|
Plagegeister aller Art und deren Bekämpfung: Windows Sicherheitscenter kann nicht gestartet werdem werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.11.2012, 18:46 | #1 |
| Windows Sicherheitscenter kann nicht gestartet werdem werden Hallo Zusammen, Guten Tag, bin neu hier und komme gleich mal mit einem Problem Ich glaube, ich habe mir was eingefangen: - Windows Sicherheits Center kann nicht aktiviert werden - Firewall kann nichtaktiviert werden - Systemwiderherstellung funktioniert nicht Mein Virenscanner ist Avira Premium 2012, der findt nichts. Kapersky Rescue Disk hatwas gefunden, habe leider vergessen was. Malwarebytes hat was gefunden und in Quarantäne geschoben 3 x PUM.Disable.SecurtyCenter 1 x PUP.BundleInstaller.BI 1 x Hijack.UaserInit 2 x Trojan.Agent OTL Datei Code:
ATTFilter OTL logfile created on: 15.11.2012 18:08:16 - Run 7 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Myname\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 66,26% Memory free 6,50 Gb Paging File | 5,39 Gb Available in Paging File | 82,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 240,29 Gb Total Space | 186,54 Gb Free Space | 77,63% Space Free | Partition Type: NTFS Drive D: | 225,37 Gb Total Space | 148,20 Gb Free Space | 65,76% Space Free | Partition Type: NTFS Drive G: | 991,22 Mb Total Space | 296,78 Mb Free Space | 29,94% Space Free | Partition Type: FAT Drive I: | 3,80 Gb Total Space | 2,74 Gb Free Space | 72,19% Space Free | Partition Type: FAT32 Drive L: | 1,88 Gb Total Space | 1,86 Gb Free Space | 99,19% Space Free | Partition Type: FAT32 Drive N: | 465,76 Gb Total Space | 216,66 Gb Free Space | 46,52% Space Free | Partition Type: NTFS Computer Name: Myname-PC | User Name: Myname | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Myname\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Myname\Desktop\Defogger.exe () PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe () PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\Users\Myname\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\McNeelUpdate\5.0\McNeelUpdateService.exe (Robert McNeel & Associates) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Synology\Assistant\UsbClientService.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Synology Data Replicator 3\SynoDrService.exe () PRC - C:\Users\Myname\Downloads\usbdlm\USBDLM\USBDLM.exe (Uwe Sieber - www.uwe-sieber.de) PRC - C:\Users\Myname\Downloads\usbdlm\USBDLM\USBDLM_usr.exe (Uwe Sieber - www.uwe-sieber.de) ========== Modules (No Company Name) ========== MOD - C:\Users\Myname\Desktop\Defogger.exe () MOD - C:\Programme\Evernote\Evernote\libxml2.dll () MOD - C:\Programme\Evernote\Evernote\libtidy.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe () SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (McNeelUpdate) -- C:\Programme\McNeelUpdate\5.0\McNeelUpdateService.exe (Robert McNeel & Associates) SRV - (UsbClientService) -- C:\Programme\Synology\Assistant\UsbClientService.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (SynoDrService) -- C:\Programme\Synology Data Replicator 3\SynoDrService.exe () SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (USBDLM) -- C:\Users\Myname\Downloads\usbdlm\USBDLM\USBDLM.exe (Uwe Sieber - www.uwe-sieber.de) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (L6POD) -- C:\Windows\System32\drivers\L6POD.sys (Line 6) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (DELTAII) -- C:\Windows\System32\drivers\MAudioDelta.sys (Avid Technology, Inc.) DRV - (busenum) -- C:\Windows\System32\drivers\busenum.sys (Windows (R) Win 7 DDK provider) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 F5 66 71 97 00 CD 01 [binary data] IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6OyMCutPgm&i=26 IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..\SearchScopes\{F43D03C2-5462-4C8F-A2B8-4973076865EA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Users/Myname/Music/Temp/Tunebite/.downloading/profile/rrproxy_ie_50411b31.pac ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.5.1 FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.0.6 FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.100 FF - prefs.js..extensions.enabledAddons: readable@evernote.com:6.3337.321.777 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb174/?loc=IB_DS&a=6OyMCutPgm&&i=26&search=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2012.03.23 08:32:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.08.30 18:27:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:48:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:48:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.12 22:37:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:48:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:48:44 | 000,000,000 | ---D | M] [2012.03.12 22:32:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myname\AppData\Roaming\mozilla\Extensions [2012.09.30 19:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\7p34qz42.default\extensions [2012.09.30 19:35:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\7p34qz42.