Sicherheitscenter deaktiviert sich ständig
Hallo,
ich habe das selbe Problem, der Sicherheitscenter deaktiviert sich ständug.
Ich habe den CCLeaner, Malwarebytes, MBR, Hijackthis, OTL und combofix laufen lassen.
Das Problem verschwindet nicht.
Hier der Log combofix: Code:
ComboFix 11-01-28.02 - Jenny 29.01.2011 11:26:12.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.1013.455 [GMT 1:00]
ausgeführt von:: e:\users\Jenny\Downloads\cf.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
e:\programdata\Microsoft\Network\Downloader\qmgr0.dat
e:\programdata\Microsoft\Network\Downloader\qmgr1.dat
e:\users\Jenny\AppData\Local\acxEventlib\Acrocfgdsc.dll
e:\users\Jenny\AppData\Roaming\Local
e:\users\Jenny\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
e:\users\Jenny\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
e:\users\Jenny\AppData\Roaming\Local\Temp\DDM\Settings\stars_cats.eye.ein.supertrio.e33.xvid.avi.ddr
e:\users\Jenny\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\stars_cats.eye.ein.supertrio.e33.xvid.avi.ddp
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\games\00d2dfc64c07a4f32824abac1d6f735b
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\games\3e4265e00cbc4a9cf22a105046a46d8a
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\games\44a5d79f5451d3036ba3986425e234c8
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\games\GameCategories.xml
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\games\GameTypes.xml
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\guid.dat
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\preferences.dat
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\stats.dat
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\uninstallFF.dat
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\weather\02746d7769634c669fa479cc639a6e02
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\weather\3d4d474e84c72d1e4bfe4c0bc35bdcfe
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\weather\forecasts_cache.xml
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\weather\observations_cache.xml
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\weatherbutton_prefs.xml
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\widgets_cache\84b70525cff6359fdeca553342c23e4c
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\widgets_cache\bf5b6317ae07da699882fc948f22eda4
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\widgets_cache\category_cache.xml
e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\searchqutb\widgets_cache\widget_cache.xml
----- BITS: Eventuell infizierte Webseiten -----
hxxp://download.windowsupdate.com
e:\windows\system32\userinit.exe . . . ist infiziert!!
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-28 bis 2011-01-29 ))))))))))))))))))))))))))))))
.
2011-01-29 10:37 . 2011-01-29 10:37 -------- d-----w- e:\users\Default\AppData\Local\temp
2011-01-29 09:55 . 2011-01-29 09:55 -------- d-----w- E:\_OTL
2011-01-28 19:54 . 2011-01-28 19:54 -------- d-----w- e:\windows\system32\sda
2011-01-28 19:53 . 2009-06-24 09:59 167424 ----a-w- e:\windows\system32\drivers\RtsUStor.sys
2011-01-28 19:53 . 2009-06-22 10:51 270336 ----a-w- e:\windows\system32\RtsUStor.dll
2011-01-28 19:49 . 2009-02-02 17:27 7360512 ------r- e:\windows\system32\RTSUSTORicon.dll
2011-01-28 19:46 . 2011-01-28 19:48 -------- d-----w- E:\Medion
2011-01-28 07:13 . 2010-03-04 04:04 146304 ----a-w- e:\windows\system32\drivers\usbvideo.sys
2011-01-28 07:13 . 2010-03-04 03:57 190976 ----a-w- e:\windows\system32\drivers\ks.sys
