Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows Sicherheitscenter kann nicht gestartet werdem werden (https://www.trojaner-board.de/127053-windows-sicherheitscenter-gestartet-werdem.html)

mexx_muc 15.11.2012 18:46
Windows Sicherheitscenter kann nicht gestartet werdem werden
 
Hallo Zusammen,
Guten Tag,

bin neu hier und komme gleich mal mit einem Problem :heulen:

Ich glaube, ich habe mir was eingefangen:

- Windows Sicherheits Center kann nicht aktiviert werden
- Firewall kann nichtaktiviert werden
- Systemwiderherstellung funktioniert nicht

Mein Virenscanner ist Avira Premium 2012, der findt nichts.

Kapersky Rescue Disk hatwas gefunden, habe leider vergessen was.

Malwarebytes hat was gefunden und in Quarantäne geschoben

3 x PUM.Disable.SecurtyCenter
1 x PUP.BundleInstaller.BI
1 x Hijack.UaserInit
2 x Trojan.Agent

OTL Datei

Code:
OTL logfile created on: 15.11.2012 18:08:16 - Run 7
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Myname\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 66,26% Memory free
6,50 Gb Paging File | 5,39 Gb Available in Paging File | 82,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 240,29 Gb Total Space | 186,54 Gb Free Space | 77,63% Space Free | Partition Type: NTFS
Drive D: | 225,37 Gb Total Space | 148,20 Gb Free Space | 65,76% Space Free | Partition Type: NTFS
Drive G: | 991,22 Mb Total Space | 296,78 Mb Free Space | 29,94% Space Free | Partition Type: FAT
Drive I: | 3,80 Gb Total Space | 2,74 Gb Free Space | 72,19% Space Free | Partition Type: FAT32
Drive L: | 1,88 Gb Total Space | 1,86 Gb Free Space | 99,19% Space Free | Partition Type: FAT32
Drive N: | 465,76 Gb Total Space | 216,66 Gb Free Space | 46,52% Space Free | Partition Type: NTFS
 
Computer Name: Myname-PC | User Name: Myname | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Myname\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Myname\Desktop\Defogger.exe ()
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Users\Myname\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\McNeelUpdate\5.0\McNeelUpdateService.exe (Robert McNeel & Associates)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Synology\Assistant\UsbClientService.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Synology Data Replicator  3\SynoDrService.exe ()
PRC - C:\Users\Myname\Downloads\usbdlm\USBDLM\USBDLM.exe (Uwe Sieber - www.uwe-sieber.de)
PRC - C:\Users\Myname\Downloads\usbdlm\USBDLM\USBDLM_usr.exe (Uwe Sieber - www.uwe-sieber.de)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Myname\Desktop\Defogger.exe ()
MOD - C:\Programme\Evernote\Evernote\libxml2.dll ()
MOD - C:\Programme\Evernote\Evernote\libtidy.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (McNeelUpdate) -- C:\Programme\McNeelUpdate\5.0\McNeelUpdateService.exe (Robert McNeel & Associates)
SRV - (UsbClientService) -- C:\Programme\Synology\Assistant\UsbClientService.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SynoDrService) -- C:\Programme\Synology Data Replicator  3\SynoDrService.exe ()
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (USBDLM) -- C:\Users\Myname\Downloads\usbdlm\USBDLM\USBDLM.exe (Uwe Sieber - www.uwe-sieber.de)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (L6POD) -- C:\Windows\System32\drivers\L6POD.sys (Line 6)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (DELTAII) -- C:\Windows\System32\drivers\MAudioDelta.sys (Avid Technology, Inc.)
DRV - (busenum) -- C:\Windows\System32\drivers\busenum.sys (Windows (R) Win 7 DDK provider)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 F5 66 71 97 00 CD 01  [binary data]
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6OyMCutPgm&i=26
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..\SearchScopes\{F43D03C2-5462-4C8F-A2B8-4973076865EA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-448014278-3508612385-884602074-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Users/Myname/Music/Temp/Tunebite/.downloading/profile/rrproxy_ie_50411b31.pac
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.5.1
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.0.6
FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.100
FF - prefs.js..extensions.enabledAddons: readable@evernote.com:6.3337.321.777
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb174/?loc=IB_DS&a=6OyMCutPgm&&i=26&search="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2012.03.23 08:32:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.08.30 18:27:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:48:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:48:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.12 22:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:48:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:48:44 | 000,000,000 | ---D | M]
 
