|
Plagegeister aller Art und deren Bekämpfung: Über meine Mail-Adreße wird Spam versendetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.01.2014, 00:02 | #1 |
| Über meine Mail-Adreße wird Spam versendet Es werden seit öfteren Mails von meinem Mail-Account nicht zugestellt, mit der Begründung das meine IP-Adreße auf einer Blacklist steht. Nun ist mir aufgefallen, dass ich diese Rückläufer auch von Adreßen bekomme an die ich gar nichts versendet habe und die auch Trojaner enthalten. Wie kann es sein das von meiner Mail-Adreße Spam verschickt wird. Folgende Mail z.B. habe ich zurückerhalten, diese enthält Trojaner hier mal den Header: Code:
ATTFilter Return-Path: <> Received: from email.hansenet.de (213.191.73.25) by email.hansenet.de (8.0.026) id 5272ADE00060D67B for ute@thomas-stickel.de; Fri, 10 Jan 2014 20:15:54 +0100 Received-SPF: permerror (email.hansenet.de: error while parsing SPF record for domain spf.trusted-forwarder.org) identity=helo; receiver=email.hansenet.de; client_ip=213.191.74.27; helo=mr05.hansenet.de; Received-SPF: permerror (email.hansenet.de: error while parsing SPF record for domain spf.trusted-forwarder.org) identity=helo; receiver=email.hansenet.de; client_ip=213.191.74.27; helo=mr05.hansenet.de; Received: from mr05.hansenet.de (213.191.74.27) by email.hansenet.de (8.5.113) id 529F306002977233 for ute@thomas-stickel.de; Fri, 10 Jan 2014 18:52:21 +0100 Received: from email.hansenet.de (213.191.73.26) by mr05.hansenet.de (8.0.026) id 525B9A8100C5CC36 for ute@thomas-stickel.de; Fri, 10 Jan 2014 18:00:47 +0100 Received: by email.hansenet.de (8.5.113) id 529F2FAB02276AF9 for ute@thomas-stickel.de; Fri, 10 Jan 2014 16:29:30 +0100 From: Mail Delivery Service <postmaster@post.hansenet.de> Subject: Delivery Status Notification To: ute@thomas-stickel.de Date: Fri, 10 Jan 2014 16:29:30 +0100 Message-ID: <529F2FAB02276AF8@email.hansenet.de> X-CP-Transaction-ID: 529F2FAB02276AF0 X-CP-For: mr.c3po@gmx.de MIME-Version: 1.0 Content-Type: Multipart/Report; report-type=delivery-status; boundary="========/529F2FAB02276AF0/email.hansenet.de" - These recipients of your message have been processed by the mail server: mr.c3po@gmx.de; Failed; 5.1.1 (bad destination mailbox address) Remote MTA mx01.gmx.net: SMTP diagnostic: 550 Requested action not taken: mailbox unavailable Reporting-MTA: dns; email.hansenet.de Received-from-MTA: dns; medion (217.191.205.27) Arrival-Date: Fri, 10 Jan 2014 16:29:30 +0100 Final-Recipient: rfc822; mr.c3po@gmx.de Action: Failed Status: 5.1.1 (bad destination mailbox address) Remote-MTA: dns; mx01.gmx.net Diagnostic-Code: smtp; 550 Requested action not taken: mailbox unavailable Beginn der angehängten Nachricht Return-Path: <ute@thomas-stickel.de> Received: from medion (217.191.205.27) by email.hansenet.de (8.5.113) (authenticated as ute@thomas-stickel.de) id 529F2FAB02276AF0 for mr.c3po@gmx.de; Fri, 10 Jan 2014 16:29:30 +0100 Message-ID: <529F2FAB02276AF0@email.hansenet.de> (added by postmaster@post.hansenet.de) From: "Arbeitsamt Online 24" <ute@thomas-stickel.de> To: "Dominique Raphael" <mr.c3po@gmx.de> Subject: Arbeitsagentur Arbeitsstellen Dominique Raphael 10.01.2014 Date: Fri, 10 Jan 2014 17:00:46 GMT Reply-To: <BrendaFryuia@gmx.com> MIME-Version: 1.0 X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-Priority: 3 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Reply ReplyAll Guten Tag Dominique Raphael, es stehen folgende Arbeitsstellen ab den 13.01.2014 in Deutschland bereit: Arbeitsangebot: Archivar / Scanner (m/w) Kennziffer TMM-4176-326 Es sind 19 freie Jobs zu besetzen. Wir sind ein expandierendes internationales Unternehmen und suchen zur Zeit neue Mitarbeiter zur Verstärkung des Teams in ganz Deutschland. Ihr Tätigkeitsfeld wird sich auf das Digitalisieren von Dokumenten und Schriftstücken beschränken und kann von zu hause erledigt werden Der Arbeitnehmer hat keine eigenen Ausgaben und muss keine technische Kenntnisse mitbringen. Die benötigte technische Ausrüstung wird von uns frei zur Verfügung gestellt. Das Gehalt beläuft sich auf 21,50 Euro Brutto/Stunde. Die Position kann gerne von Rentnern, Hausfrauen und auch nebenberuflich besetzt werden. Worauf wir bei unseren Mitarbeiter Wert legen: - Gewissenhaftigkeit, Pünktlichkeit und Diskretion - Erlaubnis zur Arbeitsaufnahme in Deutschland - verantwortungsvolle, selbstständige Arbeitsweise - genaue und strukturierte Arbeitsweise - Basis Kenntnisse im Umgang mit Word und Excel sind erwünscht - eigenständiges, schnelles Handeln in Problemsituationen - gute Kenntnisse im Umgang mit dem PC Wenn wir Ihr Interesse geweckt haben, schicken Sie uns Ihre aussagekräftigen Bewerbungsunterlagen noch heute, gerne per E-Mail an: LoraineBradycen@gmx.com. Wir freuen uns auf Ihre Bewerbung. Mit freundlichen Grüßen Paul Engel Arbeitsagentur Service Ende der angehängten Nachricht |
11.01.2014, 11:14 | #2 |
/// the machine /// TB-Ausbilder | Über meine Mail-Adreße wird Spam versendet hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
11.01.2014, 14:32 | #3 |
| Über meine Mail-Adreße wird Spam versendetCode:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 02 Ran by Besitzer (administrator) on PC on 11-01-2014 14:35:04 Running from C:\Users\Besitzer\Desktop Windows 8.1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Acer Incorporated) C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\mspaint.exe Kann das Programm nicht ausführen. Es kommt folgende Fehlermeldung: Geändert von loelli06 (11.01.2014 um 14:39 Uhr) |
12.01.2014, 08:17 | #4 |
/// the machine /// TB-Ausbilder | Über meine Mail-Adreße wird Spam versendet Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.01.2014, 08:52 | #5 |
| Über meine Mail-Adreße wird Spam versendetCode:
