Trojaner-Board
Seite 3 von 4 12 3 4
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... (https://www.trojaner-board.de/150216-avast-findet-mehrere-viren-win-32nextlife-b-andere-win-32-a.html)

cosinus 28.02.2014 13:53
Dann kenn ich nur noch eine mögliche Option:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

rairai 28.02.2014 14:56
Hi Cosinus,

Comofix lief problemlos, gab auch keine Fehlermeldung.
Beim nicht Neustart (wurde nicht angefordert) kam die Meldung
Load DLL - Hook Load failed
wieder
und Standardbrowser war I-Explorer und nicht mehr Firefox, habe das wieder umgestellt.
hier das Combofix file
Combofix Logfile:
Code:
ComboFix 14-02-24.02 - M1 28.02.2014  14:25:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3069.1819 [GMT 1:00]
ausgeführt von:: c:\users\M1\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\~.inf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-01-28 bis 2014-02-28  ))))))))))))))))))))))))))))))
.
.
2014-02-28 13:36 . 2014-02-28 13:36        --------        dc----w-        c:\users\Default\AppData\Local\temp
2014-02-28 09:53 . 2014-02-28 09:53        62576        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C9A14E3-AC4D-420E-AC50-EEA65CA0C076}\offreg.dll
2014-02-28 09:31 . 2014-02-06 07:08        7947048        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C9A14E3-AC4D-420E-AC50-EEA65CA0C076}\mpengine.dll
2014-02-27 16:15 . 2014-02-27 16:20        --------        dc----w-        c:\windows\system32\catroot2
2014-02-27 15:57 . 2014-02-27 17:15        --------        dc----w-        c:\windows\system32\wbem\repository
2014-02-27 15:23 . 2014-02-27 16:12        181064        -c--a-w-        c:\windows\PSEXESVC.EXE
2014-02-27 15:18 . 2014-02-27 15:18        --------        dc----w-        C:\RegBackup
2014-02-27 14:04 . 2014-02-27 14:23        --------        dc----w-        c:\program files\Tweaking.com
2014-02-25 13:27 . 2014-02-25 13:27        --------        dc----w-        c:\windows\ERUNT
2014-02-25 13:14 . 2014-02-25 13:21        --------        dc----w-        C:\AdwCleaner
2014-02-25 09:58 . 2014-02-25 09:58        75480        -c--a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-02-23 16:05 . 2014-02-27 09:09        --------        dc----w-        C:\FRST
2014-02-22 16:25 . 2014-02-22 16:25        --------        dc----w-        c:\program files\Skillbrains
2014-02-22 16:24 . 2014-02-22 16:24        --------        dc----w-        c:\users\M1\AppData\Local\Skillbrains
2014-02-16 17:22 . 2014-02-16 17:22        --------        dc----w-        c:\users\M1\AppData\Local\RegistryDR
2014-02-16 17:21 . 2014-02-16 17:21        --------        dc----w-        c:\users\M1\.android
2014-02-16 17:21 . 2014-02-16 17:25        --------        dc----w-        c:\users\M1\AppData\Local\cache
2014-02-16 14:14 . 2014-02-16 14:14        --------        dc----w-        c:\users\M1\AppData\Roaming\gbrainy
2014-02-16 13:53 . 2014-02-16 14:01        --------        dc----w-        c:\program files\Spiele
2014-02-16 13:31 . 2014-02-16 13:34        --------        dc----w-        c:\users\M1\AppData\Roaming\.freeciv
2014-02-16 13:30 . 2014-02-16 13:31        --------        dc----w-        c:\program files\Freeciv-2.4.2-gtk2
2014-02-14 10:48 . 2014-02-14 10:48        --------        dc----w-        c:\windows\Migration
2014-02-13 16:07 . 2013-12-05 02:12        1248768        -c--a-w-        c:\windows\system32\msxml3.dll
2014-02-09 13:24 . 2014-02-09 13:24        --------        dc----w-        c:\program files\Common Files\Java
2014-02-09 13:24 . 2014-02-09 13:24        --------        dc----w-        c:\programdata\Oracle
2014-02-09 13:23 . 2014-02-09 13:23        94632        -c--a-w-        c:\windows\system32\WindowsAccessBridge.dll
2014-02-09 13:23 . 2014-02-09 13:23        --------        dc----w-        c:\program files\Java
2014-02-08 12:56 . 2014-02-08 12:56        --------        dc----w-        c:\users\M1\AppData\Roaming\AVAST Software