[2012.03.12 22:32:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myname\AppData\Roaming\mozilla\Extensions
[2012.09.30 19:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\7p34qz42.default\extensions
[2012.09.30 19:35:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\7p34qz42.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.29 11:16:06 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\7p34qz42.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012.03.13 00:03:04 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\7p34qz42.default\extensions\foxmarks@kei.com
[2012.11.14 21:31:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\yv8c7976.default-1349281826435\extensions
[2012.11.14 21:31:52 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\yv8c7976.default-1349281826435\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.10.06 22:35:14 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Myname\AppData\Roaming\mozilla\Firefox\Profiles\yv8c7976.default-1349281826435\extensions\ich@maltegoetz.de
[2012.09.11 19:32:38 | 000,382,926 | ---- | M] () (No name found) -- C:\Users\Myname\AppData\Roaming\mozilla\firefox\profiles\7p34qz42.default\extensions\readable@evernote.com.xpi
[2012.10.27 22:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.30 18:27:41 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.10.27 22:48:46 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.06.22 21:31:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.07 17:31:57 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.22 21:31:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.22 21:31:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 21:31:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 21:31:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.17 00:11:32 | 000,000,877 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Programme\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKU\S-1-5-21-448014278-3508612385-884602074-1001..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-448014278-3508612385-884602074-1001..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Myname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Myname\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Myname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Myname\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-448014278-3508612385-884602074-1001\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB1C6065-76BF-435D-9764-5EE6730FE45A}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.08.29 21:21:24 | 000,000,000 | ---D | M] - N:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.15 18:07:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Myname\Desktop\OTL.exe
[2012.11.14 22:01:24 | 000,000,000 | ---D | C] -- C:\Users\Myname\AppData\Roaming\SUPERAntiSpyware.com
[2012.11.14 22:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.11.14 22:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.11.14 22:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.11.14 21:31:55 | 000,000,000 | ---D | C] -- C:\Users\Myname\AppData\Roaming\QuickScan
[2012.11.14 00:47:04 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Myname\Desktop\aswMBR.exe
[2012.11.13 23:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.11.13 23:23:55 | 000,000,000 | ---D | C] -- C:\Users\Myname\AppData\Roaming\Malwarebytes
[2012.11.13 23:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.13 23:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.13 23:23:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.13 23:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.13 23:16:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.11.13 23:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.11.13 21:26:20 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.11.04 23:20:29 | 000,000,000 | ---D | C] -- C:\Users\Myname\.eventideupdateutility
[2012.11.04 12:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012.10.27 22:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.22 21:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.10.22 21:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.15 18:07:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Myname\Desktop\OTL.exe
[2012.11.15 18:02:15 | 000,004,464 | ---- | M] () -- C:\Users\Myname\Documents\cc_20121115_180212.reg
[2012.11.15 17:27:39 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.15 17:27:39 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.15 17:27:39 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.15 17:27:39 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.15 17:26:55 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 17:26:55 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 17:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.15 17:19:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.15 17:19:25 | 2616,500,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.14 22:21:32 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e39c0732-5390-4039-a447-a29a640927e4.job
[2012.11.14 22:21:32 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7ad3ed6e-5d8a-498c-9b73-da75d855fb2e.job
[2012.11.14 22:01:21 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.14 20:43:10 | 000,293,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.14 07:31:19 | 000,004,238 | ---- | M] () -- C:\Users\Myname\Documents\cc_20121114_073116.reg
[2012.11.14 00:56:55 | 000,000,000 | ---- | M] () -- C:\Users\Myname\defogger_reenable
[2012.11.14 00:55:53 | 000,050,477 | ---- | M] () -- C:\Users\Myname\Desktop\Defogger.exe
[2012.11.14 00:47:26 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Myname\Desktop\aswMBR.exe
[2012.11.13 23:59:33 | 000,302,592 | ---- | M] () -- C:\Users\Myname\Desktop\8sm0cer6.exe
[2012.11.13 23:23:44 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.13 23:12:25 | 000,004,826 | ---- | M] () -- C:\Users\Myname\Documents\cc_20121113_231220.reg
[2012.11.13 23:09:40 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.13 23:03:45 | 000,003,272 | ---- | M] () -- C:\bootsqm.dat
[2012.11.09 21:01:20 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\Synology Data Replicator 3-Myname-PC-Myname.job
[2012.10.20 20:36:51 | 109,702,299 | ---- | M] () -- C:\Users\Myname\Desktop\Bilder.zip
[2012.10.20 20:34:50 | 000,000,899 | ---- | M] () -- C:\Users\Myname\Desktop\Tunebite - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.15 18:02:14 | 000,004,464 | ---- | C] () -- C:\Users\Myname\Documents\cc_20121115_180212.reg
