| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Webseiten werden auf Werbung umgeleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.05.2014, 06:13
| #9 |
 |  Windows 7: Webseiten werden auf Werbung umgeleitet Hallo Matthias, sorry dass es so lange gedauert hat. Hier die Logfiles. Drei verdächtige Dinge sind mir noch aufgefallen: 1.)Obwohl Avira Antivir installiert und aktualisiert ist, meldet mir das Windows Sicherheitscenter seit den letzten Schritten, es solle online nach einem Virenschutz gesucht werden. 2.) Firefox kann manchmal nicht neu gestartet werden, da noch dem Schliessen von Firefox noch Firefox-Prozesse weiterlaufen. 3.) ESET habe ich über Nacht laufen lassen. Morgens war der Rechner neu gebootet. Ist ESET komplett durchgelaufen? War der Neustart wegen einem Update? Nun zu den Logs: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2014 01
Ran by Admin-***** at 2014-05-13 19:39:20 Run:1
Running from C:\Users\Admin-*****\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_13_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztCyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyByDtB0DyCtAzytGzyzy0CyBtG0DtB0E0BtG0BzytDzztGyCtAyByEyE0F0EyByDtAyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1430135974&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_13_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztCyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyByDtB0DyCtAzytGzyzy0CyBtG0DtB0E0BtG0BzytDzztGyCtAyByEyE0F0EyByDtAyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1430135974&ir=
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Task: {351B6D0A-1F23-45F3-B67D-DA31D5B2A5F7} - \Freemium1ClickMaint No Task File <==== ATTENTION
Task: {461B3278-D291-4145-AC48-736CBC027E5A} - \pricemetertask No Task File <==== ATTENTION
Task: {59822E90-B4D5-4FB3-951B-F6C986C7B3B2} - System32\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6} => C:\Program Files\V-bates\PrefHelper.exe
Task: {5FBFA157-E3E2-47B8-BCB0-8D5077B9974A} - \pricemeterwatcher No Task File <==== ATTENTION
Task: {7882B8C7-28A6-4837-83C3-BC1F6826A8DA} - \MySearchDial No Task File <==== ATTENTION
Task: {798496F1-23F1-4B3E-9353-4B32AD0C79A8} - \AppCloudUpdater No Task File <==== ATTENTION
Task: {860AE3E8-F2DB-4589-B7A4-FCB0EB171FBB} - \Software Updater No Task File <==== ATTENTION
Task: {E118032A-D576-4A50-A416-D76DED81F3D4} - \Software Updater Ui No Task File <==== ATTENTION
Task: {FCDAFE7E-38F2-44E9-BEBD-EFC0CAB5E099} - \pricemeterdownloader No Task File <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6}.job => C:\Program Files\V-bates\PrefHelper.exe
end
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{351B6D0A-1F23-45F3-B67D-DA31D5B2A5F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{351B6D0A-1F23-45F3-B67D-DA31D5B2A5F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Freemium1ClickMaint => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{461B3278-D291-4145-AC48-736CBC027E5A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{461B3278-D291-4145-AC48-736CBC027E5A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemetertask => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59822E90-B4D5-4FB3-951B-F6C986C7B3B2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59822E90-B4D5-4FB3-951B-F6C986C7B3B2} => Key deleted successfully.
C:\Windows\System32\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FBFA157-E3E2-47B8-BCB0-8D5077B9974A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FBFA157-E3E2-47B8-BCB0-8D5077B9974A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemeterwatcher => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7882B8C7-28A6-4837-83C3-BC1F6826A8DA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7882B8C7-28A6-4837-83C3-BC1F6826A8DA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{798496F1-23F1-4B3E-9353-4B32AD0C79A8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{798496F1-23F1-4B3E-9353-4B32AD0C79A8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AppCloudUpdater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{860AE3E8-F2DB-4589-B7A4-FCB0EB171FBB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{860AE3E8-F2DB-4589-B7A4-FCB0EB171FBB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E118032A-D576-4A50-A416-D76DED81F3D4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E118032A-D576-4A50-A416-D76DED81F3D4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater Ui => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCDAFE7E-38F2-44E9-BEBD-EFC0CAB5E099} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCDAFE7E-38F2-44E9-BEBD-EFC0CAB5E099} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemeterdownloader => Key deleted successfully.