2014-02-08 12:55 . 2014-02-08 12:55        57672        -c--a-w-        c:\windows\system32\drivers\aswTdi.sys
2014-02-08 12:55 . 2014-02-08 12:55        180248        -c--a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-02-08 12:55 . 2014-02-08 12:55        775952        -c--a-w-        c:\windows\system32\drivers\aswSnx.sys
2014-02-08 12:55 . 2014-02-08 12:55        410784        -c--a-w-        c:\windows\system32\drivers\aswSP.sys
2014-02-08 12:55 . 2014-02-08 12:55        67824        -c--a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-02-08 12:55 . 2014-02-08 12:55        54832        -c--a-w-        c:\windows\system32\drivers\aswRdr.sys
2014-02-08 12:55 . 2014-02-08 12:55        49944        -c--a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-02-08 12:55 . 2014-02-08 12:55        270240        -c--a-w-        c:\windows\system32\aswBoot.exe
2014-02-08 12:55 . 2014-02-08 12:55        43152        -c--a-w-        c:\windows\avastSS.scr
2014-02-08 12:54 . 2014-02-08 12:54        --------        dc----w-        c:\program files\AVAST Software
2014-02-08 12:52 . 2014-02-08 12:52        --------        dc----w-        c:\programdata\AVAST Software
2014-02-01 14:48 . 2014-02-01 14:48        --------        dc----w-        c:\programdata\BlueStacks
2014-02-01 14:47 . 2014-02-01 14:47        --------        dc----w-        c:\program files\WildTangent Games
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-23 15:20 . 2012-09-01 19:58        71048        -c--a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-23 15:20 . 2012-09-01 19:58        692616        -c--a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-01-01 18:20 . 2014-01-01 18:20        1207568        -c--a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-12-18 05:13 . 2009-10-03 14:41        231584        -c----w-        c:\windows\system32\MpSigStub.exe
2011-05-30 13:52 . 2013-11-08 14:57        1806336        -c--a-w-        c:\program files\PowerPointMUI.msi
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-08 12:55        259464        -c--a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"LightShot"="c:\users\M1\AppData\Local\Skillbrains\lightshot\Lightshot.exe" [2014-02-03 226592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-14 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"Laser mouse"="c:\program files\Office-Web\Office-Web Center\Panel.exe" [2005-04-25 233472]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-08 3767096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3630145962-1711427128-1675247868-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06        451872        -c--a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 15:20]
.
2014-02-28 c:\windows\Tasks\update-S-1-5-21-3630145962-1711427128-1675247868-1000.job
- c:\program files\Skillbrains\Updater\Updater.exe [2014-02-22 12:37]
.
2014-02-28 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2014-02-22 12:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: &AOL Toolbar-Suche
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Bild in &Microsoft PhotoDraw öffnen - c:\progra~1\MICROS~3\Office\1031\phdintl.dll/phdContext.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.ixquick.com/
FF - ExtSQL: !HIDDEN! 2009-07-09 15:33; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-NWEReboot - (no file)
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1 - c:\stranded ii\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-02-28 14:36
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\M1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-02-28  14:41:38
ComboFix-quarantined-files.txt  2014-02-28 13:41
.
Vor Suchlauf: 15 Verzeichnis(se), 56.780.337.152 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 56.597.176.320 Bytes frei
.
- - End Of File - - E585068B868506916CD03B2140F41276
--- --- ---
85D751F0E41B8E520AEE8C07A8DA777B

