}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1FED3C5-5055-400B-95F5-BCDB38E57309}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D677561D-303D-4C7A-8174-E626A56863A2}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC1145E8-15B7-4E4A-A79F-204C6C4673EC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4C45AAC-8E08-4EAE-A3D1-3B4C6A2EDA98}" = lport=137 | protocol=17 | dir=in | app=system |
"{FE569177-3EB6-4881-8BAD-279E20DA846A}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0535AF3A-6136-4A25-8155-DBF45CA6C3A8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0B2B2E1E-1DCD-4797-A6AD-FA80E8CB4A3D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0CEDEA87-58E3-4F53-B115-98C17747E9EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0D773065-9407-4DC8-A314-16E2C759E6B3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{15F8C39C-0EBE-44C0-857D-01B58727FDF3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{18441C4E-1848-4FC7-9715-6F62598C5A17}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1926A7B4-56C8-44A1-B4DC-9E18085C4C1A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1FE14406-10CE-42CB-9560-1C9C95942887}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21D27F2F-B8A5-4895-AC15-C3906D65AE6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{22A538B1-3149-4484-B4CA-7FCC05A99F40}" = protocol=17 | dir=in | app=c:\program files\a-trust gmbh\bürgerkartensoftware\einstellungen.exe |
"{24FE52BE-86C8-4D55-A38D-8E44BE0B1F4C}" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |
"{290C6B69-AC05-4E69-A51B-4EBCEC49E814}" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |
"{315EEEA0-D7BB-4251-8591-36B854B038AE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{33E26CA1-E93F-4C37-8C79-A27F660E37C9}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{3A5994FC-34D0-444A-B109-C9DB56D7C2AA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4587B0F8-9368-412A-8A2B-70ACCD1ADE68}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4DC93CEF-F4CE-43E9-9642-54C94EA2A60C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4E318F93-E6E9-40ED-AE0F-51573CCB6FAC}" = protocol=6 | dir=in | app=c:\program files\a-trust gmbh\bürgerkartensoftware\einstellungen.exe |
"{50471E20-30A0-4FA9-95DF-D2A4C7F9AEFF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5EBB195A-67D5-4A9F-8F1E-E39C2B0F3159}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{63653F92-DF97-419E-957F-00DA61BF373A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64B12A9D-1A36-49C2-8984-3099D2EE3979}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6E11FB3D-3E82-451A-828E-202C2E0E9C9D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{76A7713A-B3A6-4E43-BB47-8BD01879BB5A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7F67A26E-9295-42E9-9363-B1587B956E0B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{80EC4CF4-8CF7-4B43-9EB9-311942A356DB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8887879D-82AE-4081-BFC2-B92C451E0268}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8D4AF41A-F80A-4591-B05C-E900ED44C42A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{90263D9A-2519-427B-B99A-41ED12563193}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B628851-88A3-4766-AE49-C117EBD9FC8F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9EC325EB-22F2-4698-9203-882CEA97E66C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9ED4B4F8-3E53-4E0B-9F5C-5BAADEB34A40}" = protocol=17 | dir=in | app=c:\program files\a-trust gmbh\bürgerkartensoftware\acsecuritylayer.exe |
"{A3F6DCA2-6BAA-4103-BDCA-236283EE9522}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A46B6304-4DC2-4737-A0AE-BEC61F3EFBD6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AE9A6755-CAE0-4E5B-AA6C-DEDD1FEEB204}" = protocol=6 | dir=in | app=c:\program files\a-trust gmbh\bürgerkartensoftware\acsecuritylayer.exe |
"{B61A50FE-5213-45B4-B97F-17176C866EAC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B8D7C0CA-3472-45DE-8171-DB3440E83552}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C38C2910-C1F5-4478-905F-2B9E54DC57BE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C946CC99-0FA1-40F5-A7E0-8CD41625A9A5}" = protocol=6 | dir=out | app=system |
"{D1992807-8EF1-460E-BDB1-DF9BA9E5A741}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1BF2B27-FD0D-46AE-90DC-E7DD4D2A2663}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D38CA991-C7B1-4315-ABAE-E5AD16B31682}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E45E17B0-5261-4122-BEAC-BC05CBE21879}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EA3CA5C3-2AC5-4F85-92D8-80BA9AB862D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EAB1D282-35CE-4683-A9EE-7F9CC74C3F97}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EFB013F2-773C-4A2C-B609-EB9F77CBEA77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB0DEE4D-A5AD-4FE1-950C-C11F3612F874}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FBB9C2F9-56A5-41EF-93FA-E651E89A55D1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FF133A0F-085C-4598-8DA0-8F67330FEFBC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0CCA6A88-3FC2-45E5-8F2F-EAA31DD3ABB6}C:\program files\ispy\ispy\ispy.exe" = protocol=6 | dir=in | app=c:\program files\ispy\ispy\ispy.exe |
