Liste der Anhänge anzeigen (Anzahl: 2) Hallo,
danke für die schnelle Antwort, haben nun auch schon alles ausgeführt. Ich hoffe dies war alles richtig.
GMER: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-26 20:02:17
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD3200AAJS-00L7A0 rev.01.03E01 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Birgit\AppData\Local\Temp\pwliipod.sys
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 140D 838549A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 838744F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[1080] kernel32.dll!CreateProcessW 75D7204D 5 Bytes JMP 03C73DC4
.text C:\Windows\Explorer.EXE[1080] ADVAPI32.dll!CreateProcessAsUserW 75E5C592 5 Bytes JMP 03C73B6C
.text C:\Windows\Explorer.EXE[1080] WININET.dll!InternetCloseHandle 75AF3CC2 5 Bytes JMP 03C72B74
.text C:\Windows\Explorer.EXE[1080] WININET.dll!HttpQueryInfoA 75AF6AB7 5 Bytes JMP 03C72AA4
.text C:\Windows\Explorer.EXE[1080] WININET.dll!HttpQueryInfoW 75AF7202 5 Bytes JMP 03C72B0C
.text C:\Windows\Explorer.EXE[1080] WININET.dll!HttpSendRequestW 75AF76E6 5 Bytes JMP 03C704F8
.text C:\Windows\Explorer.EXE[1080] WININET.dll!HttpOpenRequestW 75AF7E1D 5 Bytes JMP 03C6EAC8
.text C:\Windows\Explorer.EXE[1080] WININET.dll!InternetConnectW 75AFAC54 5 Bytes JMP 03C6E1C0
.text C:\Windows\Explorer.EXE[1080] WININET.dll!InternetQueryDataAvailable 75B4A1AD 5 Bytes JMP 03C71400
.text C:\Windows\Explorer.EXE[1080] WININET.dll!InternetReadFile 75B4A5EF 5 Bytes JMP 03C7192C
.text C:\Windows\Explorer.EXE[1080] WININET.dll!InternetReadFileExW 75B51A4B 5 Bytes JMP 03C722DC
.text C:\Windows\Explorer.EXE[1080] WININET.dll!InternetReadFileExA 75B51AA2 5 Bytes JMP 03C71B14
.text C:\Windows\Explorer.EXE[1080] WININET.dll!InternetOpenA 75B6EAF8 5 Bytes JMP 03C6E16C
.text C:\Windows\Explorer.EXE[1080] WININET.dll!InternetConnectA 75B9F6B3 5 Bytes JMP 03C6E3A0
.text C:\Windows\Explorer.EXE[1080] WININET.dll!HttpSendRequestA 75BC5876 5 Bytes JMP 03C6FD80
.text C:\Windows\Explorer.EXE[1080] WININET.dll!HttpOpenRequestA 75BC5B15 5 Bytes JMP 03C6ED1C
.text C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe[1476] kernel32.dll!LoadLibraryA 75DBDC65 5 Bytes JMP 6EC28A00 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll
.text C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe[1476] kernel32.dll!LoadLibraryW 75DBEF42 5 Bytes JMP 6EC28B00 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll
---- Devices - GMER 2.1 ----
Device Ntfs.sys
---- EOF - GMER 2.1 ---- --- --- ---
Und hier nun die beiden von OTL: Code:
OTL logfile created on: 26.05.2013 20:22:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Birgit\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 42,05% Memory free
3,98 Gb Paging File | 2,68 Gb Available in Paging File | 67,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 151,60 Gb Total Space | 115,82 Gb Free Space | 76,39% Space Free | Partition Type: NTFS
Drive F: | 73,24 Gb Total Space | 73,15 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive G: | 73,24 Gb Total Space | 72,32 Gb Free Space | 98,74% Space Free | Partition Type: NTFS
Computer Name: BIRGIT-PC | User Name: Birgit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Birgit\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVG Secure Search\vprot.exe (AVG Secure Search)
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - G:\Program Files\Winamp\winampa.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - G:\Program Files\Winamp\winampa.exe ()
========== Services (SafeList) ==========
SRV - (vToolbarUpdater15.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (HomeNetSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (mfecore) -- C:\Programme\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (pwliipod) -- C:\Users\Birgit\AppData\Local\Temp\pwliipod.sys File not found
DRV - (mfehidk01) -- Device\mfehidk01.sys File not found
DRV - (mfeavfk01) -- File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (mfencbdc) -- C:\Windows\System32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (mfencrk) -- C:\Windows\System32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 AA CE 8F A7 8D CC 01 [binary data]
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\..\SearchScopes\{7B5CA01A-B31A-44C0-AF26-A57AC37C459F}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={34A84444-954B-4525-9E0B-18F0FF9CB43A}&mid=ac5c4a78ef8547d08f48d16d674e316e-8278c3b7f65705ff425e466084d8d9faffd7743e&lang=de&ds=tt014&pr=sa&d=2012-06-18 21:50:59&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\..\SearchScopes\{BBB8935A-7CFF-42DF-BE21-39407D19B4BA}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\..\SearchScopes\{F01B5FD5-F80B-424B-9227-13D42435B54B}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013.05.21 18:34:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.17 21:25:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.05.15 00:27:35 | 000,000,000 | ---D | M]