2011-01-28 03:07 . 2009-09-10 05:52 257024 ----a-w- e:\windows\system32\msv1_0.dll
2011-01-28 02:07 . 2010-10-19 08:10 7680 ----a-w- e:\program files\Internet Explorer\iecompat.dll
2011-01-28 02:06 . 2009-09-26 05:58 194488 ----a-w- e:\windows\system32\drivers\fvevol.sys
2011-01-28 02:06 . 2010-08-04 06:18 641536 ----a-w- e:\windows\system32\CPFilters.dll
2011-01-28 02:06 . 2010-08-04 06:17 417792 ----a-w- e:\windows\system32\msdri.dll
2011-01-28 02:06 . 2010-08-04 06:15 204288 ----a-w- e:\windows\system32\MSNP.ax
2011-01-28 02:06 . 2010-02-11 07:10 293376 ----a-w- e:\windows\system32\browserchoice.exe
2011-01-28 02:06 . 2010-08-04 06:15 199680 ----a-w- e:\windows\system32\mpg2splt.ax
2011-01-28 02:06 . 2009-12-13 09:30 465408 ----a-w- e:\windows\system32\psisdecd.dll
2011-01-28 02:06 . 2010-03-24 06:37 1286456 ----a-w- e:\windows\system32\ntdll.dll
2011-01-28 02:05 . 2010-07-13 05:22 26504 ----a-w- e:\windows\system32\drivers\Diskdump.sys
2011-01-28 02:05 . 2010-04-07 07:10 571904 ----a-w- e:\windows\system32\oleaut32.dll
2011-01-28 02:05 . 2010-01-18 23:29 365568 ----a-w- e:\windows\system32\secproc_isv.dll
2011-01-28 02:05 . 2010-01-18 23:29 85504 ----a-w- e:\windows\system32\secproc_ssp_isv.dll
2011-01-28 02:05 . 2010-01-18 23:29 369152 ----a-w- e:\windows\system32\secproc.dll
2011-01-28 02:05 . 2010-01-18 23:28 324608 ----a-w- e:\windows\system32\RMActivate_isv.exe
2011-01-28 02:05 . 2010-01-18 23:28 320512 ----a-w- e:\windows\system32\RMActivate.exe
2011-01-28 02:05 . 2010-01-18 23:29 85504 ----a-w- e:\windows\system32\secproc_ssp.dll
2011-01-28 02:05 . 2010-01-18 23:28 277504 ----a-w- e:\windows\system32\RMActivate_ssp_isv.exe
2011-01-28 02:05 . 2010-01-18 23:28 280064 ----a-w- e:\windows\system32\RMActivate_ssp.exe
2011-01-28 01:56 . 2010-06-14 06:12 1286016 ----a-w- e:\windows\system32\drivers\tcpip.sys
2011-01-28 01:56 . 2010-06-19 06:23 37376 ----a-w- e:\windows\system32\rtutils.dll
2011-01-28 01:55 . 2010-08-31 04:32 954752 ----a-w- e:\windows\system32\mfc40.dll
2011-01-28 01:55 . 2010-08-31 04:32 954288 ----a-w- e:\windows\system32\mfc40u.dll
2011-01-28 01:55 . 2010-10-20 04:54 34304 ----a-w- e:\windows\system32\atmlib.dll
2011-01-28 01:55 . 2010-10-20 02:58 294400 ----a-w- e:\windows\system32\atmfd.dll
2011-01-28 01:55 . 2009-10-19 14:10 70656 ----a-w- e:\windows\system32\fontsub.dll
2011-01-28 01:53 . 2010-06-08 06:02 1233920 ----a-w- e:\windows\system32\msxml3.dll
2011-01-28 01:52 . 2010-02-27 07:32 221696 ----a-w- e:\windows\system32\drivers\mrxsmb10.sys
2011-01-28 01:50 . 2010-08-21 05:32 316928 ----a-w- e:\windows\system32\spoolsv.exe
2011-01-28 01:50 . 2010-06-29 04:57 4247040 ----a-w- e:\program files\Windows NT\Accessories\wordpad.exe
2011-01-28 01:50 . 2010-06-29 05:02 1413632 ----a-w- e:\windows\system32\ole32.dll
2011-01-28 01:50 . 2009-10-31 05:45 2614272 ----a-w- e:\windows\explorer.exe
2011-01-28 01:50 . 2009-10-28 06:17 285696 ----a-w- e:\windows\system32\winlogon.exe
2011-01-28 01:50 . 2010-08-21 05:36 224256 ----a-w- e:\windows\system32\schannel.dll
2011-01-28 01:50 . 2010-10-27 04:32 2048 ----a-w- e:\windows\system32\tzres.dll
2011-01-28 01:49 . 2010-08-26 04:39 109056 ----a-w- e:\windows\system32\t2embed.dll
2011-01-28 01:49 . 2010-07-29 06:30 197632 ----a-w- e:\windows\system32\ir32_32.dll
2011-01-28 01:49 . 2010-07-29 06:30 82944 ----a-w- e:\windows\system32\iccvid.dll
2011-01-28 01:49 . 2010-10-12 04:25 516096 ----a-w- e:\program files\Windows Mail\wab.exe
2011-01-28 01:17 . 2011-01-28 20:00 -------- d-----w- e:\windows\system32\wbem\Performance