[2012.11.14 22:01:30 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e39c0732-5390-4039-a447-a29a640927e4.job
[2012.11.14 22:01:29 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7ad3ed6e-5d8a-498c-9b73-da75d855fb2e.job
[2012.11.14 22:01:21 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.14 07:31:17 | 000,004,238 | ---- | C] () -- C:\Users\Myname\Documents\cc_20121114_073116.reg
[2012.11.14 00:56:55 | 000,000,000 | ---- | C] () -- C:\Users\Myname\defogger_reenable
[2012.11.14 00:55:51 | 000,050,477 | ---- | C] () -- C:\Users\Myname\Desktop\Defogger.exe
[2012.11.13 23:59:21 | 000,302,592 | ---- | C] () -- C:\Users\Myname\Desktop\8sm0cer6.exe
[2012.11.13 23:23:44 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.13 23:12:24 | 000,004,826 | ---- | C] () -- C:\Users\Myname\Documents\cc_20121113_231220.reg
[2012.11.13 23:03:45 | 000,003,272 | ---- | C] () -- C:\bootsqm.dat
[2012.10.20 20:35:45 | 109,702,299 | ---- | C] () -- C:\Users\Myname\Desktop\Bilder.zip
[2012.08.17 18:41:23 | 000,000,032 | ---- | C] () -- C:\Users\Myname\.simfy
[2012.08.02 22:13:36 | 000,005,632 | ---- | C] () -- C:\Users\Myname\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.22 21:40:32 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
[2012.07.21 21:14:05 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2012.07.21 21:11:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2012.07.21 21:11:07 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2012.06.16 22:42:15 | 000,005,084 | ---- | C] () -- C:\ProgramData\yotmwslu.srw
[2012.05.12 19:09:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.29 13:49:59 | 000,160,101 | ---- | C] () -- C:\Windows\ScanWiz Uninstaller.exe
[2012.04.22 10:55:16 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfwad.bin
[2012.04.06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.04.06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.04.05 21:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.01 09:35:09 | 000,000,665 | ---- | C] () -- C:\Users\Myname\Myname - Verknüpfung.lnk
[2012.03.30 20:45:23 | 000,000,004 | ---- | C] () -- C:\Users\Myname\AppData\Local\pcdit.dat
[2012.03.30 20:44:14 | 000,000,036 | ---- | C] () -- C:\ProgramData\InstallAlibre.config
[2012.03.26 22:32:33 | 000,000,400 | ---- | C] () -- C:\Windows\System32\drivers\ddpnqch185.dat
[2012.03.26 22:32:33 | 000,000,400 | ---- | C] () -- C:\Windows\d_jdmjol162.ini
[2012.03.25 21:33:32 | 000,212,269 | ---- | C] () -- C:\Users\Myname\AppData\Roaming\UserTile.png
[2012.03.22 20:34:39 | 000,000,323 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.03.22 20:34:39 | 000,000,161 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.03.22 20:33:56 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2012.03.22 20:33:56 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.03.22 20:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.03.21 23:18:56 | 000,000,400 | ---- | C] () -- C:\Windows\g_jdmjol294.ini
[2012.03.21 23:18:56 | 000,000,400 | ---- | C] () -- C:\Windows\System32\drivers\bdpnqch691.dat
[2012.03.16 21:37:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.03.12 23:19:55 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.03.12 23:19:55 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7820N.DAT
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.01.10 22:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.02.18 16:28:16 | 000,236,040 | ---- | C] () -- C:\Windows\System32\DeltaIITray.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.03.30 20:45:42 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Alibre Design
[2012.03.30 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Alibre, Inc
[2012.08.12 10:14:26 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Audacity
[2012.04.01 18:40:23 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Canneverbe Limited
[2012.03.27 23:06:21 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\com.Rhapsody.Napster5
[2012.11.15 17:23:04 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Dropbox
[2012.09.30 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\DVDVideoSoft
[2012.09.30 19:35:47 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.22 10:56:06 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\EPSON
[2012.10.21 20:58:22 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\FileZilla
[2012.06.01 05:31:32 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Foxit Software
[2012.06.09 10:53:22 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Free iPad Video Converter
[2012.03.13 20:37:14 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Guitar Pro 6
[2012.08.30 13:47:41 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Haudm
[2012.07.22 21:43:35 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Line 6
[2012.03.26 22:33:10 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\McNeel
[2012.04.08 00:02:25 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\MecSoft Corporation
[2012.06.16 22:42:19 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Moi
[2012.04.01 20:57:58 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\mp3DirectCut
[2012.04.01 09:01:00 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\MusicBrainz
[2012.03.17 18:45:08 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\OpenOffice.org
[2012.05.12 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Orbit
[2012.08.30 13:16:41 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Paipby
[2012.04.29 13:45:20 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\PC-FAX TX
[2012.10.12 19:55:55 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\pdfforge
[2012.04.09 15:44:55 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\ProgSense
[2012.04.14 18:01:48 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\PTC
[2012.11.14 21:31:58 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\QuickScan
[2012.08.29 22:53:56 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Seyc
[2012.08.17 18:41:23 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Simfy
[2012.08.30 18:14:44 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Spotify
[2012.03.12 22:40:55 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Thunderbird
[2012.09.14 10:06:11 | 000,000,000 | ---D | M] -- C:\Users\Myname\AppData\Roaming\Windows SideBar
[2012.03.24 23:03:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
Extra-Datei erstellt mir OTL leiderkeine? Vielleicht weil ich schon ein paar mal gescannt habe?