ATTFilter OTL logfile created on: 12.01.2014 08:39:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Besitzer\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16476) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,82 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 57,59% Memory free 4,51 Gb Paging File | 2,91 Gb Available in Paging File | 64,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 445,08 Gb Total Space | 405,73 Gb Free Space | 91,16% Space Free | Partition Type: NTFS Computer Name: PC | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Besitzer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () MOD - C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation) SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation) SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent) SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation) SRV - (EpsonCustomerResearchParticipation) -- C:\Programme\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (SEIKO EPSON CORPORATION) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (RfButtonDriverService) -- C:\Windows\RfBtnSvc64.exe (Dritek System INC.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AtherosSvc) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Qualcomm Atheros Commnucations) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) SRV - (DeviceFastLaneService) -- C:\Programme\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe (Acer Incorporated) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (BrcmCardReader) -- C:\Programme\Broadcom\MemoryCard\BrcmCardReader.exe (Broadcom Corp.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation) DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation) DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation) DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (Ps2Kb2Hid) -- C:\Windows\SysNative\drivers\aPs2Kb2Hid.sys (Dritek System Inc.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Qualcomm Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Qualcomm Atheros) DRV:64bit: - (AthDfu) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation) DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation) DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV - (cleanhlp) -- C:\EEK\Run\cleanhlp64.sys (Emsisoft GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D1096D1E-E11C-40FB-9AB9-5EF8E25DAE27} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{D1096D1E-E11C-40FB-9AB9-5EF8E25DAE27}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {D1096D1E-E11C-40FB-9AB9-5EF8E25DAE27} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{D1096D1E-E11C-40FB-9AB9-5EF8E25DAE27}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {D1096D1E-E11C-40FB-9AB9-5EF8E25DAE27} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: e-webprint%40epson.com:1.17.00 FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\e-webprint@epson.com: C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013.06.30 12:58:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.28 15:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions [2014.01.07 08:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\0zkvo4o4.default\extensions [2014.01.07 08:36:27 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\0zkvo4o4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013.12.21 11:26:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.12.21 11:26:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.06.30 12:58:20 | 000,000,000 | ---D | M] (E-Web Print) -- C:\PROGRAM FILES (X86)\EPSON SOFTWARE\E-WEB PRINT\FIREFOX ADD-ON ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - Extension: Google Docs = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Wallet = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\ CHR - Extension: Google Mail = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.08.22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LManager] File not found O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3540 Series" File not found O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-3540 Series" File not found O4 - HKCU..\Run: [Spotify Web Helper] C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe () O4 - Startup: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Atheros Communications) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30A2F4B2-69F8-4F51-AFC5-3C7A7C1FAD08}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB5AB50E-3A5C-4B29-9FD5-DB29A501FD37}: DhcpNameServer = 10.61.12.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.01.12 08:36:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe [2014.01.11 14:26:37 | 000,000,000 | ---D | C] -- C:\FRST [2014.01.11 14:26:12 | 002,076,160 | ---- | C] (Farbar) -- C:\Users\Besitzer\Desktop\FRST64.exe [2014.01.07 17:18:41 | 000,000,000 | ---D | C] -- C:\EEK [2014.01.07 08:36:30 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\QuickScan [2014.01.06 07:25:08 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes [2014.01.06 07:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2014.01.06 07:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.01.06 07:24:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys [2014.01.06 07:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2014.01.06 07:24:36 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\Programs [2013.12.21 11:26:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.12.14 18:57:14 | 002,570,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll [2013.12.14 18:57:13 | 007,399,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe [2013.12.14 18:57:12 | 013,177,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll [2013.12.14 18:57:11 | 000,840,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll [2013.12.14 18:57:10 | 011,674,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll [2013.12.14 18:57:10 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll [2013.12.14 18:57:10 | 