Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows Sicherheitscenter kann nicht gestartet werdem werden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.11.2012, 17:46   #1
mexx_muc
 
Windows  Sicherheitscenter kann nicht gestartet werdem werden - Standard

Windows Sicherheitscenter kann nicht gestartet werdem werden



Hallo Zusammen,
Guten Tag,

bin neu hier und komme gleich mal mit einem Problem

Ich glaube, ich habe mir was eingefangen:

- Windows Sicherheits Center kann nicht aktiviert werden
- Firewall kann nichtaktiviert werden
- Systemwiderherstellung funktioniert nicht

Mein Virenscanner ist Avira Premium 2012, der findt nichts.

Kapersky Rescue Disk hatwas gefunden, habe leider vergessen was.

Malwarebytes hat was gefunden und in Quarantäne geschoben

3 x PUM.Disable.SecurtyCenter
1 x PUP.BundleInstaller.BI
1 x Hijack.UaserInit
2 x Trojan.Agent

OTL Datei

Code:
ATTFilter
OTL logfile created on: 15.11.2012 18:08:16 - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Myname\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 66,26% Memory free
6,50 Gb Paging File | 5,39 Gb Available in Paging File | 82,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 240,29 Gb Total Space | 186,54 Gb Free Space | 77,63% Space Free | Partition Type: NTFS
Drive D: | 225,37 Gb Total Space | 148,20 Gb Free Space | 65,76% Space Free | Partition Type: NTFS
Drive G: | 991,22 Mb Total Space | 296,78 Mb Free Space | 29,94% Space Free | Partition Type: FAT
Drive I: | 3,80 Gb Total Space | 2,74 Gb Free Space | 72,19% Space Free | Partition Type: FAT32
Drive L: | 1,88 Gb Total Space | 1,86 Gb Free Space | 99,19% Space Free | Partition Type: FAT32
Drive N: | 465,76 Gb Total Space | 216,66 Gb Free Space | 46,52% Space Free | Partition Type: NTFS
 
Computer Name: Myname-PC | User Name: Myname | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Myname\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Myname\Desktop\Defogger.exe ()
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Users\Myname\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\McNeelUpdate\5.0\McNeelUpdateService.exe (Robert McNeel & Associates)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Synology\Assistant\UsbClientService.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Synology Data Replicator  3\SynoDrService.exe ()
PRC - C:\Users\Myname\Downloads\usbdlm\USBDLM\USBDLM.exe (Uwe Sieber - www.uwe-sieber.de)
PRC - C:\Users\Myname\Downloads\usbdlm\USBDLM\USBDLM_usr.exe (Uwe Sieber - www.uwe-sieber.de)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Myname\Desktop\Defogger.exe ()
MOD - C:\Programme\Evernote\Evernote\libxml2.dll ()
MOD - C:\Programme\Evernote\Evernote\libtidy.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (McNeelUpdate) -- C:\Programme\McNeelUpdate\5.0\McNeelUpdateService.exe (Robert McNeel & Associates)
SRV - (UsbClientService) -- C:\Programme\Synology\Assistant\UsbClientService.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SynoDrService) -- C:\Programme\Synology Data Replicator  3\SynoDrService.exe ()
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (USBDLM) -- C:\Users\Myname\Downloads\usbdlm\USBDLM\USBDLM.exe (Uwe Sieber - www.uwe-sieber.de)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (L6POD) -- C:\Windows\System32\drivers\L6POD.sys (Line 6)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (DELTAII) -- C:\Windows\System32\drivers\MAudioDelta.sys (Avid Technology, Inc.)
DRV - (busenum) -- C:\Windows\System32\drivers\busenum.sys (Windows (R) Win 7 DDK provider)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 F5 66 71 97 00 CD 01  [binary data]
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6OyMCutPgm&i=26
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..\SearchScopes\{F43D03C2-5462-4C8F-A2B8-4973076865EA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Users/Myname/Music/Temp/Tunebite/.downloading/profile/rrproxy_ie_50411b31.pac
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.5.1
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.0.6
FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.100
FF - prefs.js..extensions.enabledAddons: readable@evernote.com:6.3337.321.777
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb174/?loc=IB_DS&a=6OyMCutPgm&&i=26&search="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2012.03.23 08:32:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.08.30 18:27:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:48:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:48:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.12 22:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:48:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:48:44 | 000,000,000 | ---D | M]
 