GMER Log-File

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-15 18:22:35
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500418AS rev.CC38
Running: 8sm0cer6.exe; Driver: C:\Users\MyName\AppData\Local\Temp\pwdiypoc.sys


---- System - GMER 1.0.15 ----

SSDT            92C53A1E                                                                                        ZwCreateSection
SSDT            92C539F6                                                                                        ZwCreateSymbolicLinkObject
SSDT            92C539FB                                                                                        ZwLoadDriver
SSDT            92C539F1                                                                                        ZwOpenSection
SSDT            92C53A28                                                                                        ZwRequestWaitReplyPort
SSDT            92C53A23                                                                                        ZwSetContextThread
SSDT            92C53A2D                                                                                        ZwSetSecurityObject
SSDT            92C53A00                                                                                        ZwSetSystemInformation
SSDT            92C53A32                                                                                        ZwSystemDebugControl
SSDT            92C539BF                                                                                        ZwTerminateProcess
SSDT            92C539BA                                                                                        ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                        82E7CA49 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                          82EB64D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              82EBD62C 4 Bytes  [1E, 3A, C5, 92] {PUSH DS; CMP AL, CH; XCHG EDX, EAX}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11FF                                                              82EBD634 4 Bytes  [F6, 39, C5, 92]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                              82EBD748 4 Bytes  [FB, 39, C5, 92] {STI ; CMP EBP, EAX; XCHG EDX, EAX}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 13AF                                                              82EBD7E4 4 Bytes  [F1, 39, C5, 92] {INT1 ; CMP EBP, EAX; XCHG EDX, EAX}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                              82EBD988 4 Bytes  [28, 3A, C5, 92]
.text          ...                                                                                             
.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                        section is writeable [0x92036000, 0x3DBAA0, 0xE8000020]
.text          peauth.sys                                                                                      9F638C9D 28 Bytes  [9E, AE, 65, D4, E8, C5, 2F, ...]
.text          peauth.sys                                                                                      9F638CC1 28 Bytes  [9E, AE, 65, D4, E8, C5, 2F, ...]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume10                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume11                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                        fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000c55ffe0b0                     
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000c55ffe0b0 (not active ControlSet) 

---- EOF - GMER 1.0.15 ----
Was kann ich machen?

Mit der Bitte um Hilfe.

Herzlichen Dank im Voraus.

mexx_muc

Hallo,hat sich erledigt, ich mache den Rechner Platt. Danke und Gruss mexx_muc

cosinus 17.11.2012 02:32
Zitat:
Hallo,hat sich erledigt, ich mache den Rechner Platt. Danke und Gruss mexx_muc
Hallo,

die Info wäre fast untergegangen :D

mexx_muc 17.11.2012 08:38
Ja, habe ich mir danach auch gedacht. Sorry. Ich habe auf meinen eigenen Beitrag geantwortet und die Antwort stand dann im Beitrag selbst....
Gruss mexx


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:34 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129