| |  Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert
 Hallo,
mein Win7 Sicherheitscenter ist deaktiviert und deaktiviert sich nach aktivieren sofort wieder automatisch.
MS Security Essentials habe ich deainstalliert und ESET NOD installiert.
Es wurden keine Viren, etc. gefunden.
Habe im folgenden die OTL-LOGs, mit der Bitte um Hilfe: Zitat:
OTL logfile created on: 11.12.2012 19:12:53 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mekle\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,92 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 54,59% Memory free
5,83 Gb Paging File | 4,65 Gb Available in Paging File | 79,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,41 Gb Total Space | 903,21 Gb Free Space | 96,97% Space Free | Partition Type: NTFS
Drive G: | 931,41 Gb Total Space | 903,49 Gb Free Space | 97,00% Space Free | Partition Type: NTFS
Drive Y: | 931,41 Gb Total Space | 903,49 Gb Free Space | 97,00% Space Free | Partition Type: NTFS
Drive Z: | 1863,01 Gb Total Space | 669,07 Gb Free Space | 35,91% Space Free | Partition Type: NTFS
Computer Name: MEKLE-PC1 | User Name: Mekle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.12.11 18:22:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mekle\Downloads\OTL.exe
PRC - [2012.11.05 10:29:41 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.31 15:02:02 | 007,553,448 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.08.31 15:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.08.31 15:02:02 | 002,282,920 | ---- | M] (TeamViewer GmbH) -- c:\Programme\TeamViewer\Version7\TeamViewer_Desktop.exe
PRC - [2012.08.31 14:55:18 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\tv_w32.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.22 10:46:00 | 000,814,264 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.11.22 10:45:36 | 002,219,184 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.20 17:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.20 17:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 22:29:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.03.30 09:53:32 | 000,153,464 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe
PRC - [2010.03.30 09:52:24 | 000,121,720 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Fernzugang\certsrv.exe
PRC - [2010.03.30 09:51:30 | 000,254,328 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Fernzugang\avmike.exe
PRC - [2007.08.03 11:51:18 | 001,422,632 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.08.03 11:51:06 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2006.06.01 20:06:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
========== Modules (No Company Name) ==========
MOD - [2012.11.05 10:29:25 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010.12.16 09:37:54 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2007.03.13 10:28:36 | 000,823,296 | ---- | M] () -- C:\Programme\Common Files\Nero\Lib\log4cxx.dll
========== Services (SafeList) ==========
SRV - [2012.11.22 09:57:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.05 10:29:40 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.31 15:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.22 10:49:34 | 000,033,584 | ---- | M] (ESET) [On_Demand | Unknown] -- C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011.11.22 10:46:00 | 000,814,264 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010.12.20 17:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.20 17:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.03.30 09:53:32 | 000,153,464 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)
SRV - [2010.03.30 09:52:24 | 000,121,720 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\certsrv.exe -- (certsrv)
SRV - [2010.03.30 09:51:30 | 000,254,328 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\avmike.exe -- (avmike)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.06.01 20:06:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2006.06.01 20:06:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.11.21 07:16:32 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011.11.21 07:16:32 | 000,095,384 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011.11.21 07:16:30 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010.12.08 17:17:40 | 000,292,840 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV - [2010.12.08 17:17:40 | 000,095,720 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.19 15:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010.10.14 17:27:18 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.03.30 09:51:50 | 000,335,224 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmnwim.sys -- (NWIM)
DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 05 E5 78 EC 49 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searct Engine Components\UNS\UNS.exe
IE - HKCU\..\SearchScopes\{EA7847C3-C30D-4114-AEBE-A7B8801505CB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.05 10:29:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.05 10:29:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.12.11 17:32:13 | 000,000,000 | ---D | M]