000,358,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll [2013.12.14 18:57:09 | 002,896,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll [2013.12.14 18:57:09 | 000,922,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll [2013.12.14 18:57:09 | 000,747,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidcli.dll [2013.12.14 18:57:09 | 000,637,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe [2013.12.14 18:57:09 | 000,372,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys [2013.12.14 18:57:09 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll [2013.12.14 18:57:08 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe [2013.12.14 18:57:07 | 001,843,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll [2013.12.14 18:57:07 | 001,756,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPDMC.exe [2013.12.14 18:57:07 | 001,345,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe [2013.12.14 18:57:07 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll [2013.12.14 18:57:07 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll [2013.12.14 18:57:07 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll [2013.12.14 18:57:06 | 001,816,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll [2013.12.14 18:57:06 | 001,642,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi [2013.12.14 18:57:06 | 001,476,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi [2013.12.14 18:57:05 | 002,266,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll [2013.12.14 18:57:05 | 001,506,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe [2013.12.14 18:57:05 | 001,391,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPDMC.exe [2013.12.14 18:57:05 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll [2013.12.14 18:57:05 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll [2013.12.14 18:57:05 | 000,146,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\SerCx2.sys [2013.12.14 18:57:05 | 000,086,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys [2013.12.14 18:57:04 | 002,140,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll [2013.12.14 18:57:04 | 001,765,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll [2013.12.14 18:57:04 | 000,325,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS [2013.12.14 18:57:04 | 000,039,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\intelpep.sys [2013.12.14 18:57:04 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredentialMigrationHandler.dll [2013.12.14 18:57:04 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredentialMigrationHandler.dll [2013.12.14 18:57:03 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidcli.dll [2013.12.14 18:57:03 | 000,516,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll [2013.12.14 18:57:03 | 000,382,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys [2013.12.14 18:57:02 | 002,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll [2013.12.14 18:57:02 | 001,765,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll [2013.12.14 18:57:02 | 001,302,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll [2013.12.14 18:57:02 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll [2013.12.14 18:57:02 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll [2013.12.14 18:57:02 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll ========== Files - Modified Within 30 Days ========== [2014.01.12 08:36:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe [2014.01.12 08:34:52 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014.01.12 08:34:15 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014.01.12 08:34:01 | 000,001,116 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2014.01.12 08:32:12 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2014.01.12 08:32:11 | 3279,335,424 | -HS- | M] () -- C:\hiberfil.sys [2014.01.12 08:31:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2014.01.12 00:49:54 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2014.01.11 18:43:51 | 000,018,185 | ---- | M] () -- C:\Users\Besitzer\Documents\minxschimmel.odt [2014.01.11 14:29:15 | 000,247,887 | ---- | M] () -- C:\Users\Besitzer\Desktop\viren1.jpg [2014.01.11 14:26:16 | 002,076,160 | ---- | M] (Farbar) -- C:\Users\Besitzer\Desktop\FRST64.exe [2014.01.10 17:40:37 | 000,040,819 | ---- | M] () -- C:\Users\Besitzer\Desktop\Ausgabentabelle.ods [2014.01.08 17:44:28 | 000,002,082 | ---- | M] () -- C:\Users\Besitzer\Desktop\Entfernen des Avira EU-Cleaners.lnk [2014.01.08 17:44:28 | 000,002,026 | ---- | M] () -- C:\Users\Besitzer\Desktop\Avira EU-Cleaner.lnk [2014.01.07 17:19:12 | 000,000,558 | ---- | M] () -- C:\Users\Besitzer\Desktop\Emsisoft Emergency Kit.lnk [2014.01.06 07:24:56 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.12.16 08:28:48 | 000,360,528 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2014.01.11 18:43:49 | 000,018,185 | ---- | C] () -- C:\Users\Besitzer\Documents\minxschimmel.odt [2014.01.11 14:29:15 | 000,247,887 | ---- | C] () -- C:\Users\Besitzer\Desktop\viren1.jpg [2014.01.07 17:19:12 | 000,000,558 | ---- | C] () -- C:\Users\Besitzer\Desktop\Emsisoft Emergency Kit.lnk [2014.01.07 08:39:31 | 000,002,082 | ---- | C] () -- C:\Users\Besitzer\Desktop\Entfernen des Avira EU-Cleaners.lnk [2014.01.07 08:39:31 | 000,002,026 | ---- | C] () -- C:\Users\Besitzer\Desktop\Avira EU-Cleaner.lnk [2014.01.06 07:24:56 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.08.22 16:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2013.08.22 16:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2013.08.22 15:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2013.08.22 08:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2013.08.22 04:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2013.08.22 04:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2013.08.22 00:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2013.08.22 00:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [2012.12.14 01:42:30 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin [2012.12.14 01:42:30 | 000,064,512 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll [2012.12.14 01:42:28 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin [2012.04.20 12:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.11.05 21:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.11.05 19:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.08.22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.08.22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 199 bytes -> C:\Users\Besitzer\SkyDrive:ms-properties < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.01.2014 08:39:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Besitzer\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16476) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,82 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 57,59% Memory free 4,51 Gb Paging File | 2,91 Gb Available in Paging File | 64,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 445,08 Gb Total Space | 405,73 Gb Free Space | 91,16% Space Free | Partition Type: NTFS Computer Name: PC | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1663D5CB-D425-4CF4-B61F-9F4CDFDD5A38}" = rport=10243 | protocol=6 | dir=out | app=system | "{323D128E-889F-4398-B979-3C03B5BC40C5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{45142333-A726-4096-AC26-5643FA396968}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7C89303B-2B0B-456B-844A-C0544E964095}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{7D1CA38C-5893-4B4E-841A-1E8D25F349C3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7E5C4F40-E6E5-4110-9D90-E31770B436B1}" = lport=2869 | protocol=6 | dir=in | app=system | "{94C80185-2CFC-436B-BD63-C0AE2F729992}" = lport=10243 | protocol=6 | dir=in | app=system | "{B38E692D-221B-4D16-9036-82ED4D2989BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BD58FDD1-F8C1-4E27-843D-424515C839D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C0757E2C-8146-407A-BAB4-E9C9E355CBC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D511D463-9503-4BC3-B8B9-1DF02EFFDB70}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00E29DF5-F7F1-41A5-AB3E-37831577E817}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | "{01F4606B-E15A-4C2A-BB79-16849D99FE04}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | "{02C5485A-365F-4510-82FE-E8E33984B5CA}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | "{03BAC237-1058-4199-BDD8-7B3AE7595389}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{03FD3127-57C9-4267-9C65-DD1FB3F40468}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{0755D2BF-891C-4088-B955-E264816A911C}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.337_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | "{07F4D1C8-B023-4957-A63D-5916460FFBF0}" = dir=out | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{083FF76D-B648-4955-ACAD-18CEC83B980A}" = dir=out | name=@{microsoft.bingnews_3.0.1.321_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} | "{08482F61-907A-4EC8-A1F5-42A9BE4D7887}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | "{089CA0EE-DE25-4B30-BA65-4C4303A79326}" = dir=out | name=txtr ebooks | "{0C4B86E8-3FD4-4E17-BD81-84DCBF40EAF0}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{0C759907-691C-4D42-AE2A-91E8D51B0D14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0EB73B49-5942-4894-92F7-3C26100213BC}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{10425090-6611-4015-BE84-BFDD5D29EC5D}" = dir=in | name=microsoft minesweeper | "{127DA719-D294-4F34-96CD-1181451E9751}" = dir=in | name=taptiles | "{12FE207F-6E32-4AA4-B875-C90ABCE80B46}" = dir=out | name=txtr ebooks | "{1417543A-33FD-4549-88B2-C4AFBCDCB797}" = dir=in | name=juniper networks junos pulse | "{15D5541F-16C0-4878-A7B6-1AFE0E9A130C}" = dir=out | name=@{microsoft.zunemusic_2.2.339.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{173D6619-BAA0-4C76-824E-A9F94BDCBF86}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{18A9EDBF-EB64-49B4-93F6-756935B49349}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet config v4\enconfig.exe | "{1AC60346-75B8-4B83-9775-66029CEF04CA}" = dir=out | name=check point vpn | "{1B9BBE7A-3B55-46A8-9647-6990AADFE7A1}" = dir=out | name=windows_ie_ac_001 | "{1C5E6122-795E-4271-935E-6EDFE50D54EB}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{1CD1A5B0-ADCB-4371-A5F1-431C4281C249}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1DB9474A-0995-4B9B-8A03-784C3170F9DC}" = dir=out | name=microsoft mahjong | "{1EC743DF-9F46-4A3C-B595-44CF954689DD}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{1F548CF9-7434-4D01-B6F8-5119A85AA19C}" = dir=in | name=check point vpn | "{215A6209-A089-4BA0-91FC-1564F64B1B12}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{222F1FFB-8C19-4263-9CE9-02D1D2A9DA43}" = dir=in | name=der spiegel | "{25E0F856-CC9E-4B2C-A374-2EB82B2CBD05}" = dir=out | name=evernote touch | "{26713F4A-47C8-41C0-82A0-97EC6D731F06}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{285410CA-82C0-4291-8316-4766D32A44F6}" = dir=out | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{2897A33B-8BD2-43E4-9C73-C3B018D2D989}" = dir=out | name=taptiles | "{2BFA3000-2B0E-4989-9E7C-BAA684089CD2}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | "{2D8DE166-E277-421A-8CEF-2711E75CECD1}" = dir=in | name=newsxpresso | "{2DC7AECB-7104-4529-ADF1-CB3343B7A699}" = dir=out | name=acer crystal eye | "{2DF30345-3B29-4FCB-AD72-F27EA515B600}" = dir=out | name=stern.de | "{30951AE1-94A8-4FA9-9BE7-8AC6F020DB99}" = dir=out | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{3183AE5E-9D5A-4240-ACF1-BEFD3036EA23}" = dir=out | name=ebay | "{3335F009-4F34-464F-87DE-944F8B724CE4}" = dir=out | name=shark