[/CODE]

rairai

cosinus 28.02.2014 15:04
Da seh ich auch nichts. Läuft OSAM denn jetzt nach CF?

rairai 28.02.2014 15:11
Ich versuchs noch mal

rairai 28.02.2014 15:20
Liste der Anhänge anzeigen (Anzahl: 1)
Hi Cosinus,

OSAM bleibt wie vorher stecken siehe screenshot

mache ich da was falsch, oder gibt es die Verbindung zu dem Server nicht mehr?

rairai

cosinus 28.02.2014 15:41
Die Online-Überprüfung einfach canceln. Brauch ich nicht. Will nur das Log.

rairai 28.02.2014 16:05
wenn ich den onlinescan cancle und auf save log klicke ergibt sich eine firefox html Datei.
wie soll ich das posten??
rairai

Code:


Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:48:59 on 28.02.2014
OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 27.0.1

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

          Risk        Name        Publisher        Full Path        Status
Common
%SystemRoot%\Tasks
                      "Adobe Flash Player Updater.job"        "Adobe Systems Incorporated"        C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe        File exists
                  "update-S-1-5-21-3630145962-1711427128-1675247868-1000.job"                C:\Program Files\Skillbrains\Updater\Updater.exe        File exists
                  "update-sys.job"                C:\Program Files\Skillbrains\Updater\Updater.exe        File exists
Control Panel Objects
%SystemRoot%\system32
                  "FlashPlayerCPLApp.cpl"        "Adobe Systems Incorporated"        C:\Windows\system32\FlashPlayerCPLApp.cpl        File exists
                  "hpaccelerometercp.CPL"        "Hewlett-Packard Corporation"        C:\Windows\system32\hpaccelerometercp.CPL        File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
                  "mlcfg32.cpl"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\MLCFG32.CPL        File exists
                  "ProtectSmart Hard Drive Protection"        "Hewlett-Packard Corporation"        C:\Windows\system32\hpaccelerometercp.CPL        File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
                  "aswMonFlt" (aswMonFlt)        "AVAST Software"        C:\Windows\system32\drivers\aswMonFlt.sys        File exists
                  "aswRdr" (aswRdr)        "AVAST Software"        C:\Windows\system32\drivers\aswRdr.sys        File exists
                  "aswSnx" (aswSnx)        "AVAST Software"        C:\Windows\system32\drivers\aswSnx.sys        File exists
                  "aswSP" (aswSP)        "AVAST Software"        C:\Windows\system32\drivers\aswSP.sys        File exists
                  "aswTdi" (aswTdi)        "AVAST Software"        C:\Windows\system32\drivers\aswTdi.sys        File exists
                  "avast! Revert" (aswRvrt)                C:\Windows\system32\drivers\aswRvrt.sys        File exists
                  "avast! VM Monitor" (aswVmm)                C:\Windows\system32\drivers\aswVmm.sys        File exists
                  "catchme" (catchme)                C:\Users\M1\AppData\Local\Temp\catchme.sys        File not found
                  "HidMouse" (HidMouse)        "Hama"        C:\Windows\System32\Drivers\HidMouse.sys        File exists
                  "IP in IP Tunnel Driver" (IpInIp)                C:\Windows\System32\DRIVERS\ipinip.sys        File not found
                  "IPX Traffic Filter Driver" (NwlnkFlt)                C:\Windows\System32\DRIVERS\nwlnkflt.sys        File not found
                  "IPX Traffic Forwarder Driver" (NwlnkFwd)                C:\Windows\System32\DRIVERS\nwlnkfwd.sys        File not found
                  "mbamchameleon" (mbamchameleon)        "Malwarebytes Corporation"        C:\Windows\system32\drivers\mbamchameleon.sys        File exists
                  "PSI" (PSI)        "Secunia"        C:\Windows\System32\DRIVERS\psi_mf.sys        File exists
Explorer
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
                  {2F5AC606-70CF-461C-BFE1-6063670C3484} "MouseCplExt Class"                C:\Windows\system32\MousePage.dll        File exists
                  {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner"        "Microsoft Corporation"        C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL        File exists
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
                  {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel"        "Hewlett-Packard Company"        "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"        File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
                  {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension"        "Adobe Systems, Inc."        C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll        File exists
                  {0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}"                        File not found | COM-object registry key not found
HKLM\Software\Classes\Protocols\Filter
                  {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter"        "Microsoft Corporation"        C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL        File exists
HKLM\Software\Classes\Protocols\Handler
                  {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class"        "Microsoft Corporation"        C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll        File exists
                  {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class"        "Skype Technologies"        C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL        File exists
                  {828030A1-22C1-4009-854F-8E305202313F} "livecall"        "Microsoft Corporation"        C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL        File exists
                  {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0"        "Microsoft Corporation"        C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll        File exists
                  {828030A1-22C1-4009-854F-8E305202313F} "msnim"        "Microsoft Corporation"        C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL        File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
                  {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL        File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
                  {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files"                        File not found | COM-object registry key not found
                  {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension"        "Igor Pavlov"        C:\Program Files\7-Zip\7-zip.dll        File exists
                  {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder"                        File not found | COM-object registry key not found
                  {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder"                        File not found | COM-object registry key not found