[2012.03.12 22:32:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myname\AppData\Roaming\mozilla\Extensions
[2012.09.30 19:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\7p34qz42.default\extensions
[2012.09.30 19:35:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\7p34qz42.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.29 11:16:06 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\7p34qz42.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012.03.13 00:03:04 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\7p34qz42.default\extensions\foxmarks@kei.com
[2012.11.14 21:31:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\yv8c7976.default-1349281826435\extensions
[2012.11.14 21:31:52 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\yv8c7976.default-1349281826435\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.10.06 22:35:14 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\yv8c7976.default-1349281826435\extensions\ich@maltegoetz.de
[2012.09.11 19:32:38 | 000,382,926 | ---- | M] () (No name found) -- C:\Users\Myname\AppData\Roaming\mozilla\firefox\profiles\7p34qz42.default\extensions\readable@evernote.com.xpi
[2012.10.27 22:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.30 18:27:41 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.10.27 22:48:46 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.06.22 21:31:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.07 17:31:57 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.22 21:31:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.22 21:31:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 21:31:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 21:31:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.17 00:11:32 | 000,000,877 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Programme\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKU\S-1-5-21-448014278-3508612385-884602074-1001..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-448014278-3508612385-884602074-1001..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Myname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Myname\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Myname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Myname\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB1C6065-76BF-435D-9764-5EE6730FE45A}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.08.29 21:21:24 | 000,000,000 | ---D | M] - N:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.15 18:07:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Myname\Desktop\OTL.exe
[2012.11.14 22:01:24 | 000,000,000 | ---D | C] -- C:\Users\Myname\AppData\Roaming\SUPERAntiSpyware.com
[2012.11.14 22:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.11.14 22:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.11.14 22:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.11.14 21:31:55 | 000,000,000 | ---D | C] -- C:\Users\Myname\AppData\Roaming\QuickScan
[2012.11.14 00:47:04 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Myname\Desktop\aswMBR.exe
[2012.11.13 23:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.11.13 23:23:55 | 000,000,000 | ---D | C] -- C:\Users\Myname\AppData\Roaming\Malwarebytes
[2012.11.13 23:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.13 23:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.13 23:23:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.13 23:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.13 23:16:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.11.13 23:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.11.13 21:26:20 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.11.04 23:20:29 | 000,000,000 | ---D | C] -- C:\Users\Myname\.eventideupdateutility
[2012.11.04 12:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012.10.27 22:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.22 21:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.10.22 21:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.15 18:07:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Myname\Desktop\OTL.exe
[2012.11.15 18:02:15 | 000,004,464 | ---- | M] () -- C:\Users\Myname\Documents\cc_20121115_180212.reg
[2012.11.15 17:27:39 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.15 17:27:39 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.15 17:27:39 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.15 17:27:39 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.15 17:26:55 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 17:26:55 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 17:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.15 17:19:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.15 17:19:25 | 2616,500,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.14 22:21:32 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e39c0732-5390-4039-a447-a29a640927e4.job
[2012.11.14 22:21:32 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7ad3ed6e-5d8a-498c-9b73-da75d855fb2e.job
[2012.11.14 22:01:21 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.14 20:43:10 | 000,293,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.14 07:31:19 | 000,004,238 | ---- | M] () -- C:\Users\Myname\Documents\cc_20121114_073116.reg
[2012.11.14 00:56:55 | 000,000,000 | ---- | M] () -- C:\Users\Myname\defogger_reenable
[2012.11.14 00:55:53 | 000,050,477 | ---- | M] () -- C:\Users\Myname\Desktop\Defogger.exe
[2012.11.14 00:47:26 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Myname\Desktop\aswMBR.exe
[2012.11.13 23:59:33 | 000,302,592 | ---- | M] () -- C:\Users\Myname\Desktop\8sm0cer6.exe
[2012.11.13 23:23:44 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.13 23:12:25 | 000,004,826 | ---- | M] () -- C:\Users\Myname\Documents\cc_20121113_231220.reg
[2012.11.13 23:09:40 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.13 23:03:45 | 000,003,272 | ---- | M] () -- C:\bootsqm.dat
[2012.11.09 21:01:20 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\Synology Data Replicator 3-Myname-PC-Myname.job
[2012.10.20 20:36:51 | 109,702,299 | ---- | M] () -- C:\Users\Myname\Desktop\Bilder.zip
[2012.10.20 20:34:50 | 000,000,899 | ---- | M] () -- C:\Users\Myname\Desktop\Tunebite - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.15 18:02:14 | 000,004,464 | ---- | C] () -- C:\Users\Myname\Documents\cc_20121115_180212.reg