[2009.11.12 12:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Birgit\AppData\Roaming\mozilla\Extensions
[2013.05.16 09:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Birgit\AppData\Roaming\mozilla\Firefox\Profiles\69h2jno8.default-1368374865999\extensions
[2013.05.15 18:36:11 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Users\Birgit\AppData\Roaming\mozilla\Firefox\Profiles\69h2jno8.default-1368374865999\extensions\toolbar@web.de
[2013.05.15 18:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.13 21:25:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.05.15 18:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.15 18:35:42 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.15 18:35:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2013.05.15 18:35:36 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2013.02.18 18:05:44 | 000,003,716 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.11.05 20:55:16 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [EPSON Stylus DX4200 Series (Kopie 2)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe (AVG Secure Search)
O4 - HKLM..\Run: [WinampAgent] G:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001..\Run: [eusjjuzo] C:\Users\Birgit\AppData\Local\Temp\Tjjjjddd\trhhjuzo.exe File not found
O4 - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001..\Run: [logonlu] C:\Users\Birgit\AppData\Roaming\logonlu.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1927379034-2377334715-2021402304-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - G:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.15.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BD6E281-B078-4E2F-9FF4-AF438F1B980B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFD1A7DD-A6C4-4203-912A-CD17F0439D14}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.26 20:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013.05.17 20:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.05.15 19:09:34 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.15 19:09:33 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.15 19:09:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.15 19:09:33 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.15 19:09:32 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.15 19:09:32 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.15 19:09:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.15 19:09:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.15 19:09:32 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.15 19:09:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.15 17:47:05 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 17:46:59 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 17:44:19 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 17:44:09 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 17:44:09 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[4 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.05.26 20:02:07 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2013.05.26 19:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.26 19:39:27 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.26 19:39:27 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.26 19:36:44 | 000,000,000 | ---- | M] () -- C:\Users\Birgit\defogger_reenable
[2013.05.26 19:32:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.21 18:34:18 | 000,003,716 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013.05.21 18:33:34 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.05.17 20:28:26 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.05.17 20:28:26 | 000,002,124 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.05.16 09:17:33 | 000,409,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 19:07:10 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.15 19:07:10 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.15 19:07:10 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.15 19:07:10 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.15 18:35:46 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.15 00:56:30 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 00:56:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[4 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.05.26 19:36:44 | 000,000,000 | ---- | C] () -- C:\Users\Birgit\defogger_reenable