                  {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL        File exists
                  {5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension"                C:\Windows\system32\wuaucpl.cpl        File not found
                  {472083B0-C522-11CF-8763-00608CC02F24} "avast"        "AVAST Software"        C:\Program Files\AVAST Software\Avast\ashShell.dll        File exists
                  {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class"        "Microsoft Corporation"        C:\Program Files\Microsoft Office\Office14\VISSHE.DLL        File exists
                  {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder"                        File not found | COM-object registry key not found
                  {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band"                        File not found | COM-object registry key not found
                  {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL        File exists
                  {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL        File exists
                  {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL        File exists
                  {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL        File exists
                  {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL        File exists
                  {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL        File exists
                  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL        File exists
                  {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL        File exists
                  {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL        File exists
                  {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL        File exists
                  {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL        File exists
                  {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider"                        File not found | COM-object registry key not found
                  {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page"                        File not found | COM-object registry key not found
                  {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor"                        File not found | COM-object registry key not found
                  {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist"                        File not found | COM-object registry key not found
                  {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class"        "Microsoft Corporation"        C:\Program Files\Microsoft Office\Office14\VISSHE.DLL        File exists
                  {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner"        "Microsoft Corporation"        C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll        File exists
                  {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler"        "Microsoft Corporation"        C:\Program Files\Microsoft Office\Office14\msohevi.dll        File exists
                  {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler"        "Microsoft Corporation"        C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll        File exists
                  {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler"        "Microsoft Corporation"        C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll        File exists
                  {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search"        "Microsoft Corporation"        C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL        File exists
                  {00020d75-0000-0000-c000-000000000046} "Microsoft Outlook"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\MLSHEXT.DLL        File exists
                  {2F5AC606-70CF-461C-BFE1-6063670C3484} "MouseCplExt Class"                C:\Windows\system32\MousePage.dll        File exists
                  {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension"        "Microsoft Corporation"        C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL        File exists
                  {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder"                        File not found | COM-object registry key not found
                  {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder"                        File not found | COM-object registry key not found
                  {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning"                        File not found | COM-object registry key not found
                  {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF"        "XSS"        C:\Windows\System32\ShellvRTF.dll        File exists
                  {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class"                C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll        File exists
                  {79BC0345-1015-11D2-A299-006008312725} "Studio.Project"                C:\Program Files\Pinnacle\Studio 11\programs\BlueShellExt.dll        File found, but it contains no detailed information
                  {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner"        "Microsoft Corporation"        C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL        File exists
                  {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service"                        File not found | COM-object registry key not found
                  {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR"                C:\Program Files\WinRAR\rarext.dll        File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
                  ITBar7Height "ITBar7Height"                        File not found | COM-object registry key not found
                  "ITBar7Layout"                        File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
                  {4871A87A-BFDD-4106-8153-FFDE2BAC2967} "DLM Control"
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab        "Akamai Technologies, Inc."        C:\Windows\DOWNLO~1\DOWNLO~1.OCX        File exists
                  {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.7.0_17"
hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab        "Oracle Corporation"        C:\Program Files\Java\jre7\bin\jp2iexp.dll        File exists
                  {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.7.0_21"
hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab        "Oracle Corporation"        C:\Program Files\Java\jre7\bin\jp2iexp.dll        File exists
                  {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.51.2"
hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab        "Oracle Corporation"        C:\Program Files\Java\jre7\bin\jp2iexp.dll        File exists
                  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.51.2"
hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab        "Oracle Corporation"        C:\Program Files\Java\jre7\bin\jp2iexp.dll        File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
                  {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden"        "Microsoft Corporation"        C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll        File exists
                  "HP Smart Print"        "Hewlett-Packard"        C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe        File exists
                  {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen"        "Microsoft Corporation"        C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll        File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
                  {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} "avast! Online Security"        "AVAST Software"        C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll        File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
                  {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} "AOL Toolbar BHO"                C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll        File not found
                  {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! Online Security"        "AVAST Software"        C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll        File exists
                  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL        File exists
                  {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper"        "Oracle Corporation"        C:\Program Files\Java\jre7\bin\jp2ssv.dll        File exists
                  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper"        "Oracle Corporation"        C:\Program Files\Java\jre7\bin\ssv.dll        File exists
                  {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler"        "Microsoft Corporation"        C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL        File exists
                  {7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}"                        File not found | COM-object registry key not found
Known DLLs
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs
                  "advapi32"        "Microsoft Corporation"        C:\Windows\system32\advapi32.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "clbcatq"        "Microsoft Corporation"        C:\Windows\system32\clbcatq.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "COMDLG32"        "Microsoft Corporation"        C:\Windows\system32\COMDLG32.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "gdi32"        "Microsoft Corporation"        C:\Windows\system32\gdi32.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "IERTUTIL"        "Microsoft Corporation"        C:\Windows\system32\IERTUTIL.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "IMAGEHLP"        "Microsoft Corporation"        C:\Windows\system32\IMAGEHLP.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "IMM32"        "Microsoft Corporation"        C:\Windows\system32\IMM32.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "kernel32"        "Microsoft Corporation"        C:\Windows\system32\kernel32.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "LPK"        "Microsoft Corporation"        C:\Windows\system32\LPK.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "MSCTF"        "Microsoft Corporation"        C:\Windows\system32\MSCTF.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "MSVCRT"        "Microsoft Corporation"        C:\Windows\system32\MSVCRT.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "NORMALIZ"        "Microsoft Corporation"        C:\Windows\system32\NORMALIZ.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "NSI"        "Microsoft Corporation"        C:\Windows\system32\NSI.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "ole32"        "Microsoft Corporation"        C:\Windows\system32\ole32.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "OLEAUT32"        "Microsoft Corporation"        C:\Windows\system32\OLEAUT32.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "rpcrt4"        "Microsoft Corporation"        C:\Windows\system32\rpcrt4.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "Setupapi"        "Microsoft Corporation"        C:\Windows\system32\Setupapi.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "SHELL32"        "Microsoft Corporation"        C:\Windows\system32\SHELL32.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "SHLWAPI"        "Microsoft Corporation"        C:\Windows\system32\SHLWAPI.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "URLMON"        "Microsoft Corporation"        C:\Windows\system32\URLMON.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "user32"        "Microsoft Corporation"        C:\Windows\system32\user32.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "USP10"        "Microsoft Corporation"        C:\Windows\system32\USP10.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "WININET"        "Microsoft Corporation"        C:\Windows\system32\WININET.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "WLDAP32"        "Microsoft Corporation"        C:\Windows\system32\WLDAP32.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
                  "WS2_32"        "Microsoft Corporation"        C:\Windows\system32\WS2_32.dll        Hidden registry entry, rootkit activity | File signed by Microsoft
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
                  "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"        "Microsoft Corporation"        C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE        Shortcut exists | File exists
                  "desktop.ini"                C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini        File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
                  "desktop.ini"                C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini        File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                  "LightShot"                C:\Users\M1\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue        File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
                  "StartupPrograms"                rdpclip        File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
                  "Adobe ARM"        "Adobe Systems Incorporated"        "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"        File exists