dash | "{389B3EB3-C1E6-4948-95A5-62637ADEE6C5}" = dir=in | name=microsoft minesweeper | "{3B95992E-A75A-4D62-A158-593B601611FD}" = dir=in | name=@{remmelinformatik.cookmelight_2.2.0.92_neutral__2wyp2v8058s48?ms-resource://remmelinformatik.cookmelight/resources/appnamelight} | "{3BC97A74-142C-41AB-90E1-3572E7CAB567}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet config v4\enconfig.exe | "{3DF1C8AE-62C0-4F80-8ADB-FCE46421A436}" = dir=out | name=microsoft mahjong | "{3E1C0856-A555-452E-BEFC-2BE1EF6A7051}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{3EA69330-D5A5-4D68-8784-F126C5428589}" = dir=out | name=weatherbug | "{40D4D050-3C0E-4849-92E2-0ACB51D13C79}" = dir=in | name=skype | "{41F0202F-634B-4E9C-A558-DC07824B2BA7}" = dir=out | name=social jogger | "{423A21B0-5BBE-46EA-8B62-FF4F75DAA5C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | "{42FB1ACE-C3DE-4666-A551-0A977C00FF7B}" = dir=out | name=microsoft solitaire collection | "{4498013D-120E-4953-BF6A-07A11C788FC5}" = dir=in | name=microsoft solitaire collection | "{469ABF6A-15A7-449B-9E4F-7496100E5B1E}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{470DBC92-B572-4086-80F5-C7EDDC6C6863}" = dir=out | name=skype | "{4769316C-ADD7-48C0-A902-26DDFA258053}" = dir=out | name=jamie's recipes | "{49A8A5AC-C263-40BA-BF51-481C72ABB5CB}" = dir=out | name=the treasures of montezuma 3 | "{4AA4C196-DC84-4E16-81DF-9E20DDD8B286}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | "{4B72C730-DDB4-47BA-B544-1A9E45EBF84A}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.335_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{4BFAD5DA-C26D-4A06-82DE-3AA2A0FA97E0}" = dir=out | name=check point vpn | "{4C798C14-704F-49B4-8924-F7E0DA349D1A}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{4D53775E-377F-4CE4-B8E4-7CD53C67B3B0}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | "{4E923B50-434D-4EDE-92A2-08DAB6B45A09}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | "{51516CB3-BF55-46D0-97CE-CF057BE6E20D}" = dir=out | name=juniper networks junos pulse | "{53F09E82-A080-4834-99C3-980036587078}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{544159BE-F6C2-4A7F-BC87-A6B7E6C704DC}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{547EFE81-A2C7-4855-9941-0B3951C7F51E}" = dir=in | name=f5 vpn | "{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | "{567955F0-E53E-4DC7-BF84-F784FBE9D2BD}" = dir=out | name=f5 vpn | "{57EF95E3-C2A1-4962-BAC2-5B55B0A6B45E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{58169193-39CE-451A-97AB-0625BA69694F}" = dir=out | name=sonicwall mobile connect | "{594731FD-7C47-4D98-9DF8-74C883B8E371}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{59738BD5-17CB-4A85-BDE8-18A3BD03D7FE}" = dir=out | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{5C3F3BA9-3A90-4839-A719-4A991A1714B0}" = dir=out | name=windows_ie_ac_001 | "{5D3187E8-2407-4B63-8AF0-20187177239C}" = dir=in | name=taptiles | "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | "{5F648FDE-DF8A-458F-A0A2-51B4BC827F3E}" = dir=out | name=@{3718.12514fb00dc68_2.6.1.15_x64__8aydmnc5fg7fe?ms-resource://3718.12514fb00dc68/resources/appname} | "{5FBDB15C-D84D-4D6E-8CFB-973A6ACA6873}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{636C4D72-5027-406E-97B7-F373669D7B87}" = dir=out | name=@{microsoft.bingtranslator_1.6.0.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtranslator/resources/appname} | "{638C99E9-919F-48AA-AE11-05F2AEBA992D}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{643DF55E-F14D-4F97-B45F-BE31909A2F37}" = dir=out | name=social jogger | "{645BD733-50CC-4743-9A92-727586E528B4}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{64B37C77-4FD6-44CA-9B13-19C5E387B01D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{673186C9-A3CB-4288-8751-67346FC5A496}" = dir=out | name=acer crystal eye | "{677C54CA-C053-44F5-9891-0EBC00C3E510}" = dir=out | name=@{microsoft.zunevideo_2.2.338.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{67E0C719-42D0-400A-8FB1-9FEA69B264A2}" = dir=out | name=@{12199asparion.asparionclock_3.1.0.39_neutral__f89vgcf3qm37t?ms-resource://12199asparion.asparionclock/resources/sstorename} | "{6A3C5D1B-AE07-41D7-A3C0-762C0DE9B267}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{6D959BB4-4EA0-45D9-A5D2-BC31753AC4CC}" = dir=out | name=@{remmelinformatik.cookmelight_2.2.0.92_neutral__2wyp2v8058s48?ms-resource://remmelinformatik.cookmelight/resources/appnamelight} | "{6DDA593C-A043-411C-99FC-1A7AD079F5E8}" = dir=out | name=windows_ie_ac_001 | "{73FE40E5-DA41-4492-B373-10F714DF845B}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe | "{749DC9D6-8208-48A1-9652-2D2DEE4D2590}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{7561A33D-ED2A-4453-B34C-6A63E6C254E8}" = dir=out | name=@{microsoft.zunemusic_2.2.339.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{77EDDCC6-4677-43FB-86CE-D24096D6792E}" = dir=out | name=the treasures of montezuma 3 | "{77F7D0B6-DDE3-4C5C-BE0E-10E39FD56084}" = dir=in | app=c:\users\besitzer\appdata\local\microsoft\skydrive\skydrive.exe | "{781047B4-2E3C-4416-A327-A5808C7D6B18}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{7D5DC25A-1BD9-4AC3-B178-B31ACFC5F025}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | "{7FA6D94B-5031-411B-A0DF-634AD4C1D890}" = dir=out | name=windows_ie_ac_001 | "{808BDE67-60DC-4AE3-86F3-5E831743EEBC}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{819F0FE4-F00D-4DA3-8CAB-2284124B173B}" = dir=out | name=skitch touch | "{81D00E94-5304-4F0B-A19B-38E1CE081CCC}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe | "{82159F0B-8116-4394-AE3E-ABE7554D8094}" = protocol=6 | dir=out | app=system | "{834C40FE-FF1F-408C-84E5-5DDA8DCA246D}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{83E21156-ECA9-47D6-B66B-43D3EE8E6F96}" = dir=out | name=@{microsoft.bingsports_2.0.0.