| |
| |||||||
Log-Analyse und Auswertung: Wartungscenter - Windows Sicherheitscenter aktivierenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.11.2012, 21:11
| #1 |
 |  Wartungscenter - Windows Sicherheitscenter aktivieren hallo, habe folgende problem mit meinem windows 7 ultimate. Im Wartungscenter ist der Dienst Sicherheits Center deaktiviert, und lässt sich nicht mehr aktivieren. mein Virenscanner AntiVir von Avira findet nichts. auch habe ich Malwarebytes anti malware laufen lassen, der hat zwar paar sachen gefunden die ich gelöscht haber aber ich kann es trotzdem nicht aktivieren. Weiß leider nicht mehr weiter. Bitte helft mir. hier hab ich die otl.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.11.2012 20:29:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xXx\Desktop\comrep Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 77,31% Memory free 4,00 Gb Paging File | 3,14 Gb Available in Paging File | 78,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 38,96 Gb Total Space | 11,96 Gb Free Space | 30,69% Space Free | Partition Type: NTFS Drive D: | 193,82 Gb Total Space | 141,22 Gb Free Space | 72,86% Space Free | Partition Type: NTFS Drive F: | 354,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: XXX-PC | User Name: xXx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.16 19:23:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xXx\Desktop\comrep\OTL.exe PRC - [2012.11.13 18:22:25 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.30 09:29:37 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.30 09:29:20 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.03.31 15:08:14 | 000,080,896 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.01.17 09:21:57 | 002,326,920 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2009.11.20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.09.12 18:09:44 | 000,660,936 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.02.22 18:10:38 | 000,054,272 | ---- | M] () -- C:\Programme\RALINK\Common\RalinkRegistryWriter.exe PRC - [2005.08.04 20:55:24 | 000,237,568 | ---- | M] () -- C:\Windows\System32\CmUCREye.exe ========== Modules (No Company Name) ========== MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2005.08.04 20:55:24 | 000,237,568 | ---- | M] () -- C:\Windows\System32\CmUCREye.exe ========== Services (SafeList) ========== SRV - [2012.10.30 09:29:37 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.30 09:29:20 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.09.06 02:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.03.31 15:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.01.17 09:21:57 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2009.11.20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.09.12 18:09:44 | 000,660,936 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.02.22 18:10:38 | 000,054,272 | ---- | M] () [Auto | Running] -- C:\Programme\RALINK\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter) SRV - [2003.07.28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandmodem.sys -- (ANDModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandgps.sys -- (AndGps) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lganddiag.sys -- (AndDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandbus.sys -- (Andbus) DRV - [2012.11.13 18:22:39 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.11.13 18:22:39 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.13 18:22:39 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.07.02 19:22:11 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2012.07.02 19:22:11 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2010.06.23 09:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.01.17 09:21:57 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp) DRV - [2010.01.17 09:21:56 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm251.sys -- (tdrpman251) DRV - [2010.01.17 09:21:55 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2010.01.17 09:21:49 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2009.11.21 03:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.13 23:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.07.13 23:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2009.02.09 10:42:40 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt) DRV - [2007.10.09 13:43:58 | 000,291,840 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr70.sys -- (rt70x86) DRV - [2007.09.10 09:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2006.11.30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2005.08.04 01:30:52 | 000,069,248 | ---- | M] (C-Media Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmiucr.SYS -- (CMISTOR) DRV - [2005.07.28 07:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b0f38f2c-c93b-43b8-93af-75f389d32e2d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b0f38f2c-c93b-43b8-93af-75f389d32e2d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b0f38f2c-c93b-43b8-93af-75f389d32e2d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b0f38f2c-c93b-43b8-93af-75f389d32e2d&affid=111585&searchtype=hp&babsrc=lnkry_nt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E CF 5B 27 CB 11 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b0f38f2c-c93b-43b8-93af-75f389d32e2d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b0f38f2c-c93b-43b8-93af-75f389d32e2d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b0f38f2c-c93b-43b8-93af-75f389d32e2d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6C447F4F-1358-4F9C-BA92-D3ED6636583F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.3.4 FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b0f38f2c-c93b-43b8-93af-75f389d32e2d&affid=111585&searchtype=ds&babsrc=lnkry&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.06 18:58:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla\components [2011.07.04 12:11:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla\plugins [2012.05.09 06:29:53 | 000,000,000 | ---D | M] [2010.01.15 22:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xXx\AppData\Roaming\mozilla\Extensions [2012.11.01 10:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xXx\AppData\Roaming\mozilla\Firefox\Profiles\1sokotop.default\extensions [2012.11.01 10:36:23 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\xXx\AppData\Roaming\mozilla\Firefox\Profiles\1sokotop.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.18 18:47:12 | 000,018,684 | ---- | M] () (No name found) -- C:\Users\xXx\AppData\Roaming\mozilla\firefox\profiles\1sokotop.default\extensions\ich@maltegoetz.de.xpi [2011.12.21 21:10:15 | 001,935,370 | ---- | M] () (No name found) -- C:\Users\xXx\AppData\Roaming\mozilla\firefox\profiles\1sokotop.default\extensions\info@djzig.com.xpi [2010.06.22 18:52:52 | 000,000,873 | ---- | M] () -- C:\Users\xXx\AppData\Roaming\mozilla\firefox\profiles\1sokotop.default\searchplugins\conduit.xml [2011.03.27 10:06:50 | 000,000,950 | ---- | M] () -- C:\Users\xXx\AppData\Roaming\mozilla\firefox\profiles\1sokotop.default\searchplugins\icqplugin-1.xml [2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Users\xXx\AppData\Roaming\mozilla\firefox\profiles\1sokotop.default\searchplugins\icqplugin.xml [2012.09.16 17:37:05 | 000,002,455 | ---- | M] () -- C:\Users\xXx\AppData\Roaming\mozilla\firefox\profiles\1sokotop.default\searchplugins\Web Search.xml [2012.10.06 18:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CmUCRRun] C:\Windows\System32\CmUCREye.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xXx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4349ECF9-365A-4AC0-9A61-1999D72A6F05}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B2E7189-E295-49E2-8115-B4441A8C4DE7}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB0F2426-0578-4934-BDA2-93F342DCA03D}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{627f80b2-95d5-11df-bcb9-0016172d4be5}\Shell - "" = AutoRun O33 - MountPoints2\{627f80b2-95d5-11df-bcb9-0016172d4be5}\Shell\AutoRun\command - "" = K:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.16 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\xXx\Desktop\comrep [2012.11.14 19:23:31 | 000,000,000 | ---D | C] -- C:\Users\xXx\AppData\Roaming\Malwarebytes [2012.11.14 19:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.14 19:23:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.14 19:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.09 19:42:10 | 000,000,000 | ---D | C] -- C:\Users\xXx\AppData\Roaming\TeamViewer [2012.11.09 19:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2012.11.09 07:16:36 | 000,000,000 | ---D | C] -- C:\Users\xXx\Desktop\Musi Jeanette [2012.11.07 22:14:12 | 000,000,000 | ---D | C] -- C:\Users\xXx\AppData\Local\fchhalrf [2012.11.03 19:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView ========== Files - Modified Within 30 Days ========== [2012.11.16 20:27:53 | 000,000,000 | ---- | M] () -- C:\Users\xXx\defogger_reenable [2012.11.16 18:59:56 | 000,657,428 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.16 18:59:56 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.16 18:59:56 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.16 18:59:56 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.16 18:58:01 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.16 18:58:01 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.16 18:52:46 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile [2012.11.16 18:52:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.16 18:52:28 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2012.11.13 18:22:39 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.13 18:22:39 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.13 18:22:39 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.03 19:56:02 | 000,000,968 | ---- | M] () -- C:\Users\xXx\Desktop\IrfanView.lnk [2012.11.01 10:36:20 | 000,001,356 | ---- | M] () -- C:\Users\xXx\Desktop\Free YouTube to MP3 Converter.lnk ========== Files Created - No Company Name ========== [2012.11.16 20:27:53 | 000,000,000 | ---- | C] () -- C:\Users\xXx\defogger_reenable [2012.11.09 19:37:13 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.11.03 19:56:02 | 000,000,968 | ---- | C] () -- C:\Users\xXx\Desktop\IrfanView.lnk [2012.11.01 10:36:20 | 000,001,356 | ---- | C] () -- C:\Users\xXx\Desktop\Free YouTube to MP3 Converter.lnk [2012.10.06 15:10:42 | 000,076,338 | ---- | C] () -- C:\ProgramData\yuzgqirzyalimyj [2012.02.18 18:59:28 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.INI [2011.12.18 19:20:43 | 000,000,580 | ---- | C] () -- C:\Users\xXx\AppData\Local\cookies.ini [2011.12.02 18:45:27 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2011.12.02 18:45:27 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2011.08.22 09:02:59 | 000,045,573 | -H-- | C] () -- C:\Users\xXx\userdiff.sav [2011.07.12 07:35:53 | 000,093,388 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.12.05 11:48:06 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.12.05 11:48:06 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.12.05 11:48:06 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.12.05 11:48:06 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.12.05 11:48:06 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.12.05 11:48:06 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.12.05 11:48:06 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.12.05 11:48:06 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.12.05 11:48:06 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.12.05 11:48:06 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.12.05 11:48:06 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.12.05 11:48:06 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.12.05 11:48:06 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.12.05 11:48:06 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.12.05 11:48:06 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.12.05 11:48:06 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.12.05 11:48:06 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.12.05 11:48:06 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.12.05 11:48:06 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.11.20 18:23:35 | 000,000,036 | ---- | C] () -- C:\Windows\mafosav.INI [2010.07.23 22:03:08 | 000,003,584 | ---- | C] () -- C:\Users\xXx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.06 18:17:15 | 000,007,597 | ---- | C] () -- C:\Users\xXx\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.01.17 12:46:37 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\Acronis [2010.03.04 21:07:10 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\Atari [2010.03.18 13:18:04 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\Command and Conquer 4 [2010.03.07 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\Command and Conquer 4 Beta [2010.01.15 22:12:35 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\DeviceDoctorSoftware [2012.07.22 14:49:02 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\Digiarty [2012.11.01 10:36:27 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\DVDVideoSoft [2011.03.26 17:50:53 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.23 22:09:19 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\FreeFLVConverter [2011.06.10 09:24:43 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\FreeMoviesToDVD [2012.09.16 17:29:45 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\OpenCandy [2011.11.12 13:03:42 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\Opera [2010.12.11 17:48:06 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\Panasonic [2012.11.09 20:06:06 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\TeamViewer [2010.04.11 14:50:29 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\VMLoad [2010.08.23 21:20:25 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\WEB.DE [2012.07.22 14:49:03 | 000,000,000 | ---D | M] -- C:\Users\xXx\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 823058 bytes -> C:\Windows\Temp:temp < End of report > und hier die extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.11.2012 20:29:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xXx\Desktop\comrep
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 77,31% Memory free
4,00 Gb Paging File | 3,14 Gb Available in Paging File | 78,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,96 Gb Total Space | 11,96 Gb Free Space | 30,69% Space Free | Partition Type: NTFS
Drive D: | 193,82 Gb Total Space | 141,22 Gb Free Space | 72,86% Space Free | Partition Type: NTFS
Drive F: | 354,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: XXX-PC | User Name: xXx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
"UacDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2D7D9D86-923A-41A8-919F-437332AB1031}" = Nero 7 Premium
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Blobby Volley 2.0 Version 0.9c_is1" = Blobby Volley 2.0 Version 0.9c
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CCleaner" = CCleaner
"C-Media Card Reader Driver USB2.0" = C-Media Card Reader Driver USB2.0
"DivX Setup.divx.com" = DivX-Setup
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.1.1
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SopCast" = SopCast 3.4.7
"Steam App 240" = Counter-Strike: Source
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.11.2011 06:02:08 | Computer Name = xXx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 04.11.2011 06:02:08 | Computer Name = xXx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 04.11.2011 13:00:23 | Computer Name = xXx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 04.11.2011 13:00:23 | Computer Name = xXx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 04.11.2011 16:37:57 | Computer Name = xXx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 04.11.2011 16:37:57 | Computer Name = xXx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.11.2011 02:24:11 | Computer Name = xXx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.11.2011 02:24:11 | Computer Name = xXx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.11.2011 03:04:48 | Computer Name = xXx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.11.2011 03:04:48 | Computer Name = xXx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 15.11.2012 02:13:40 | Computer Name = xXx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 15.11.2012 14:23:23 | Computer Name = xXx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 15.11.2012 14:23:44 | Computer Name = xXx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 16.11.2012 01:53:24 | Computer Name = xXx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 16.11.2012 01:53:46 | Computer Name = xXx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 16.11.2012 12:52:55 | Computer Name = xXx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 16.11.2012 12:53:17 | Computer Name = xXx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 16.11.2012 13:52:46 | Computer Name = xXx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 16.11.2012 13:53:07 | Computer Name = xXx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 16.11.2012 13:53:08 | Computer Name = xXx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
< End of report >
und noch die gmer.txt GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-16 20:53:49
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3250824AS rev.3.AAE
Running: 39mwcsb4.exe; Driver: C:\Users\xXx\AppData\Local\Temp\uwldipow.sys
---- System - GMER 1.0.15 ----
SSDT 8E4E85AE ZwCreateSection
SSDT 8E4E85B8 ZwRequestWaitReplyPort
SSDT 8E4E85B3 ZwSetContextThread
SSDT 8E4E85BD ZwSetSecurityObject
SSDT 8E4E85C2 ZwSystemDebugControl
SSDT 8E4E854F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8305B579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307FF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 340 83087840 4 Bytes [AE, 85, 4E, 8E] {SCASB ; TEST [ESI-0x72], ECX}
.text ntkrnlpa.exe!RtlSidHashLookup + 69C 83087B9C 4 Bytes [B8, 85, 4E, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 6E0 83087BE0 4 Bytes [B3, 85, 4E, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 75C 83087C5C 4 Bytes [BD, 85, 4E, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B0 83087CB0 4 Bytes [C2, 85, 4E, 8E]
.text ...
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0x9860E400, 0x7960C, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x986B0420] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x986B0420]
.protectÿÿÿÿhardlockunknown last code section [0x986B0200, 0x5049, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0x986B0200, 0x5049, 0xE0000020]
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
AttachedDevice tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 snapman.sys (Acronis Snapshot API/Acronis)
Device pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device cmiucr.SYS (USB 2.0 card reader driver/C-Media Corporation)
Device usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:912] 8E9591E0
Thread System [4:916] 8E95D3A0
---- EOF - GMER 1.0.15 ----
Ich hoffe diesmal hab ich alles richtig gemacht und ihr könnt mir helfen. Wenn nicht bitte habt Verständniss für nen "Noob" :-) Ich werde auch alle benötigten Dinge nachreichen. Vielen Dank für eure Hilfe Mfg Marc |
| Themen zu Wartungscenter - Windows Sicherheitscenter aktivieren |
| antivir, autorun, avg, avira, bho, converter, defender, desktop, error, excel, fehler, firefox, flash player, format, install.exe, logfile, mozilla, mp3, plug-in, problem, realtek, rundll, scan, security, sicherheitscenter aktivieren, software, usb 2.0, windows |
Baum-Darstellung