                  "AvastUI.exe"        "AVAST Software"        "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui        File exists
                  "BCSSync"        "Microsoft Corporation"        "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices        File exists
                  "HP Health Check Scheduler"        "Hewlett-Packard"        c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe        File exists
                  "HP Software Update"        "Hewlett-Packard"        C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe        File exists
                  "hpWirelessAssistant"        "Hewlett-Packard Development Company, L.P."        C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe        File exists
                  "Laser mouse"                "C:\Program Files\Office-Web\Office-Web Center\Panel.exe"        File found, but it contains no detailed information
                  "OnScreenDisplay"        " Hewlett-Packard Development Company, L.P."        C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe        File exists
                  "QlbCtrl.exe"        " Hewlett-Packard Development Company, L.P."        C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start        File exists
                  "QPService"        "CyberLink Corp."        "C:\Program Files\HP\QuickPlay\QPService.exe"        File exists
                  "StartCCC"        "Advanced Micro Devices, Inc."        "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"        File exists
                  "SunJavaUpdateSched"        "Oracle Corporation"        "C:\Program Files\Common Files\Java\Java Update\jusched.exe"        File exists
                  "UCam_Menu"        "CyberLink Corp."        "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"        File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
                  "HP Discovery Port Monitor (HP Officejet 4620 series)"        "Hewlett-Packard Co."        C:\Windows\system32\HPDiscoPM6412.dll        File exists
                  "PDFCreator"                C:\Windows\system32\pdfcmnnt.dll        File found, but it contains no detailed information
Services
HKLM\SYSTEM\CurrentControlSet\Services
                  "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400)        "Microsoft Corporation"        C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe        File exists
                  "Adobe Acrobat Update Service" (AdobeARMservice)        "Adobe Systems Incorporated"        C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe        File exists
                  "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc)        "Adobe Systems Incorporated"        C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe        File exists
                  "ASP.NET-Zustandsdienst" (aspnet_state)        "Microsoft Corporation"        C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe        File exists
                  "avast! Antivirus" (avast! Antivirus)        "AVAST Software"        C:\Program Files\AVAST Software\Avast\AvastSvc.exe        File exists
                  "Com4QLBEx" (Com4QLBEx)        "Hewlett-Packard Development Company, L.P."        C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe        File exists
                  "Cyberlink RichVideo Service(CRVS)" (RichVideo)                C:\Program Files\CyberLink\Shared Files\RichVideo.exe        File exists
                  "Easybits Shared Services for Windows" (ezSharedSvc)        "EasyBits Sofware AS"        C:\Windows\System32\ezsvc7.dll        File exists
                  "GamesAppIntegrationService" (GamesAppIntegrationService)        "WildTangent"        C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe        File exists
                  "GamesAppService" (GamesAppService)        "WildTangent, Inc."        C:\Program Files\WildTangent Games\App\GamesAppService.exe        File exists
                  "HP Health Check Service" (HP Health Check Service)        "Hewlett-Packard"        c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe        File exists
                  "hpqwmiex" (hpqwmiex)        "Hewlett-Packard Development Company, L.P."        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe        File exists
                  "InstallDriver Table Manager" (IDriverT)        "Macrovision Corporation"        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe        File exists
                  "LightScribeService Direct Disc Labeling Service" (LightScribeService)        "Hewlett-Packard Company"        C:\Program Files\Common Files\LightScribe\LSSrvc.exe        File exists
                  "Messenger USN Journal Reader-Service für freigegebene Ordner" (usnjsvc)        "Microsoft Corporation"        C:\Program Files\MSN Messenger\usnsvc.exe        File exists
                  "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32)        "Microsoft Corporation"        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe        File exists
                  "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service)        "Microsoft Corporation"        C:\Program Files\Microsoft Office\Office14\GROOVE.EXE        File exists
                  "Mozilla Maintenance Service" (MozillaMaintenance)        "Mozilla Foundation"        C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe        File exists
                  "Office Source Engine" (ose)        "Microsoft Corporation"        C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE        File exists
                  "Office Software Protection Platform" (osppsvc)        "Microsoft Corporation"        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE        File exists
                  "PCLEPCI" (PCLEPCI)        "Pinnacle Systems GmbH"        C:\Windows\system32\drivers\pclepci.sys        File exists
                  "QuickPlay Background Capture Service (QBCS)" (QPCapSvc)                C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe        File exists
                  "QuickPlay Task Scheduler (QTS)" (QPSched)                C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe        File exists
                  "Recovery Service for Windows" (Recovery Service for Windows)                C:\Windows\SMINST\BLService.exe        File exists
                  "Secunia PSI Agent" (Secunia PSI Agent)        "Secunia"        C:\Program Files\Secunia\PSI\PSIA.exe        File exists
                  "Secunia Update Agent" (Secunia Update Agent)        "Secunia"        C:\Program Files\Secunia\PSI\sua.exe        File exists
                  "Skype Updater" (SkypeUpdate)        "Skype Technologies"        C:\Program Files\Skype\Updater\Updater.exe        File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
ok so gehts
rairai