[2012.12.11 18:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mekle\AppData\Roaming\mozilla\Extensions
[2012.11.05 10:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.05 10:29:41 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.06 16:42:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.08 08:32:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.06 16:42:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.06 16:42:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.06 16:42:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.06 16:42:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6D3AA91-2B71-4EB8-9E8A-6E91481E4737}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.12.11 18:43:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.11 18:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.11 18:38:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.11 18:38:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.11 18:38:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.11 18:38:56 | 000,000,000 | --SD | C] -- C:\cofi
[2012.12.11 18:37:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.11 18:37:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.11 18:14:44 | 000,000,000 | ---D | C] -- C:\Users\Mekle\AppData\Roaming\Malwarebytes
[2012.12.11 18:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.11 18:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.11 18:14:27 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.11 18:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.11 18:04:27 | 000,000,000 | ---D | C] -- C:\Users\Mekle\AppData\Roaming\Mozilla
[2012.12.11 18:04:27 | 000,000,000 | ---D | C] -- C:\Users\Mekle\AppData\Local\Mozilla
[2012.12.11 17:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012.12.11 17:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.12.11 16:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.12.11 16:20:25 | 000,000,000 | ---D | C] -- C:\Users\Mekle\AppData\Roaming\QuickScan
[2012.11.23 03:01:23 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.23 03:01:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.23 03:01:05 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.23 03:01:05 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.23 03:01:04 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.23 03:00:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.23 03:00:43 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.23 03:00:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.23 03:00:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.23 03:00:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.23 03:00:42 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.23 03:00:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.23 03:00:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.22 09:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.11.16 05:06:19 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.16 05:06:18 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.16 05:06:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.16 05:06:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.16 05:06:16 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.16 05:06:15 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.16 05:06:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
========== Files - Modified Within 30 Days ==========
[2012.12.11 18:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.11 18:14:28 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.11 17:27:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.12.11 17:27:08 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 17:27:08 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 17:13:08 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012.12.11 16:21:17 | 000,672,062 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.11 16:21:17 | 000,623,058 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.11 16:21:17 | 000,135,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.11 16:21:17 | 000,111,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.11 16:14:48 | 000,000,512 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.12.11 16:14:21 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\WIRIAJWLI.job
[2012.12.11 16:14:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.11 16:14:09 | 2347,687,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.10 13:43:20 | 000,005,632 | ---- | M] () -- C:\DTAUS1
[2012.12.07 15:19:59 | 000,114,688 | RHS- | M] () -- C:\Windows\System32\bdeuii.dll
[2012.12.05 12:39:43 | 000,025,344 | ---- | M] () -- C:\Users\Mekle\Desktop\ED00001
[2012.12.05 12:39:43 | 000,000,256 | ---- | M] () -- C:\Users\Mekle\Desktop\EV01
[2012.11.23 03:22:07 | 000,407,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.22 09:57:57 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.22 09:57:57 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2012.12.11 18:38:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.11 18:38:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.11 18:38:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.11 18:38:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.11 18:38:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.11 18:14:28 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.11 17:13:08 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012.12.07 15:19:59 | 000,114,688 | RHS- | C] () -- C:\Windows\System32\bdeuii.dll