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.29 11:16:06 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\7p34qz42.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2012.03.13 00:03:04 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\7p34qz42.default\extensions\foxmarks@kei.com [2012.11.14 21:31:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\yv8c7976.default-1349281826435\extensions [2012.11.14 21:31:52 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\yv8c7976.default-1349281826435\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.10.06 22:35:14 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\yv8c7976.default-1349281826435\extensions\ich@maltegoetz.de [2012.09.11 19:32:38 | 000,382,926 | ---- | M] () (No name found) -- C:\Users\Myname\AppData\Roaming\mozilla\firefox\profiles\7p34qz42.default\extensions\readable@evernote.com.xpi [2012.10.27 22:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.30 18:27:41 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.10.27 22:48:46 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.06.22 21:31:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.07 17:31:57 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.22 21:31:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.22 21:31:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.22 21:31:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.22 21:31:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.03.17 00:11:32 | 000,000,877 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 74.208.10.249 gs.apple.com O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Programme\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKU\S-1-5-21-448014278-3508612385-884602074-1001..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-21-448014278-3508612385-884602074-1001..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Myname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Myname\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Myname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\Myname\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..Trusted Domains: line6.net ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB1C6065-76BF-435D-9764-5EE6730FE45A}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.08.29 21:21:24 | 000,000,000 | ---D | M] - N:\Automatisch zu iTunes hinzufügen -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.15 18:07:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Myname\Desktop\OTL.exe [2012.11.14 22:01:24 | 000,000,000 | ---D | C] -- C:\Users\Myname\AppData\Roaming\SUPERAntiSpyware.com [2012.11.14 22:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.11.14 22:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.11.14 22:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.11.14 21:31:55 | 000,000,000 | ---D | C] -- C:\Users\Myname\AppData\Roaming\QuickScan [2012.11.14 00:47:04 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Myname\Desktop\aswMBR.exe [2012.11.13 23:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.11.13 23:23:55 | 000,000,000 | ---D | C] -- C:\Users\Myname\AppData\Roaming\Malwarebytes [2012.11.13 23:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.13 23:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.13 23:23:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.13 23:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.13 23:16:55 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.11.13 23:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.11.13 21:26:20 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.11.04 23:20:29 | 000,000,000 | ---D | C] -- C:\Users\Myname\.eventideupdateutility [2012.11.04 12:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2012.10.27 22:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.22 21:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.22 21:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip ========== Files - Modified Within 30 Days ========== [2012.11.15 18:07:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Myname\Desktop\OTL.exe [2012.11.15 18:02:15 | 000,004,464 | ---- | M] () -- C:\Users\Myname\Documents\cc_20121115_180212.reg [2012.11.15 17:27:39 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.15 17:27:39 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.15 17:27:39 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.15 17:27:39 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.15 17:26:55 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 17:26:55 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 17:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.15 17:19:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.15 17:19:25 | 2616,500,224 | -HS- | M] () -- C:\hiberfil.sys [2012.11.14 22:21:32 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e39c0732-5390-4039-a447-a29a640927e4.job [2012.11.14 22:21:32 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7ad3ed6e-5d8a-498c-9b73-da75d855fb2e.job [2012.11.14 22:01:21 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.11.14 20:43:10 | 000,293,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.14 07:31:19 | 