cosinus 28.02.2014 20:24
Auch da seh ich nichts :balla:
Mach bitte erstmal einen Quickscan mit aktuellem Malwarebytes. Danach machst du dich an alle Updates ran, mit etwas Glück ziehen die Windows-Updates im System einiges wieder gerade.

rairai 01.03.2014 11:18
Liste der Anhänge anzeigen (Anzahl: 1)
Ok Cosinus
das kann ich mal so machen -
der Quickscan hat 3 infizierte Stellen gefunden - siehe screenshot
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.25.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
M1 :: M1-PC [Administrator]

01.03.2014 11:18:34
MBAM-log-2014-03-01 (11-47-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223320
Laufzeit: 12 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39B931CF-F1E2-4D04-8129-9EE8159A91C5} (PUP.Optional.SavingsWizard.A) -> Keine Aktion durchgeführt.
HKLM\Software\awesomehpSoftware (PUP.Optional.Awesomehp.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|lightningnewtab@gmail.com (PUP.Optional.Lightning.A) -> Daten: C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\extensions\lightningnewtab@gmail.com.xpi -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Was macht die Hook.dll eigentlich? Kann man das evtl entbehren?
rairai

cosinus 01.03.2014 13:31
Zitat:
Was macht die Hook.dll eigentlich? Kann man das evtl entbehren?
Genau das meinte iuch doch dait, das ich dazu nichts in den letzten Logs zu gefunden habe
Installier mal bitte alle Windows-Updates.

rairai 01.03.2014 17:03
Hallo Cosinus,

woher bekomme ich die updates ohne Rsiko
ich habe jetzt mal folgenes zum herunterladen angeklickt:
Windows Vista Service Pack 2 - All Language Standalone-DVD-ISO (KB948465) - Direkt-Download

Service Pack 2, das neueste Service Pack für Windows Server 2008 und Windows Vista, unterstützt neue Hardware und neue Hardwarestandards, enthält alle seit SP1 bereitgestellten Updates und vereinfacht die Bereitstellung für Consumer, Entwickler und IT-Spezialisten. 22.06.2009

Das braucht bei meinem tollen Internet aber schon 1 Stunde

rairai

Hallo Cosinus,
Nach 1,5 Std herunterladen und dem Versuch das dann zu installieren, erhalte ich die Meldung: Dieses sei auf meinem Pc schon installiert oder bei 3 weiteren Downloads: Dies ist für mein System nicht die richtige Software!
So komme ich nicht weiter!
Ich habe geschätzt 500 bis 1000 Updates für Vista 32 Bit-System im Internet gefunden, das ist so nicht machbar für mich :(
Ich brauche bitte eine zielführendere Anleitung, was ich wie machen soll.
Wo und wie soll ich mir die Updates vornehmen???

Ich bin heute noch on und dann bis 7.3. offline, und hoffe, dass ich dann noch Hilfe bekomme.

rairai

cosinus 01.03.2014 17:47
Was heißt hier ohne Risiko, das Windows-Betriebssyste hat eine Updatefunktion eingebaut.
Systemsteuerung => Windows-Update ist doch nun ziemlich naheliegend

Zitat:
Ich brauche bitte eine zielführendere Anleitung, was ich wie machen soll.
Wo und wie soll ich mir die Updates vornehmen???
Du hast noch nie die Funktion Windows-Updates gesehen? Kaum zu glauben, in den Standardeinstellungen benachrichtigt Windows sofort wenn es neue Updates findet.

rairai 01.03.2014 17:51
Die Updates meinst du, das ist alles up to date da gibt es nix was nicht upgedatet ist

ich habe dich so verstanden dass etwas von Vista verloren gegangen ist durch das - In Quarantäne verschieben von Dateien die befallen sind - und nun soll das irgendwie wieder beschafft werden ???

rairai

cosinus 01.03.2014 17:53
Ok, dann sind alle Updates drin. Zur Hook-Meldung kann ich dir dann keine Lösung anbieten.

rairai 01.03.2014 17:54
Zitat:
Zitat von cosinus (Beitrag 1260766)
Ok, dann sind alle Updates drin. Zur Hook-Meldung kann ich dir kann dösung anbieten.
was meinst du? Hängt deine Tastatur vielleicht


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:48 Uhr.
Seite 3 von 4 12 3 4
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131