[2012.12.07 15:19:59 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\WIRIAJWLI.job
[2012.12.05 12:39:43 | 000,025,344 | ---- | C] () -- C:\Users\Mekle\Desktop\ED00001
[2012.12.05 12:39:43 | 000,000,256 | ---- | C] () -- C:\Users\Mekle\Desktop\EV01
[2012.11.23 03:01:24 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.23 03:01:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.04.26 16:13:54 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.08.12 19:22:20 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.08.12 17:50:03 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.08.12 17:49:56 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.08.12 17:49:52 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011.08.12 17:49:52 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011.08.12 17:49:52 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM08A.DAT
[2011.08.12 17:49:17 | 000,000,074 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.07.24 17:10:16 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011.07.24 12:38:29 | 000,000,512 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.24 10:39:14 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.07.24 10:39:14 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.07.24 10:39:14 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.07.24 10:34:59 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.07.24 10:31:37 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.07.24 10:31:35 | 000,024,168 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.04.12 02:30:05 | 000,672,062 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 02:30:05 | 000,135,428 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.03.26 00:10:22 | 000,216,876 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011.03.26 00:10:20 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011.03.25 23:33:52 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011.09.20 13:06:08 | 000,000,000 | ---D | M] -- C:\Users\Mekle\AppData\Roaming\AVM
[2011.07.24 10:45:23 | 000,000,000 | ---D | M] -- C:\Users\Mekle\AppData\Roaming\GHISLER
[2012.12.11 16:20:28 | 000,000,000 | ---D | M] -- C:\Users\Mekle\AppData\Roaming\QuickScan
[2012.01.05 13:03:51 | 000,000,000 | ---D | M] -- C:\Users\Mekle\AppData\Roaming\TeamViewer
[2012.08.06 14:51:04 | 000,000,000 | ---D | M] -- C:\Users\Mekle\AppData\Roaming\XnView
========== Purity Check ==========
< End of report >
| Zitat:
OTL Extras logfile created on: 11.12.2012 19:12:53 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mekle\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,92 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 54,59% Memory free
5,83 Gb Paging File | 4,65 Gb Available in Paging File | 79,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,41 Gb Total Space | 903,21 Gb Free Space | 96,97% Space Free | Partition Type: NTFS
Drive G: | 931,41 Gb Total Space | 903,49 Gb Free Space | 97,00% Space Free | Partition Type: NTFS
Drive Y: | 931,41 Gb Total Space | 903,49 Gb Free Space | 97,00% Space Free | Partition Type: NTFS
Drive Z: | 1863,01 Gb Total Space | 669,07 Gb Free Space | 35,91% Space Free | Partition Type: NTFS
Computer Name: MEKLE-PC1 | User Name: Mekle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F2ED780-869D-4D5E-94FA-7CE82437BD08}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{36059ACD-2DC6-4A65-9111-261DF5BE5D0C}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{36735128-9FD0-4F7A-AB1D-40E3DC527DA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F4EBD40-4E00-4EE2-8C25-B662BC5EF2F5}" = rport=139 | protocol=6 | dir=out | app=system |
"{43A945FD-F8A0-4C86-BB0D-CE090F6B46AD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5C97E992-28CC-4989-9ACD-BDDD4EADA4DE}" = lport=445 | protocol=6 | dir=in | app=system |
"{60EECA66-D102-422F-89A8-4AC107851DA2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DF6FED3-1092-455C-B549-837EE56CD688}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78168E21-4903-4B1B-9711-6BE1F128479C}" = lport=138 | protocol=17 | dir=in | app=system |
"{7C1E7AE7-DB43-4ED0-8EB5-9DE04C6DCCD7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{810130AC-AA4B-4643-9D4B-BC226E4763A6}" = rport=137 | protocol=17 | dir=out | app=system |
"{892B93CC-21C2-43C3-A511-60D7E9C4B543}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A61EF88-948D-4C4C-94B6-A41BBE476686}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9E314E3D-8FB2-4206-BD24-AB3961C2BBD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A24640BE-A1CC-4024-A7CD-02480A0E4CB0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6A3D918-CE47-4157-A89A-EB2C76092935}" = lport=139 | protocol=6 | dir=in | app=system |