[2012.11.14 22:01:30 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e39c0732-5390-4039-a447-a29a640927e4.job
[2012.11.14 22:01:29 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7ad3ed6e-5d8a-498c-9b73-da75d855fb2e.job
[2012.11.14 22:01:21 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.14 07:31:17 | 000,004,238 | ---- | C] () -- C:\Users\Myname\Documents\cc_20121114_073116.reg
[2012.11.14 00:56:55 | 000,000,000 | ---- | C] () -- C:\Users\Myname\defogger_reenable
[2012.11.14 00:55:51 | 000,050,477 | ---- | C] () -- C:\Users\Myname\Desktop\Defogger.exe
[2012.11.13 23:59:21 | 000,302,592 | ---- | C] () -- C:\Users\Myname\Desktop\8sm0cer6.exe
[2012.11.13 23:23:44 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.13 23:12:24 | 000,004,826 | ---- | C] () -- C:\Users\Myname\Documents\cc_20121113_231220.reg
[2012.11.13 23:03:45 | 000,003,272 | ---- | C] () -- C:\bootsqm.dat
[2012.10.20 20:35:45 | 109,702,299 | ---- | C] () -- C:\Users\Myname\Desktop\Bilder.zip
[2012.08.17 18:41:23 | 000,000,032 | ---- | C] () -- C:\Users\Myname\.simfy
[2012.08.02 22:13:36 | 000,005,632 | ---- | C] () -- C:\Users\Myname\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.22 21:40:32 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
[2012.07.21 21:14:05 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2012.07.21 21:11:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2012.07.21 21:11:07 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2012.06.16 22:42:15 | 000,005,084 | ---- | C] () -- C:\ProgramData\yotmwslu.srw
[2012.05.12 19:09:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.29 13:49:59 | 000,160,101 | ---- | C] () -- C:\Windows\ScanWiz Uninstaller.exe
[2012.04.22 10:55:16 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfwad.bin
[2012.04.06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.04.06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.04.05 21:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.01 09:35:09 | 000,000,665 | ---- | C] () -- C:\Users\Myname\Myname - Verknüpfung.lnk
[2012.03.30 20:45:23 | 000,000,004 | ---- | C] () -- C:\Users\Myname\AppData\Local\pcdit.dat
[2012.03.30 20:44:14 | 000,000,036 | ---- | C] () -- C:\ProgramData\InstallAlibre.config
[2012.03.26 22:32:33 | 000,000,400 | ---- | C] () -- C:\Windows\System32\drivers\ddpnqch185.dat
[2012.03.26 22:32:33 | 000,000,400 | ---- | C] () -- C:\Windows\d_jdmjol162.ini
[2012.03.25 21:33:32 | 000,212,269 | ---- | C] () -- C:\Users\Myname\AppData\Roaming\UserTile.png
[2012.03.22 20:34:39 | 000,000,323 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.03.22 20:34:39 | 000,000,161 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.03.22 20:33:56 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2012.03.22 20:33:56 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.03.22 20:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.03.21 23:18:56 | 000,000,400 | ---- | C] () -- C:\Windows\g_jdmjol294.ini
[2012.03.21 23:18:56 | 000,000,400 | ---- | C] () -- C:\Windows\System32\drivers\bdpnqch691.dat
[2012.03.16 21:37:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.03.12 23:19:55 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.03.12 23:19:55 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7820N.DAT
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.01.10 22:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.02.18 16:28:16 | 000,236,040 | ---- | C] () -- C:\Windows\System32\DeltaIITray.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.03.30 20:45:42 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Alibre Design
[2012.03.30 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Alibre, Inc
[2012.08.12 10:14:26 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Audacity
[2012.04.01 18:40:23 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Canneverbe Limited
[2012.03.27 23:06:21 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\com.Rhapsody.Napster5
[2012.11.15 17:23:04 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Dropbox
[2012.09.30 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\DVDVideoSoft
[2012.09.30 19:35:47 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.22 10:56:06 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\EPSON
[2012.10.21 20:58:22 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\FileZilla
[2012.06.01 05:31:32 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Foxit Software
[2012.06.09 10:53:22 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Free iPad Video Converter
[2012.03.13 20:37:14 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Guitar Pro 6
[2012.08.30 13:47:41 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Haudm
[2012.07.22 21:43:35 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Line 6
[2012.03.26 22:33:10 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\McNeel
[2012.04.08 00:02:25 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\MecSoft Corporation
[2012.06.16 22:42:19 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Moi
[2012.04.01 20:57:58 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\mp3DirectCut
[2012.04.01 09:01:00 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\MusicBrainz
[2012.03.17 18:45:08 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\OpenOffice.org
[2012.05.12 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Orbit
[2012.08.30 13:16:41 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Paipby
[2012.04.29 13:45:20 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\PC-FAX TX
[2012.10.12 19:55:55 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\pdfforge
[2012.04.09 15:44:55 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\ProgSense
[2012.04.14 18:01:48 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\PTC
[2012.11.14 21:31:58 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\QuickScan
[2012.08.29 22:53:56 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Seyc
[2012.08.17 18:41:23 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Simfy
[2012.08.30 18:14:44 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Spotify
[2012.03.12 22:40:55 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Thunderbird
[2012.09.14 10:06:11 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Windows SideBar
[2012.03.24 23:03:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         
Extra-Datei erstellt mir OTL leiderkeine? Vielleicht weil ich schon ein paar mal gescannt habe?