"TCP Query User{2978AA96-E0BF-456D-B470-21C0D24D4B52}C:\users\michael\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe |
"TCP Query User{3AC6690C-E211-4496-AE98-5FB585EC4EFF}C:\users\michael\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe |
"TCP Query User{AA2D9884-ED71-4989-B6C2-39F1213B3FBF}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{B76A566B-15F5-4A4A-8EAB-798470615BFA}C:\program files\ispy\ispy\ispy.exe" = protocol=6 | dir=in | app=c:\program files\ispy\ispy\ispy.exe |
"TCP Query User{C3A02543-5B42-444A-B19C-92774420D690}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{010819A0-FDD1-47D9-AB3E-6F41B328FE92}C:\users\michael\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe |
"UDP Query User{0193A1A0-EDE8-41AE-8D7F-9ECA84D6B547}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{1B4EA5C9-6590-433D-A58B-F75369CCD4CD}C:\program files\ispy\ispy\ispy.exe" = protocol=17 | dir=in | app=c:\program files\ispy\ispy\ispy.exe |
"UDP Query User{308A72D6-A4C6-4E5E-9458-F29D36959D56}C:\users\michael\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe |
"UDP Query User{791F1F9D-D7A7-4F2F-819E-C61ABA30682D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{FF8BB390-F62F-421C-8C4B-4400451058A5}C:\program files\ispy\ispy\ispy.exe" = protocol=17 | dir=in | app=c:\program files\ispy\ispy\ispy.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07B22FB1-6A1E-41E7-8323-A9CA716026ED}" = bob internet
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series" = Canon MX890 series MP Drivers
"{14EEBDFB-6217-4F98-8563-8342C42E8571}" = Snagit 11
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.01
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F5A71BD-9EC9-4A59-BFBD-CA63CFB4885D}" = ACDSee 14
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{853F9C53-2518-4AD0-ABA2-A72EDF4441A4}" = Nitro PDF Professional
"{867F4564-412F-40BD-8D89-2FB679C52A41}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96D198CA-AE1F-4A5E-96AB-77376BD08A62}" = AquaSoft DiaShow 7 Blue Net
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6C8CD51-1AE4-474D-BA2D-125CDBEADD03}" = MEDION GoPal Assistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACA253A0-E903-4684-86AB-E4A09C47F1F7}" = MindManager X5 Pro
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C6A0FD8A-F107-44CA-AA1B-49341936F76A}" = USB2.0 PC Camera
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{EECA3522-2FAB-449C-873A-37B5109BD72E}" = Mobile Master
"{F1D70D18-6CDC-4839-A01B-660D19CA3A5E}" = iSpy
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = SetPoint
"{FBBCDE19-2EBB-437D-BB44-B8899E56EA9E}" = SE309
"a.sign Bürgerkartensoftware" = a.sign Bürgerkartensoftware 1.4.2.1
"a.sign Client" = a.sign Client 1.3.1.15
"a.sign PDF" = a.sign PDF 1.11.9.2a
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AquaSoft DiaShow 7 Blue Net" = AquaSoft DiaShow 7 Blue Net
"asignPDFverify" = asignPDFverify 1.0.9.0
"bob internet" = bob internet
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon MX890 series Benutzerregistrierung" = Canon MX890 series Benutzerregistrierung
"Canon MX890 series On-screen Manual" = Canon MX890 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"EcoScan 3.0" = EcoScan 3.0
"FreeFileSync" = FreeFileSync 5.15
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Master" = Mobile Master 8.5.8
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"MP Navigator EX 5.1" = Canon MP Navigator EX 5.1
"Office14.SingleImage" = Microsoft Office Professional 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Picasa 3" = Picasa 3
"Pixum Fotobuch" = Pixum Fotobuch
"PROSet" = Intel(R) Network Connections Drivers
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"SE309" = SE309
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Speed Dial Utility" = Canon Kurzwahlprogramm
"TERRATEC Grabby" = TERRATEC Grabby V5.09.1202.00
"VLC media player" = VLC media player 2.0.6
"XMind" = XMind
"XnConvert_is1" = XnConvert 1.55
"XnView_is1" = XnView 1.99.6
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.03.2013 10:09:01 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 158435
Error - 15.03.2013 10:40:54 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.03.2013 10:40:54 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1092
Error - 15.03.2013 10:40:54 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1092
Error - 15.03.2013 10:40:55 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.03.2013 10:40:55 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2106
Error - 15.03.2013 10:40:55 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2106
Error - 15.03.2013 10:42:22 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.03.2013 10:42:22 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 90075