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{8549C0A3-EFC3-460A-A16D-74F1A6BA8F7B}" = dir=out | name=kicker | "{878E6B35-1A99-4223-BF55-468520693B39}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | "{87DC837B-13AE-473D-8149-991E20D03867}" = dir=out | name=geschäftsenglisch | "{882D3243-78B6-40CB-85A7-ACE3EE12FB10}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe | "{88343AB1-04D2-4BFA-A427-1A43D4DAADB7}" = dir=in | name=microsoft solitaire collection | "{896F6201-5CAF-4D8D-BC0E-31F1B1918B4B}" = dir=out | name=7digital music store | "{8989ABF4-B7E5-4B0B-8145-DDCF64A65A93}" = dir=out | name=f5 vpn | "{89AA7D2A-F4B0-402B-AF70-AD17B9710CF3}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.335_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{8A7A6006-4D48-411A-8C01-1E60A1FC954C}" = dir=in | name=sonicwall mobile connect | "{8B12224E-A81A-4DF5-A180-F7D5B6A7A62B}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.337_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | "{8C341BC0-F64F-4A57-A5A0-D1757C807760}" = dir=out | name=@{microsoft.bingfinance_3.0.1.299_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{8E2321B7-80D7-40F4-804C-99E434911ABD}" = dir=in | name=acer explorer | "{8EF725BB-5DFC-4D06-A607-649D1D2EEFF0}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | "{90C010E9-0899-4A4A-9557-EFDBB531F20C}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{91B8728B-7E0C-4BF8-BBA4-775713B1612C}" = dir=in | name=juniper networks junos pulse | "{94F73566-5413-47F5-9466-5C4ECD9721C3}" = dir=out | name=tv digital | "{9542319B-F170-4936-8EE4-479D634F5D99}" = dir=out | name=shark dash | "{96742255-45E2-4943-BF43-DF83EC41826B}" = dir=out | name=tunein radio | "{9771E804-64F7-48BC-B4B7-01ADA9796B02}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe | "{9788FA1D-1C53-406C-811B-F1930528E3B9}" = dir=out | name=newsxpresso | "{97C3CB76-3978-4037-B3EA-3D88205F3726}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{98F70198-96AD-414C-931C-7351C5FA1F3D}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{9EC8EE2C-8032-4AB9-9DDD-17DFDCE377D7}" = dir=in | name=microsoft mahjong | "{9FAECC85-C585-45F7-A945-2BCABA352EED}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{9FC3947C-015B-4E55-8A9A-5346E7B0E652}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{A2988034-156B-4C20-9276-72C8DFC9D49B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{A2B225EB-C837-41FB-94C4-2642E4DC8C42}" = dir=in | name=f5 vpn | "{A34D7078-4148-441E-8ABB-63ABBC92218A}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{A42453AE-40CC-4602-B620-E99CEEE628E8}" = protocol=17 | dir=in | app=d:\network\epsonnetsetup\eneasyapp.exe | "{A66D9292-2291-4E3F-BB7F-740DC39DB5A8}" = dir=out | name=@{microsoft.bingnews_3.0.1.321_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} | "{A7526199-AB87-4D86-9925-05663754BD3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A8419BE7-F350-414E-80BE-4A08CDF9BE9D}" = dir=out | name=@{microsoft.bingfinance_3.0.1.299_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{AABB56DA-F929-44D9-870C-645C263EECC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB4CFB2E-9448-40AF-9648-9BBF730B3D8F}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{ABCD5A75-D7D3-4214-89F5-CCD2881CF89A}" = dir=out | name=cut the rope | "{ADE03F8D-E328-4C55-948B-06E786A61FA0}" = dir=out | name=7digital music store | "{B09286A6-201F-400F-996F-F9B48D331430}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | "{B0B9ABC5-1DD3-4E5F-92F2-07ADCF867E87}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe | "{B14BF9B4-8781-4B08-8D71-EDFEE7000727}" = dir=out | name=@{babbel.com.learnenglishwithbabbel.com_1.2.0.0_x64__qy1gdghayqfcm?ms-resource://babbel.com.learnenglishwithbabbel.com/apptitles/app_title} | "{B309D73F-430D-43E5-9848-55353F64810C}" = dir=out | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{B36D2DE3-37E2-46C9-A7DE-A5C4641C092B}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{B5080131-FEEB-4106-89E0-DC906810F311}" = dir=out | name=@{microsoft.zunevideo_2.2.338.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{B74E6E1A-A6D0-420A-B677-99AA71C81ECF}" = dir=out | name=evernote touch | "{BC6869DC-3955-419E-A7D8-2F56A13B867C}" = dir=out | name=weatherbug | "{BCB3CBB5-5D02-46FB-B653-33464A087BAA}" = dir=out | name=acer explorer | "{C0A69685-9453-428E-90B6-0F7EA823CF9C}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{C0D173C5-5F8C-4769-A5B8-AE1F34D8E13F}" = dir=out | name=cut the rope | "{C29D9AF1-606B-4174-BD93-D380FE76EEF6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{C37CD7F5-33F2-4126-BAA1-B8496C3149C0}" = dir=out | name=einfache und leckere spaghettirezepte | "{C3FBCA1F-750C-4150-880A-512FC80EFD34}" = dir=out | name=ebay | "{C4FB7FB4-50FF-4A77-9CF8-88812FE2A161}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{C5811F09-2E45-4751-89CF-DAB45B8923CB}" = dir=in | name=acer explorer | "{C61E71FD-3C29-469B-8EDE-087871510373}" = dir=out | name=taptiles | "{C8628822-F9BA-434C-9ECD-01F33D3760E4}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | "{CB9E21FB-17A0-42FA-9CC8-35DAC2D66F6D}" = dir=out | name=acer explorer | "{CBE6E01B-63EB-4FFC-A2F9-1195F91A26A3}" = dir=out | name=skitch touch | "{CC09A8EE-A6E5-49E6-9028-ACCE45034D68}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{CE7662A9-3CC2-4779-B426-B5A0B9713B48}" = dir=out | name=microsoft minesweeper | "{CFC6AC83-6578-4BDA-8449-8A95125D0EE0}" = dir=in | name=microsoft mahjong | "{D094641D-B845-4E96-9998-F57F78BF8DAC}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | "{D6C2F4BB-AA02-414A-BAAD-DDF76F33935F}" = dir=out | name=der spiegel | "{D8D0BE4A-4DC4-4619-A88F-7B7D1CE020CA}" = dir=out | name=google search | "{D8FC849D-3A42-451F-9C2E-8AE574D3A06C}" = dir=in | name=sonicwall mobile connect | "{D916891C-6A06-45F8-8864-DB528897B59E}" = dir=in | name=skype | "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | "{DC9B9918-2012-4632-BD3E-1D410D8576A3}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{DDE2C4F3-98F2-4FF6-ACC7-52EC9BB205C8}" = dir=out | name=tunein radio | "{DEC5045E-CDFF-45C5-9D60-A1DAF9E774A7}" = dir=out | name=n-tv nachrichten | "{DEFBBF43-9899-402B-A40F-687ED0F8AD1B}" = dir=out | name=marktjagd shopping-navigator | "{DF8041B2-E24D-4DE6-A286-C4C1F0BC2880}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | "{DFBD8CBA-39B5-4CB6-B2C0-DCBAD26C5072}" = dir=out | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{DFEEF7B0-7D5D-4BCA-B747-5BA02ACE4012}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe | "{E18AC9A3-C843-41A5-B751-5DADC330831F}" = dir=out | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{E1E26BF0-FBC4-4FCD-8EC7-447698F4713A}" = dir=out | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{E2A48752-E6E4-4ED6-8CCF-7389E1E4756D}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{E30E5F58-4BC2-4FD6-8986-79BDE3233258}" = dir=in | name=evernote touch | "{E3344213-FE12-4D10-8184-5E4C43F95609}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E40E0E5E-C71B-49F1-B7EA-2D629C91BC40}" = dir=in | name=newsxpresso | "{E540DDD5-E780-40A3-A129-9AEE940503A9}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{EA26E7AE-640F-4225-8E22-6F0C9BFB5A06}" = dir=out | name=newsxpresso | "{EBDECCD9-2AD5-429A-BD12-2C585E8E3EBA}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | "{EE0F7FD0-06CF-4667-A4F0-22492C3CE9BC}" = protocol=6 | dir=in | app=d:\network\epsonnetsetup\eneasyapp.exe | "{F2C270D3-2399-4BC5-A713-61E16290B805}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{F2DF981F-B2D2-434C-8037-548A90A93C39}" = dir=out | name=juniper networks junos pulse | "{F498DFB3-E0A0-4D64-A6D0-D319814FB594}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{F593443A-C6DC-41A2-B9B2-E61E737F7CE5}" = dir=out | name=microsoft minesweeper | "{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | "{F67A34B6-26EB-4E65-A8CD-3ABC06621BAB}" = dir=out | name=@{babbel.com.learnenglishwithbabbel.com_1.2.0.0_x64__qy1gdghayqfcm?ms-resource://babbel.com.learnenglishwithbabbel.com/apptitles/app_title} | "{F6FE44FF-CA76-49F0-A8F4-3690BC5E96CD}" = dir=out | name=sonicwall mobile connect | "{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | "{F81B41C6-6E7F-470B-814B-5C6146C2A5E2}" = dir=in | name=evernote touch | "{F82D1C6D-93F8-412D-B6F5-9F0CA571AD1C}" = dir=in | name=check point vpn | "{F93F4124-904F-4DDB-86CD-093A0C9FDF7E}" = dir=out | name=skype | "{FB4115BD-FA61-4C76-BB8F-274DCAE8B248}" = dir=out | name=microsoft solitaire collection | "{FBAAF225-B080-4EA7-8720-C3A714294C61}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{FCF124D8-DC7C-4C9F-857D-B1CE936848F7}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | "{FFCD9A0F-E201-4C59-A352-3C4B2B10301F}" = dir=out | name=@{pons.wrterbuch_1.7.0.53_neutral__sj9sp7dbkxx8m?ms-resource://pons.wrterbuch/resources/display_name} | "TCP Query User{634DE261-0A73-4951-A7C3-FC323751B66E}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{8F810F4A-592E-403F-B52B-5537D5A2FE35}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{C187DFBA-543D-4A5B-9038-FADD4936BAE9}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{FCC02F4E-6CCA-4F68-9229-97E990C3652C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64) "{B26449A6-6007-4460-B4FE-C4776115BCEA}" = Epson Customer Research Participation "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F0A7DF2F-0BE0-470F-B137-D7A19F977189}" = Broadcom Card Reader Driver Installer "{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-X64 11.6.8.001_WHQL "EPSON Remote Print" = Druckerdeinstallation für EPSON Remote Print "EPSON WF-3540 Series" = EPSON WF-3540 Series Printer Uninstall [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02A312B5-1542-47B6-BFE9-F51358C39E86}" = Epson Easy Photo Print 2 "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}" = EpsonNet Config V4 "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail "{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FCC073B-CC01-4443-AD20-E559F66E6E83}" = Office Addin 2003 "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WLAN and Bluetooth Client Installation Program "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2 "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4 "{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie "{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{695C8469-7822-4B31-A673-5ED84815B649}" = Epson E-Web Print "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{82DEE0F4-18DB-4C49-89A4-0BEE4597DF45}" = Software Updater "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8F01524C-0676-4CC1-B4AE-64753C723391}" = Epson Event Manager "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4 "{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud "{A694AF57-9891-4D62-824C-7E55A1361A14}" = eBay Worldwide "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Deutsch "{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5 "{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media "{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2 "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ElsterFormular" = ElsterFormular "Epson Connect Guide" = Epson Connect Guide "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver "EPSON Scanner" = EPSON Scan "Google Chrome" = Google Chrome "InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Spotify" = Spotify "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime "WF-3540 Series Netg" = Epson Netzwerkhandbuch WF-3540 Series "WF-3540 Series Useg" = Epson Benutzerhandbuch WF-3540 Series "WildTangent wildgames Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WTA-0d68628a-83c6-4ba9-95fb-7f859a86e955" = Aloha TriPeaks "WTA-0e3b77db-1594-41c3-917d-f57454d7e0ba" = Jewel