GMER Log-File

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-15 18:22:35
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500418AS rev.CC38
Running: 8sm0cer6.exe; Driver: C:\Users\MyName\AppData\Local\Temp\pwdiypoc.sys


---- System - GMER 1.0.15 ----

SSDT            92C53A1E                                                                                         ZwCreateSection
SSDT            92C539F6                                                                                         ZwCreateSymbolicLinkObject
SSDT            92C539FB                                                                                         ZwLoadDriver
SSDT            92C539F1                                                                                         ZwOpenSection
SSDT            92C53A28                                                                                         ZwRequestWaitReplyPort
SSDT            92C53A23                                                                                         ZwSetContextThread
SSDT            92C53A2D                                                                                         ZwSetSecurityObject
SSDT            92C53A00                                                                                         ZwSetSystemInformation
SSDT            92C53A32                                                                                         ZwSystemDebugControl
SSDT            92C539BF                                                                                         ZwTerminateProcess
SSDT            92C539BA                                                                                         ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         82E7CA49 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82EB64D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              82EBD62C 4 Bytes  [1E, 3A, C5, 92] {PUSH DS; CMP AL, CH; XCHG EDX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11FF                                                              82EBD634 4 Bytes  [F6, 39, C5, 92]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                              82EBD748 4 Bytes  [FB, 39, C5, 92] {STI ; CMP EBP, EAX; XCHG EDX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 13AF                                                              82EBD7E4 4 Bytes  [F1, 39, C5, 92] {INT1 ; CMP EBP, EAX; XCHG EDX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                              82EBD988 4 Bytes  [28, 3A, C5, 92]
.text           ...                                                                                              
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x92036000, 0x3DBAA0, 0xE8000020]
.text           peauth.sys                                                                                       9F638C9D 28 Bytes  [9E, AE, 65, D4, E8, C5, 2F, ...]
.text           peauth.sys                                                                                       9F638CC1 28 Bytes  [9E, AE, 65, D4, E8, C5, 2F, ...]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume10                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume11                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000c55ffe0b0                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000c55ffe0b0 (not active ControlSet)  

---- EOF - GMER 1.0.15 ----
         
Was kann ich machen?

Mit der Bitte um Hilfe.