2011-01-28 01:15 . 2009-11-25 11:47 99176 ----a-w- e:\windows\system32\PresentationHostProxy.dll
2011-01-28 01:15 . 2009-11-25 11:47 49472 ----a-w- e:\windows\system32\netfxperf.dll
2011-01-28 01:15 . 2009-11-25 11:47 297808 ----a-w- e:\windows\system32\mscoree.dll
2011-01-28 01:15 . 2009-11-25 11:47 295264 ----a-w- e:\windows\system32\PresentationHost.exe
2011-01-28 01:15 . 2009-11-25 11:47 1130824 ----a-w- e:\windows\system32\dfshim.dll
2011-01-28 01:13 . 2009-12-29 06:55 172032 ----a-w- e:\windows\system32\wintrust.dll
2011-01-28 01:13 . 2010-01-09 06:52 132608 ----a-w- e:\windows\system32\cabview.dll
2011-01-28 00:15 . 2011-01-29 09:59 -------- d-----w- e:\users\Jenny
2011-01-28 00:12 . 2011-01-28 19:49 -------- d-----w- e:\program files\Realtek
2011-01-28 00:12 . 2011-01-28 00:12 -------- d-----w- e:\windows\system32\RTCOM
2011-01-28 00:02 . 2011-01-28 00:02 -------- d-----w- e:\program files\Microsoft Games
2011-01-27 18:59 . 2011-01-28 01:09 218688 ----a-w- e:\windows\system32\drivers\dtsoftbus01.sys
2011-01-27 18:59 . 2011-01-28 00:22 -------- d-----w- e:\program files\DAEMON Tools Lite
2011-01-27 18:59 . 2011-01-28 00:26 -------- d-----w- e:\programdata\DAEMON Tools Lite
2011-01-25 11:50 . 2011-01-28 00:21 -------- d-----w- e:\program files\CCleaner
2011-01-24 19:43 . 2011-01-28 00:24 -------- d-----w- e:\program files\MOOS Project Viewer
2011-01-24 14:31 . 2011-01-28 00:26 -------- d-----w- e:\programdata\eMule
2011-01-24 14:30 . 2011-01-28 00:22 -------- d-----w- e:\program files\eMule
2011-01-24 09:56 . 2011-01-28 00:26 -------- d-----w- e:\programdata\Spybot - Search & Destroy
2011-01-24 09:56 . 2011-01-28 00:24 -------- d-----w- e:\program files\Spybot - Search & Destroy
2011-01-24 09:38 . 2010-12-22 18:45 2336384 ----a-w- e:\windows\system32\BootMan.exe
2011-01-24 09:38 . 2010-07-15 07:44 86408 ----a-w- e:\windows\system32\setupempdrv03.exe
2011-01-24 09:38 . 2010-07-15 07:44 8456 ----a-w- e:\windows\system32\EuGdiDrv.sys
2011-01-24 09:38 . 2010-07-15 07:44 14848 ----a-w- e:\windows\system32\EuEpmGdi.dll
2011-01-24 09:38 . 2010-07-15 07:44 14216 ----a-w- e:\windows\system32\epmntdrv.sys
2011-01-24 09:38 . 2011-01-28 00:22 -------- d-----w- e:\program files\EASEUS
2011-01-23 17:31 . 2011-01-28 00:22 -------- d-----w- e:\program files\Common Files\Java
2011-01-23 17:30 . 2011-01-23 17:30 472808 ----a-w- e:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-23 17:30 . 2011-01-23 17:30 472808 ----a-w- e:\windows\system32\deployJava1.dll
2011-01-23 17:30 . 2011-01-28 00:23 -------- d-----w- e:\program files\Java
2011-01-23 16:11 . 2011-01-28 00:24 -------- d-----w- e:\program files\NeoSmart Technologies
2011-01-23 14:02 . 2010-12-20 17:09 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2011-01-23 14:02 . 2011-01-28 00:26 -------- d-----w- e:\programdata\Malwarebytes
2011-01-23 14:02 . 2011-01-28 00:23 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2011-01-23 14:02 . 2010-12-20 17:08 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2011-01-22 21:09 . 2011-01-22 21:09 98304 --sha-r- e:\windows\system32\KBDCZ2N.dll
2011-01-22 20:54 . 2011-01-28 00:26 -------- d-----w- e:\programdata\Stylus Studio
2011-01-22 19:00 . 2011-01-28 00:25 -------- d-----w- e:\program files\Stylus Studio 2011 XML Enterprise Suite
2011-01-22 19:00 . 2001-09-05 03:18 225280 ----a-w- e:\program files\Common Files\InstallShield\IScript\iscript.dll