Match 3 "WTA-13701bce-c3b5-4053-81aa-26a46f6279a8" = Zuma's Revenge "WTA-154d14df-fddd-429f-af1f-b8b71c1b6a87" = Island Tribe "WTA-1f78ad7a-4d78-47c1-b89a-5ce84e53268b" = Delicious: Emily's True Love Premium Edition "WTA-225a4896-5341-426b-84ba-e3f4d1101f68" = Governor of Poker 2 Premium Edition "WTA-2fdb4002-ecf3-42d2-b118-faa18fe9ef56" = Tales of Lagoona "WTA-593cfab5-049d-4631-b3d0-2dcbd152f77a" = John Deere Drive Green "WTA-6844ced3-3d9e-405b-9c5d-9096b4223ef1" = Bejeweled 3 "WTA-7db42b7c-5e03-41c5-8934-911cca9414cf" = Magic Academy "WTA-aeb1170b-8284-4190-b002-a001b38da741" = Polar Bowler "WTA-d2029d49-07b2-48ee-a534-cb74fa01a3c2" = Agatha Christie - Death on the Nile "WTA-e38b0f58-3b97-4ca1-bfc8-456508977e94" = Penguins! "WTA-f3a12e4b-652f-4a10-b6f9-b1dfae195e56" = Plants vs. Zombies - Game of the Year ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SkyDriveSetup.exe" = Microsoft SkyDrive ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 05.01.2014 13:59:47 | Computer Name = PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 06.01.2014 02:46:28 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Programm BackgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1324 Startzeit: 01cf0aa962b06ce7 Endzeit: 4294967295 Anwendungspfad: C:\WINDOWS\System32\BackgroundTaskHost.exe Berichts-ID: 5695676f-769d-11e3-be9c-b888e3d1a834 Vollständiger Name des fehlerhaften Pakets: Microsoft.BingHealthAndFitness_3.0.1.335_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppexHealthAndFitness Error - 06.01.2014 05:08:25 | Computer Name = PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNAVI.EXE". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest. Error - 06.01.2014 05:09:31 | Computer Name = PC | Source = SideBySide | ID = 16842824 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest" in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error - 06.01.2014 05:09:31 | Computer Name = PC | Source = SideBySide | ID = 16842824 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest" in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error - 06.01.2014 05:09:31 | Computer Name = PC | Source = SideBySide | ID = 16842824 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest" in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error - 06.01.2014 05:11:53 | Computer Name = PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNAVI.EXE". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest. Error - 06.01.2014 05:11:58 | Computer Name = PC | Source = SideBySide | ID = 16842824 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest" in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error - 06.01.2014 05:11:58 | Computer Name = PC | Source = SideBySide | ID = 16842824 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest" in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error - 06.01.2014 05:11:58 | Computer Name = PC | Source = SideBySide | ID = 16842824 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest" in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. [ System Events ] Error - 01.01.2014 05:00:01 | Computer Name = PC | Source = DCOM | ID = 10016 Description = Error - 01.01.2014 16:34:11 | Computer Name = PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error - 01.01.2014 16:34:11 | Computer Name = PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error - 01.01.2014 16:39:07 | Computer Name = PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error - 01.01.2014 16:39:07 | Computer Name = PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error - 02.01.2014 00:10:17 | Computer Name = PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error - 02.01.2014 00:11:01 | Computer Name = PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error - 02.01.2014 00:13:57 | Computer Name = PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error - 02.01.2014 00:15:04 | Computer Name = PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error - 02.01.2014 00:16:22 | Computer Name = PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. < End of report > |
12.01.2014, 09:22 | #6 |
/// the machine /// TB-Ausbilder | Über meine Mail-Adreße wird Spam versendet Passwort mal geändert vom Mail Account? dann immer noch Probleme?
__________________ --> Über meine Mail-Adreße wird Spam versendet |
12.01.2014, 17:00 | #7 |
| Über meine Mail-Adreße wird Spam versendet Ja habe ich von Dienst-PC aus. Aber es kommen noch immer Rückläufer. Kann ja auch sein das meine Mail-Adreße hierzu genommen wird und gar nichts über meinen PC verschickt wird. Von der anderen Mail-Adreße meiner Frau gleicher PC und Provider und auch über Windows Live kommen keine Rückläufer. Das blöde ist, dass meine IP-Adreße auf einer Blacklist steht und somit viele Mails nicht zugestellt werden. |
13.01.2014, 10:35 | #8 |
/// the machine /// TB-Ausbilder | Über meine Mail-Adreße wird Spam versendet Das dauert bis die da gelöscht wird. Aber solche Accs werden online gehackt, Spoofing, da ist nichts mit dem Rechner ansich.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.01.2014, 15:15 | #9 |
| Über meine Mail-Adreße wird Spam versendet mein rechner ist also i.O. ? |
14.01.2014, 09:57 | #10 |
/// the machine /// TB-Ausbilder | Über meine Mail-Adreße wird Spam versendet Ja
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.01.2014, 15:50 | #11 |
| Über meine Mail-Adreße wird Spam versendet OK. Danke Spende folgt. |
15.01.2014, 09:57 | #12 |
/// the machine /// TB-Ausbilder | Über meine Mail-Adreße wird Spam versendet Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Über meine Mail-Adreße wird Spam versendet |
bereit, blacklist, client, code, dns, e-mail, euro, excel, failed, folge, ide, mails, medion, microsoft, neue, nichts, online, remote, scan, scanner, server, service, smtp, spam, suche, teams, trojaner |