Error - 15.03.2013 10:42:22 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 90075
[ System Events ]
Error - 02.06.2013 17:17:42 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.151.950.0 Aktualisierungsquelle: %%851
Aktualisierungsphase:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.950.0&asdelta=1.151.950.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%801 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9506.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der
Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error - 02.06.2013 17:17:42 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 104.0.0.0 Aktualisierungsquelle: %%851
Aktualisierungsphase:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x86&eng=2.1.9510.0&sig=104.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%886 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 2.1.9510.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der
Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error - 03.06.2013 02:33:32 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.151.950.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9506.0 Fehlercode:
0x80072ee2 Fehlerbeschreibung: Das Zeitlimit für den Vorgang wurde erreicht.
Error - 03.06.2013 02:34:05 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.151.950.0 Aktualisierungsquelle: %%851
Aktualisierungsphase:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.950.0&asdelta=1.151.950.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: Michael-NB\Michael Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9506.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der
Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error - 03.06.2013 02:34:05 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.151.950.0 Aktualisierungsquelle: %%851
Aktualisierungsphase:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.950.0&asdelta=1.151.950.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%801 Aktualisierungstyp: %%803 Benutzer: Michael-NB\Michael Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9506.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der
Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error - 03.06.2013 02:34:29 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 104.0.0.0 Aktualisierungsquelle: %%851
Aktualisierungsphase:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x86&eng=2.1.9510.0&sig=104.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%886 Aktualisierungstyp: %%803 Benutzer: Michael-NB\Michael Aktuelle Modulversion:
Vorherige Modulversion: 2.1.9510.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der
Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error - 03.06.2013 02:39:22 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.151.950.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9506.0 Fehlercode:
0x80072ee2 Fehlerbeschreibung: Das Zeitlimit für den Vorgang wurde erreicht.
Error - 03.06.2013 02:39:22 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.151.950.0 Aktualisierungsquelle: %%851
Aktualisierungsphase:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.950.0&asdelta=1.151.950.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: Michael-NB\Michael Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9506.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der
Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error - 03.06.2013 02:39:22 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.151.950.0 Aktualisierungsquelle: %%851
Aktualisierungsphase:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.950.0&asdelta=1.151.950.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%801 Aktualisierungstyp: %%803 Benutzer: Michael-NB\Michael Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9506.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der
Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error - 03.06.2013 02:39:22 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 104.0.0.0 Aktualisierungsquelle: %%851
Aktualisierungsphase:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x86&eng=2.1.9510.0&sig=104.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%886 Aktualisierungstyp: %%803 Benutzer: Michael-NB\Michael Aktuelle Modulversion:
Vorherige Modulversion: 2.1.9510.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der
Servername oder die Serveradresse konnte nicht verarbeitet werden.
< End of report >
 Grüße, barista P.S.: Habt heute eine Spende bekommen :-) |
| Themen zu Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? |
| adobe reader xi, akamai, autorun, bho, bonjour, canon, computer, converter, defender, ebay, entfernen, error, exploit:java/cve-2013-2423, fehlermeldung, flash player, format, frage, helper, install.exe, internet, langsam, mozilla, passwortmanager, plug-in, pws:win32/fareit, registry, rogue:win32/winwebsec, rundll, scan, security, senden, sketchup, svchost.exe, tracker, udp, ändern |
Baum-Darstellung