000,004,238 | ---- | M] () -- C:\Users\Myname\Documents\cc_20121114_073116.reg [2012.11.14 00:56:55 | 000,000,000 | ---- | M] () -- C:\Users\Myname\defogger_reenable [2012.11.14 00:55:53 | 000,050,477 | ---- | M] () -- C:\Users\Myname\Desktop\Defogger.exe [2012.11.14 00:47:26 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Myname\Desktop\aswMBR.exe [2012.11.13 23:59:33 | 000,302,592 | ---- | M] () -- C:\Users\Myname\Desktop\8sm0cer6.exe [2012.11.13 23:23:44 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.13 23:12:25 | 000,004,826 | ---- | M] () -- C:\Users\Myname\Documents\cc_20121113_231220.reg [2012.11.13 23:09:40 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.13 23:03:45 | 000,003,272 | ---- | M] () -- C:\bootsqm.dat [2012.11.09 21:01:20 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\Synology Data Replicator 3-Myname-PC-Myname.job [2012.10.20 20:36:51 | 109,702,299 | ---- | M] () -- C:\Users\Myname\Desktop\Bilder.zip [2012.10.20 20:34:50 | 000,000,899 | ---- | M] () -- C:\Users\Myname\Desktop\Tunebite - Verknüpfung.lnk ========== Files Created - No Company Name ========== [2012.11.15 18:02:14 | 000,004,464 | ---- | C] () -- C:\Users\Myname\Documents\cc_20121115_180212.reg [2012.11.14 22:01:30 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e39c0732-5390-4039-a447-a29a640927e4.job [2012.11.14 22:01:29 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7ad3ed6e-5d8a-498c-9b73-da75d855fb2e.job [2012.11.14 22:01:21 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.11.14 07:31:17 | 000,004,238 | ---- | C] () -- C:\Users\Myname\Documents\cc_20121114_073116.reg [2012.11.14 00:56:55 | 000,000,000 | ---- | C] () -- C:\Users\Myname\defogger_reenable [2012.11.14 00:55:51 | 000,050,477 | ---- | C] () -- C:\Users\Myname\Desktop\Defogger.exe [2012.11.13 23:59:21 | 000,302,592 | ---- | C] () -- C:\Users\Myname\Desktop\8sm0cer6.exe [2012.11.13 23:23:44 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.13 23:12:24 | 000,004,826 | ---- | C] () -- C:\Users\Myname\Documents\cc_20121113_231220.reg [2012.11.13 23:03:45 | 000,003,272 | ---- | C] () -- C:\bootsqm.dat [2012.10.20 20:35:45 | 109,702,299 | ---- | C] () -- C:\Users\Myname\Desktop\Bilder.zip [2012.08.17 18:41:23 | 000,000,032 | ---- | C] () -- C:\Users\Myname\.simfy [2012.08.02 22:13:36 | 000,005,632 | ---- | C] () -- C:\Users\Myname\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.22 21:40:32 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini [2012.07.21 21:14:05 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys [2012.07.21 21:11:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe [2012.07.21 21:11:07 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg [2012.06.16 22:42:15 | 000,005,084 | ---- | C] () -- C:\ProgramData\yotmwslu.srw [2012.05.12 19:09:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.29 13:49:59 | 000,160,101 | ---- | C] () -- C:\Windows\ScanWiz Uninstaller.exe [2012.04.22 10:55:16 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfwad.bin [2012.04.06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.04.06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.04.05 21:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.04.01 09:35:09 | 000,000,665 | ---- | C] () -- C:\Users\Myname\Myname - Verknüpfung.lnk [2012.03.30 20:45:23 | 000,000,004 | ---- | C] () -- C:\Users\Myname\AppData\Local\pcdit.dat [2012.03.30 20:44:14 | 000,000,036 | ---- | C] () -- C:\ProgramData\InstallAlibre.config [2012.03.26 22:32:33 | 000,000,400 | ---- | C] () -- C:\Windows\System32\drivers\ddpnqch185.dat [2012.03.26 22:32:33 | 000,000,400 | ---- | C] () -- C:\Windows\d_jdmjol162.ini [2012.03.25 21:33:32 | 000,212,269 | ---- | C] () -- C:\Users\Myname\AppData\Roaming\UserTile.png [2012.03.22 20:34:39 | 000,000,323 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.03.22 20:34:39 | 000,000,161 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.03.22 20:33:56 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2012.03.22 20:33:56 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.03.22 20:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.03.21 23:18:56 | 000,000,400 | ---- | C] () -- C:\Windows\g_jdmjol294.ini [2012.03.21 23:18:56 | 000,000,400 | ---- | C] () -- C:\Windows\System32\drivers\bdpnqch691.dat [2012.03.16 21:37:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.03.12 23:19:55 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.03.12 23:19:55 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7820N.DAT [2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.01.10 22:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.02.18 16:28:16 | 000,236,040 | ---- | C] () -- C:\Windows\System32\DeltaIITray.