Herzlichen Dank im Voraus.

mexx_muc

Hallo,hat sich erledigt, ich mache den Rechner Platt. Danke und Gruss mexx_muc

Alt 17.11.2012, 01:32   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows  Sicherheitscenter kann nicht gestartet werdem werden - Standard

Windows Sicherheitscenter kann nicht gestartet werdem werden



Zitat:
Hallo,hat sich erledigt, ich mache den Rechner Platt. Danke und Gruss mexx_muc
Hallo,

die Info wäre fast untergegangen
__________________

__________________

Alt 17.11.2012, 07:38   #3
mexx_muc
 
Windows  Sicherheitscenter kann nicht gestartet werdem werden - Standard

Windows Sicherheitscenter kann nicht gestartet werdem werden



Ja, habe ich mir danach auch gedacht. Sorry. Ich habe auf meinen eigenen Beitrag geantwortet und die Antwort stand dann im Beitrag selbst....
Gruss mexx
__________________

Antwort

Themen zu Windows Sicherheitscenter kann nicht gestartet werdem werden
antivir, application/pdf:, autorun, avast, avg, avira, bho, bonjour, c:\windows\system32\cmd.exe, defender, downloader, error, explorer, firefox, flash player, format, ftp, helper, kaspersky, logfile, object, problem, registry, scan, software, superantispyware, synology, taskhost.exe, windows



Ähnliche Themen: Windows Sicherheitscenter kann nicht gestartet werdem werden


  1. Windows 7: Nach BKA Trojaner Fehlermeldung beim Starten, Windows Sicherheitscenter kann nicht gestartet werden
    Log-Analyse und Auswertung - 18.11.2014 (9)
  2. Windows 7 - Sicherheitscenterdienst kann nicht gestartet werden
    Log-Analyse und Auswertung - 01.11.2014 (3)
  3. Windows 7 : Sicherheitscenter bleibt deaktiviert , Microsoft Security Essentials kann nicht gestartet werden
    Log-Analyse und Auswertung - 04.09.2013 (21)
  4. Der Windows- Sicherheitscenterdienst kann nicht gestartet werden.
    Plagegeister aller Art und deren Bekämpfung - 29.03.2013 (6)
  5. Der Windows Sicherheitcenterdienst kann nicht gestartet werden
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (23)
  6. Windows Sicherheitscenter kann nicht gestartet werden
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (33)
  7. Redirect + Windows-Sicherheitscenter kann nicht gestartet werden
    Log-Analyse und Auswertung - 06.09.2012 (17)
  8. Windows Sicherheitscenterdienst kann nicht gestartet werden - Malware?
    Log-Analyse und Auswertung - 30.07.2011 (1)
  9. Windows-Sicherheitscenterdienst kann nicht gestartet werden
    Log-Analyse und Auswertung - 03.07.2011 (5)
  10. Windows-Sicherheitscenterdienst kann nicht gestartet werden
    Log-Analyse und Auswertung - 29.06.2011 (16)
  11. Windows Sicherheitsdienst kann nicht gestartet werden
    Plagegeister aller Art und deren Bekämpfung - 26.06.2011 (1)
  12. Windows kann nicht gestartet werden.
    Alles rund um Windows - 08.05.2011 (2)
  13. Goggle Redirects unter Firefox & Windows Sicherheitscenter kann nicht gestartet werden
    Log-Analyse und Auswertung - 19.04.2011 (16)
  14. Windows kann nicht gestartet werden (Dringender Notfall!)
    Alles rund um Windows - 26.03.2011 (3)
  15. Der Windows-Sicherheitscenterdienst kann nicht gestartet werden
    Plagegeister aller Art und deren Bekämpfung - 31.01.2011 (4)
  16. Der Windows-Sicherheitsdienst kann nicht gestartet werden
    Plagegeister aller Art und deren Bekämpfung - 24.12.2010 (10)
  17. Windows Firewall Dienst kann nicht gestartet werden
    Log-Analyse und Auswertung - 13.11.2008 (1)

Zum Thema Windows Sicherheitscenter kann nicht gestartet werdem werden - Hallo Zusammen, Guten Tag, bin neu hier und komme gleich mal mit einem Problem Ich glaube, ich habe mir was eingefangen: - Windows Sicherheits Center kann nicht aktiviert werden - - Windows Sicherheitscenter kann nicht gestartet werdem werden...
Archiv
Du betrachtest: Windows Sicherheitscenter kann nicht gestartet werdem werden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.