C:\Windows\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6}.job => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5adaf8bdd048584aa0ab3bcf174081eb
# engine=18249
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-13 07:46:05
# local_time=2014-05-13 09:46:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 358955 6692701 355818 0
# compatibility_mode=5893 16776573 100 94 6694 151640215 0 0
# scanned=178191
# found=5
# cleaned=0
# scan_time=1021
sh=899E491061E1CCB206825E33B5FB88FEEFC4BBDD ft=1 fh=b2989eccae0e3316 vn="Variante von Win32/VOPackage.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=AF4D935A409D77A8BBB1EEB39261043A5DC5EB2D ft=1 fh=3a4703d3780aad2d vn="Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\HQVid8.1-bg.exe"
sh=A8B9FF7CA32721ADCBC5713986BA6F9B0F65994C ft=1 fh=cb4f981183719470 vn="Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\HQVid8.1-codedownloader.exe"
sh=FAB0D76B42D555C26B383CD0AE80D169F1C0461A ft=1 fh=5fed45c248d4392b vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="E:\000_INSTALL\140501_Audiograbber v1.83 SE\download_audiograbber.exe"
sh=33C25EC1CB2766E31D1DD191F5E4DAE42F3127D3 ft=1 fh=653a61e4e3d0f8f7 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="E:\000_INSTALL\140501_Audiograbber v1.83 SE\download_audiograbber_mp3_plugin.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5adaf8bdd048584aa0ab3bcf174081eb
# engine=18249
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-13 09:37:40
# local_time=2014-05-13 11:37:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 365650 6699396 362513 0
# compatibility_mode=5893 16776573 100 94 13389 151646910 0 0
# scanned=178191
# found=7
# cleaned=0
# scan_time=6581
sh=899E491061E1CCB206825E33B5FB88FEEFC4BBDD ft=1 fh=b2989eccae0e3316 vn="Variante von Win32/VOPackage.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=9A2F4FB4725ABE42A650A6EDE1F111A86F5FC167 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\53172.crx"
sh=C402C2CF6A893EFB1FA4DA4AB15F5B821D0306CB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\53172.xpi"
sh=AF4D935A409D77A8BBB1EEB39261043A5DC5EB2D ft=1 fh=3a4703d3780aad2d vn="Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\HQVid8.1-bg.exe"
sh=A8B9FF7CA32721ADCBC5713986BA6F9B0F65994C ft=1 fh=cb4f981183719470 vn="Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HQVid8.1\HQVid8.1-codedownloader.exe"
sh=FAB0D76B42D555C26B383CD0AE80D169F1C0461A ft=1 fh=5fed45c248d4392b vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="E:\000_INSTALL\140501_Audiograbber v1.83 SE\download_audiograbber.exe"
sh=33C25EC1CB2766E31D1DD191F5E4DAE42F3127D3 ft=1 fh=653a61e4e3d0f8f7 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="E:\000_INSTALL\140501_Audiograbber v1.83 SE\download_audiograbber_mp3_plugin.exe"
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 06:51 on 14/05/2014 by Admin-*****
Administrator - Elevation successful
========== regfind ==========
Searching for "HQVid8.1"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\HQVid8.1]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HQVid8.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{135746c0-4eae-48b5-aeba-02062fed1687}]
"AppName"="HQVid8.1-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{135746c0-4eae-48b5-aeba-02062fed1687}]
"AppPath"="C:\Program Files (x86)\HQVid8.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e9cbd66-61a4-4497-9313-6a643a5e9c05}]
"AppName"="HQVid8.1-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e9cbd66-61a4-4497-9313-6a643a5e9c05}]
"AppPath"="C:\Program Files (x86)\HQVid8.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\HQVid8.1\Uninstall.exe"="VISTARTM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HQVid8.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{135746c0-4eae-48b5-aeba-02062fed1687}]
"AppName"="HQVid8.1-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{135746c0-4eae-48b5-aeba-02062fed1687}]
"AppPath"="C:\Program Files (x86)\HQVid8.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e9cbd66-61a4-4497-9313-6a643a5e9c05}]
"AppName"="HQVid8.1-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e9cbd66-61a4-4497-9313-6a643a5e9c05}]