"{AE00A7FB-42D4-49D5-91DB-2E342BDB1F5D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BF95743D-1ED5-4A71-943A-BA7E1EBC8523}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{CEECAD2F-DE2F-4ECE-88B1-BE9869B189EA}" = rport=138 | protocol=17 | dir=out | app=system |
"{DBD61792-39BA-4BB2-806A-279EC0FB7AC7}" = lport=137 | protocol=17 | dir=in | app=system |
"{E207E2B1-C7E9-47CD-9356-9DB40C6B6513}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E261DE5F-BBD7-4BC6-A7AF-AB38EBA0AC4F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EDF1689D-7043-40C7-9FE3-0593787A40C8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE4DF942-255C-4F4D-9D82-8EFA94A9A6B0}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A5AB01-F951-4D11-A505-7A10314ED1DC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{309FF97B-99CD-4DC4-99B7-E0E8FB731048}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{30EB57F1-CADC-4BF1-9C5B-F1E75D18A6C7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{3A1BD43D-662C-4CCA-A6AA-4FB2D9317C6A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4A8A22E8-22C3-4912-B53E-8C24DD96C298}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{4E35B8D9-2FED-48D7-9464-2DA9DB6E003B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C7B51EEE-BC1C-4AC0-898E-DD72E0C0C622}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D44A5FCE-753E-45A1-884F-245DBEFF5080}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E3D755FB-D421-4991-B9D6-FAA233A5A8E4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"TCP Query User{B6E70F2C-8D73-4A29-984E-5C107FB513EB}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{201B6123-0EA1-48A8-8DA0-ECC46C4CCF7E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{27431F11-1288-4ED1-BDBB-43A8E4C19BBE}" = ESET NOD32 Antivirus
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5DC36978-AB9A-4A23-9C12-D90D2BB781B7}" = AVM FRITZ!Fernzugang
"{5DF6D752-00FB-4FE3-A3C6-7C09279A1031}" = Nero 8
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91A13C30-44F7-4064-AC1A-AA79E2282DC9}" = Brother MFC-8380DN
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A79408B0-345D-42E8-8EB6-00597320B9E0}" = FRITZ!Box-Fernzugang einrichten
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"TeamViewer 7" = TeamViewer 7
"Totalcmd" = Total Commander (Remove or Repair)
"XnView_is1" = XnView 1.99
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.10.2012 06:18:50 | Computer Name = Mekle-PC1 | Source = WinMgmt | ID = 10
Description =
Error - 23.10.2012 08:55:35 | Computer Name = Mekle-PC1 | Source = VSS | ID = 8194
Description =
Error - 24.10.2012 10:47:17 | Computer Name = Mekle-PC1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859,
Zeitstempel: 0x4fd2d1d9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b4b6d ID des fehlerhaften
Prozesses: 0xdb8 Startzeit der fehlerhaften Anwendung: 0x01cdb108114f1b45 Pfad der
fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung:
b43998a3-1de9-11e2-a0eb-f46d0473a85a
Error - 22.11.2012 04:56:48 | Computer Name = Mekle-PC1 | Source = WinMgmt | ID = 10
Description =
Error - 22.11.2012 22:23:35 | Computer Name = Mekle-PC1 | Source = WinMgmt | ID = 10
Description =
Error - 23.11.2012 04:24:17 | Computer Name = Mekle-PC1 | Source = Application Hang | ID = 1002
Description = Programm VRNetWorld.exe, Version 4.4.0.20 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b78 Startzeit:
01cdc951bc757128 Endzeit: 0 Anwendungspfad: C:\Program Files\VR-NetWorld\VRNetWorld.exe
Berichts-ID:
Error - 23.11.2012 11:08:58 | Computer Name = Mekle-PC1 | Source = VSS | ID = 8194
Description =
Error - 28.11.2012 22:17:52 | Computer Name = Mekle-PC1 | Source = WinMgmt | ID = 10
Description =
Error - 11.12.2012 11:04:10 | Computer Name = Mekle-PC1 | Source = WinMgmt | ID = 10
Description =
Error - 11.12.2012 11:16:05 | Computer Name = Mekle-PC1 | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 20.11.2012 07:32:03 | Computer Name = Mekle-PC1 | Source = Microsoft Antimalware | ID = 2001
Description =
Error - 21.11.2012 07:31:48 | Computer Name = Mekle-PC1 | Source = Microsoft Antimalware | ID = 2001
Description =
Error - 21.11.2012 07:31:48 | Computer Name = Mekle-PC1 | Source = Microsoft Antimalware | ID = 2001
Description =
Error - 21.11.2012 07:31:48 | Computer Name = Mekle-PC1 | Source = Microsoft Antimalware | ID = 2001
Description =
Error - 21.11.2012 07:32:20 | Computer Name = Mekle-PC1 | Source = Microsoft Antimalware | ID = 2001
Description =
Error - 21.11.2012 07:32:20 | Computer Name = Mekle-PC1 | Source = Microsoft Antimalware | ID = 2001
Description =
Error - 22.11.2012 01:49:24 | Computer Name = Mekle-PC1 | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 22.11.2012 02:49:24 | Computer Name = Mekle-PC1 | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Modules Installer konnte nach dem Empfang eines
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error - 28.11.2012 22:15:35 | Computer Name = Mekle-PC1 | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 28.11.2012 22:15:35 | Computer Name = Mekle-PC1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
< End of report >
|
|
11.12.2012, 23:20
WARNUNG an die MITLESER: 
Linear-Darstellung