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.03.30 20:45:42 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Alibre Design [2012.03.30 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Alibre, Inc [2012.08.12 10:14:26 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Audacity [2012.04.01 18:40:23 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Canneverbe Limited [2012.03.27 23:06:21 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\com.Rhapsody.Napster5 [2012.11.15 17:23:04 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Dropbox [2012.09.30 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\DVDVideoSoft [2012.09.30 19:35:47 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.22 10:56:06 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\EPSON [2012.10.21 20:58:22 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\FileZilla [2012.06.01 05:31:32 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Foxit Software [2012.06.09 10:53:22 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Free iPad Video Converter [2012.03.13 20:37:14 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Guitar Pro 6 [2012.08.30 13:47:41 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Haudm [2012.07.22 21:43:35 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Line 6 [2012.03.26 22:33:10 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\McNeel [2012.04.08 00:02:25 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\MecSoft Corporation [2012.06.16 22:42:19 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Moi [2012.04.01 20:57:58 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\mp3DirectCut [2012.04.01 09:01:00 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\MusicBrainz [2012.03.17 18:45:08 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\OpenOffice.org [2012.05.12 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Orbit [2012.08.30 13:16:41 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Paipby [2012.04.29 13:45:20 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\PC-FAX TX [2012.10.12 19:55:55 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\pdfforge [2012.04.09 15:44:55 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\ProgSense [2012.04.14 18:01:48 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\PTC [2012.11.14 21:31:58 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\QuickScan [2012.08.29 22:53:56 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Seyc [2012.08.17 18:41:23 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Simfy [2012.08.30 18:14:44 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Spotify [2012.03.12 22:40:55 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Thunderbird [2012.09.14 10:06:11 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Windows SideBar [2012.03.24 23:03:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > GMER Log-File Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-11-15 18:22:35 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500418AS rev.CC38 Running: 8sm0cer6.exe; Driver: C:\Users\MyName\AppData\Local\Temp\pwdiypoc.sys ---- System - GMER 1.0.15 ---- SSDT 92C53A1E ZwCreateSection SSDT 92C539F6 ZwCreateSymbolicLinkObject SSDT 92C539FB ZwLoadDriver SSDT 92C539F1 ZwOpenSection SSDT 92C53A28 ZwRequestWaitReplyPort SSDT 92C53A23 ZwSetContextThread SSDT 92C53A2D ZwSetSecurityObject SSDT 92C53A00 ZwSetSystemInformation SSDT 92C53A32 ZwSystemDebugControl SSDT 92C539BF ZwTerminateProcess SSDT 92C539BA ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E7CA49 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB64D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EBD62C 4 Bytes [1E, 3A, C5, 92] {PUSH DS; CMP AL, CH; XCHG EDX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 82EBD634 4 Bytes [F6, 39, C5, 92] .text ntkrnlpa.exe!KeRemoveQueueEx + 1313 82EBD748 4 Bytes [FB, 39, C5, 92] {STI ; CMP EBP, EAX; XCHG EDX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 82EBD7E4 4 Bytes [F1, 39, C5, 92] {INT1 ; CMP EBP, EAX; XCHG EDX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82EBD988 4 Bytes [28, 3A, C5, 92] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92036000, 0x3DBAA0, 0xE8000020] .text peauth.sys 9F638C9D 28 Bytes [9E, AE, 65, D4, E8, C5, 2F, ...] .text peauth.sys 9F638CC1 28 Bytes [9E, AE, 65, D4, E8, C5, 2F, ...] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume11 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000c55ffe0b0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000c55ffe0b0 (not active ControlSet) ---- EOF - GMER 1.0.15 ---- Mit der Bitte um Hilfe. Herzlichen Dank im Voraus. mexx_muc Hallo,hat sich erledigt, ich mache den Rechner Platt. Danke und Gruss mexx_muc |
17.11.2012, 02:32 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Sicherheitscenter kann nicht gestartet werdem werdenZitat:
die Info wäre fast untergegangen
__________________ |
17.11.2012, 08:38 | #3 |
| Windows Sicherheitscenter kann nicht gestartet werdem werden Ja, habe ich mir danach auch gedacht. Sorry. Ich habe auf meinen eigenen Beitrag geantwortet und die Antwort stand dann im Beitrag selbst....
__________________Gruss mexx |
Themen zu Windows Sicherheitscenter kann nicht gestartet werdem werden |
antivir, application/pdf:, autorun, avast, avg, avira, bho, bonjour, c:\windows\system32\cmd.exe, defender, downloader, error, explorer, firefox, flash player, format, ftp, helper, kaspersky, logfile, object, plug-in, problem, registry, scan, software, superantispyware, synology, taskhost.exe, windows |