"AppPath"="C:\Program Files (x86)\HQVid8.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HQVid8.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HQVid8.1]
"DisplayName"="HQVid8.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HQVid8.1]
"DisplayIcon"="C:\Program Files (x86)\HQVid8.1\utils.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HQVid8.1]
"UninstallString"="C:\Program Files (x86)\HQVid8.1\Uninstall.exe /fromcontrolpanel=1"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HQVid8.1]
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HQVid8.1]
[HKEY_USERS\S-1-5-21-1673328631-1222144369-1283111628-1006\Software\AppDataLow\Software\HQVid8.1]
[HKEY_USERS\S-1-5-21-1673328631-1222144369-1283111628-1006\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HQVid8.1]
[HKEY_USERS\S-1-5-21-1673328631-1222144369-1283111628-1006_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HQVid8.1]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HQVid8.1]
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HQVid8.1]
Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{41290DB4-0C21-46ad-9A12-C40FD90E1B0B}]
"Wireless.GlobalChanged"="<?xml version="1.0"?>
<WirelessGlobalDeviceInfoOutput xmlns="schemas-hp-com.casl">
<Output>
<Data>
<Capabilities>
<NumberOfPowerSources>4</NumberOfPowerSources>
<GlobalFeatures>
<WWANAntenna>true</WWANAntenna>
<GPSIncluded>true</GPSIncluded>
</GlobalFeatures>
</Capabilities>
<Devices>
<Device>
<TechnologyType>Bluetooth</TechnologyType>
<BusType>USB</BusType>
<VendorID>03F0</VendorID>
<DeviceID>231D</DeviceID>
<SubVendorID>0000</SubVendorID>
<SubSystemID>0000</SubSystemID>
<PowerSource>1</PowerSource>
<CurrentState>off</CurrentState>
<LastRequestedState>
<WMI Changed="false">on</WMI>
<F10 Changed="false">on</F10>
<HardwareButton Changed="true">on</Ha
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{41290DB4-0C21-46ad-9A12-C40FD90E1B0B}]
"Wireless.GlobalChanged.2.0"="<?xml version="1.0"?>
<WirelessGlobalDeviceInfoOutput2 xmlns="schemas-hp-com.casl">
<Output>
<Data>
<Capabilities>
<NumberOfPowerSources>4</NumberOfPowerSources>
<GlobalFeatures>
<WWANAntenna>true</WWANAntenna>
<GPSIncluded>true</GPSIncluded>
</GlobalFeatures>
</Capabilities>
<Devices>
<Device>
<TechnologyType>Bluetooth</TechnologyType>
<BusType>USB</BusType>
<VendorID>03F0</VendorID>
<DeviceID>231D</DeviceID>
<SubVendorID>0000</SubVendorID>
<SubSystemID>0000</SubSystemID>
<PowerSource>1</PowerSource>
<CurrentState>off</CurrentState>
<LastRequestedState>
<WMI>on</WMI>
<F10>on</F10>
<HardwareButton>off</HardwareButton>
</LastRequestedS
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Hewlett-Packard\HP Software Framework\{41290DB4-0C21-46ad-9A12-C40FD90E1B0B}]
"Wireless.GlobalChanged"="<?xml version="1.0"?>
<WirelessGlobalDeviceInfoOutput xmlns="schemas-hp-com.casl">
<Output>
<Data>
<Capabilities>
<NumberOfPowerSources>4</NumberOfPowerSources>
<GlobalFeatures>
<WWANAntenna>true</WWANAntenna>
<GPSIncluded>true</GPSIncluded>
</GlobalFeatures>
</Capabilities>
<Devices>
<Device>
<TechnologyType>Bluetooth</TechnologyType>
<BusType>USB</BusType>
<VendorID>03F0</VendorID>
<DeviceID>231D</DeviceID>
<SubVendorID>0000</SubVendorID>
<SubSystemID>0000</SubSystemID>
<PowerSource>1</PowerSource>
<CurrentState>off</CurrentState>
<LastRequestedState>
<WMI Changed="false">on</WMI>
<F10 Changed="false">on</F10>
<HardwareButton Changed="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Hewlett-Packard\HP Software Framework\{41290DB4-0C21-46ad-9A12-C40FD90E1B0B}]
"Wireless.GlobalChanged.2.0"="<?xml version="1.0"?>
<WirelessGlobalDeviceInfoOutput2 xmlns="schemas-hp-com.casl">
<Output>
<Data>
<Capabilities>
<NumberOfPowerSources>4</NumberOfPowerSources>
<GlobalFeatures>
<WWANAntenna>true</WWANAntenna>
<GPSIncluded>true</GPSIncluded>
</GlobalFeatures>
</Capabilities>
<Devices>
<Device>
<TechnologyType>Bluetooth</TechnologyType>
<BusType>USB</BusType>
<VendorID>03F0</VendorID>
<DeviceID>231D</DeviceID>
<SubVendorID>0000</SubVendorID>
<SubSystemID>0000</SubSystemID>
<PowerSource>1</PowerSource>
<CurrentState>off</CurrentState>
<LastRequestedState>
<WMI>on</WMI>
<F10>on</F10>
<HardwareButton>off</HardwareButton>
</La
-= EOF =-
Code:
ATTFilter Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
Baum-Darstellung