[2013.05.21 18:33:55 | 000,003,716 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013.05.17 20:28:26 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.05.13 21:16:14 | 000,409,400 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.01 18:12:40 | 000,004,096 | -H-- | C] () -- C:\Users\Birgit\AppData\Local\keyfile3.drm
[2009.11.14 19:14:57 | 000,029,155 | ---- | C] () -- C:\Users\Birgit\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2009.11.12 12:26:56 | 000,000,017 | ---- | C] () -- C:\Users\Birgit\AppData\Local\resmon.resmoncfg
[2009.07.14 01:11:09 | 000,270,397 | ---- | C] () -- C:\Users\Birgit\AppData\Roaming\logonlu.exe
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.03.21 00:27:43 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\1&1 Mail & Media GmbH
[2010.02.26 13:41:04 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\Buhl Data Service
[2010.07.20 16:35:17 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\EPSON
[2013.03.14 09:55:52 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\TuneUp Software
========== Purity Check ==========
< End of report > --- --- ---
Hier der zweite Teil
OTL Logfile: Code:
OTL Extras logfile created on: 26.05.2013 20:22:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Birgit\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 42,05% Memory free
3,98 Gb Paging File | 2,68 Gb Available in Paging File | 67,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 151,60 Gb Total Space | 115,82 Gb Free Space | 76,39% Space Free | Partition Type: NTFS
Drive F: | 73,24 Gb Total Space | 73,15 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive G: | 73,24 Gb Total Space | 72,32 Gb Free Space | 98,74% Space Free | Partition Type: NTFS
Computer Name: BIRGIT-PC | User Name: Birgit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1927379034-2377334715-2021402304-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "G:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "G:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "G:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "G:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "G:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{45F54443-99BC-4F07-9810-32DF8F0016E3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45FE65DE-4FF5-4E20-A888-6BFCB394ABEC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CD21325-092B-491F-A977-EB37C3DA2688}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{544C644A-C10C-43B2-B78C-1C6E183DAB93}" = rport=138 | protocol=17 | dir=out | app=system |
"{5D48F2ED-835D-4E44-B165-41C7B5DE0D0B}" = lport=139 | protocol=6 | dir=in | app=system |
"{601F02DC-CFEE-4C52-878E-800888AE7E40}" = lport=445 | protocol=6 | dir=in | app=system |
"{6864E035-58EB-47CF-B562-7646C2E1EBC7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{716A98CE-649C-4029-AA8B-1B53572CFD05}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7292F5DA-45EE-42E9-A775-BC545483311B}" = rport=137 | protocol=17 | dir=out | app=system |
"{76899BDB-CDCF-4196-BAFB-33109752B8A9}" = rport=445 | protocol=6 | dir=out | app=system |
"{7A8F4408-BAFB-4994-A495-E8594F507D7D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{81E36702-454C-44E6-8FFC-815CF15B2B20}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E22EAA4-C5AC-4A09-A0BD-C36A1A3B6061}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9FCC3C67-3DF7-450E-938B-6358F1BE9A2C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A83C4EAC-A94E-4FD7-9FB6-24608E25AB09}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB9FB468-2F6F-4501-9C9F-7DCB2E756A28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B74F8518-B047-4642-964D-BF1133702E48}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5C2971F-96C6-40B4-A580-ECE7DF9BA003}" = lport=138 | protocol=17 | dir=in | app=system |
"{CC951E15-D4A3-4AD6-A474-132B01924FC6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E5623EAA-3AED-4595-969D-02A9898C5A55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4733CD8-6B67-4BD4-91CD-6E98DE6DDC26}" = rport=139 | protocol=6 | dir=out | app=system |
"{F53819F3-A7FA-49D3-BECC-3CAFE1B589C4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FD3D9FA1-3068-4835-AE4C-0281C07E79E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C0C1E48-A9D9-4618-9FBA-40E4F85589AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2195C3A9-BBCA-464F-A174-F33C0F287EB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A1BF7DA-7BFD-4AC3-81A8-11E4FE65D7AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33E3120B-4A7F-42FF-9127-62FAA70840DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39822EAB-EA8B-4059-B7DA-6BD2A38538BE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{423CC2FF-B54D-4901-BB6C-867F6CD31C90}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4E62590A-9E8E-42B6-A377-4CEEFEA134A8}" = protocol=6 | dir=out | app=system |
"{776F1383-B055-4A37-812E-2DC6C9C8EEF2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{7F8CDC50-CCC3-47DF-9350-ED49252D5D49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{819FDF23-D437-4A3A-8D78-6F729D91E302}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8401E91A-1EB8-461C-9A33-94B9B1957BE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8A3B76CD-47C8-4D63-8AB7-B7A097905B65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BB58078B-A0F4-4FFC-8C15-546ED965DF3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF9919E7-98C3-40D6-A86E-B901D27A6AAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CE0B6F19-160C-46EB-B251-12380E82BF46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0CE078F-3A3C-40C2-94D3-BA0C550D212A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9D05420-21CE-4E62-8130-5C72EECBD756}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E293071A-1221-4C17-B8BE-F93E7311ED95}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777afb2a-98e5-4f14-b455-378a925cae15}.sdb" = CVE-2012-4969
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{BE7785D6-045F-44FB-A1E4-3FA555874415}" = pdfforge Toolbar v7.0
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE MailCheck für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE MailCheck für Internet Explorer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Digital Camera Driver" = Digital Camera Driver
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.6
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1927379034-2377334715-2021402304-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.08.2012 12:53:09 | Computer Name = Birgit-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: a04 Startzeit: 01cd7971a65f0d88 Endzeit: 47 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 539f4ac0-e567-11e1-a8c5-002421aad89d
Error - 13.08.2012 13:44:23 | Computer Name = Birgit-PC | Source = VSS | ID = 8194
Description =
Error - 13.08.2012 13:47:58 | Computer Name = Birgit-PC | Source = VSS | ID = 8194
Description =
Error - 24.08.2012 04:49:06 | Computer Name = Birgit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
Version: 11.3.300.271, Zeitstempel: 0x5026ffac Name des fehlerhaften Moduls: FlashPlayerPlugin_11_3_300_271.exe,
Version: 11.3.300.271, Zeitstempel: 0x5026ffac Ausnahmecode: 0xc0000005 Fehleroffset:
0x00029457 ID des fehlerhaften Prozesses: 0x978 Startzeit der fehlerhaften Anwendung:
0x01cd81d3f07070b7 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Berichtskennung:
8fcd35db-edc8-11e1-9b2e-002421aad89d
Error - 26.08.2012 14:58:03 | Computer Name = Birgit-PC | Source = VSS | ID = 8194
Description =
Error - 26.08.2012 14:58:41 | Computer Name = Birgit-PC | Source = VSS | ID = 8194
Description =
Error - 27.08.2012 14:58:08 | Computer Name = Birgit-PC | Source = VSS | ID = 8194
Description =
Error - 27.08.2012 14:59:37 | Computer Name = Birgit-PC | Source = VSS | ID = 8194
Description =
Error - 28.08.2012 14:58:13 | Computer Name = Birgit-PC | Source = VSS | ID = 8194
Description =
Error - 28.08.2012 14:59:09 | Computer Name = Birgit-PC | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 23.05.2013 14:14:35 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
McAfee Platform Services erreicht.
Error - 23.05.2013 14:14:35 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 23.05.2013 14:14:35 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
McAfee Platform Services erreicht.
Error - 23.05.2013 14:14:35 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 23.05.2013 14:14:36 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
McAfee Platform Services erreicht.
Error - 23.05.2013 14:14:36 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 23.05.2013 14:14:36 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
McAfee Platform Services erreicht.
Error - 23.05.2013 14:14:36 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 24.05.2013 12:28:07 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee Anti-Malware Core" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 26.05.2013 02:40:05 | Computer Name = Birgit-PC | Source = DCOM | ID = 10010
Description =
< End of report > --- --- ---
Im Anhang befinden sich die Daten von Mcafee, ich hoffe diese sind so ausreichend, ansonsten muss ich nochmal schauen. Vielen Dank schon einmal im Voraus für die Hilfe. |