2011-01-22 19:00 . 2001-09-05 03:14 176128 ----a-w- e:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-01-22 19:00 . 2001-09-05 03:13 32768 ----a-w- e:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-01-22 19:00 . 2001-09-05 03:18 77824 ----a-w- e:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-01-22 19:00 . 2002-07-25 16:07 614532 ----a-w- e:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-01-21 20:01 . 2011-01-13 09:41 5890896 ----a-w- e:\programdata\Microsoft\Windows Defender\Definition Updates\{153A74A2-7C80-4104-8497-0ECF76F59C1E}\mpengine.dll
2011-01-20 18:27 . 2010-10-07 06:50 428352 ----a-w- e:\program files\Mozilla Firefox\StubInstaller.exe
2011-01-19 20:13 . 2011-01-28 00:23 -------- d-----w- e:\program files\Lavalys
2011-01-16 23:48 . 2011-01-28 00:22 -------- d-----w- e:\program files\Dr.Kawashima_Demo
2011-01-13 10:17 . 2011-01-28 00:26 -------- d-----w- e:\program files\WinSCP
2011-01-11 23:00 . 2011-01-11 23:00 75776 ----a-w- e:\windows\cadkasdeinst01e.exe
2011-01-10 22:24 . 2011-01-28 00:26 -------- d-----w- e:\programdata\regid.1986-12.com.adobe
2011-01-10 21:27 . 2011-01-28 00:24 -------- d-----w- e:\program files\Smart PDF Converter
2011-01-10 21:14 . 2011-01-28 00:24 -------- d-----w- e:\program files\PDF Converter
2011-01-10 00:24 . 2011-01-28 00:28 -------- d-----w- e:\windows\uninstall
2011-01-10 00:24 . 2011-01-28 00:26 -------- d-----w- e:\program files\Wecker 2.2
2011-01-05 13:27 . 2011-01-28 00:22 -------- d-----w- e:\program files\Common Files\Skype
2011-01-05 13:27 . 2011-01-28 00:24 -------- d-----r- e:\program files\Skype
2011-01-05 13:27 . 2011-01-28 00:26 -------- d-----w- e:\programdata\Skype
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-19 15:53 . 2010-12-08 18:11 31552 ----a-w- e:\windows\system32\TURegOpt.exe
2010-11-19 15:49 . 2010-12-08 18:13 21312 ----a-w- e:\windows\system32\authuitu.dll
2010-11-19 15:49 . 2010-12-08 18:13 29504 ----a-w- e:\windows\system32\uxtuneup.dll
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- e:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- e:\windows\system32\DivXControlPanelApplet.cpl
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- e:\users\Jenny\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- e:\users\Jenny\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- e:\users\Jenny\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="e:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"RtHDVCpl"="e:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]
"PDFPrint"="e:\program files\PDF24\pdf24.exe" [2010-12-14 216456]
"SynTPEnh"="e:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-11 1033512]
e:\users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - e:\users\Jenny\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 4 (0x4)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"SpybotSD TeaTimer"=e:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=e:\windows\system32\hkcmd.exe
"Persistence"=e:\windows\system32\igfxpers.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SBSDWSCService;SBSD Security Center Service;e:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 epmntdrv;epmntdrv;e:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;e:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 osppsvc;Office Software Protection Platform;e:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RtsUIR;Realtek IR Driver;e:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;e:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-11-19 1483072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;e:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R4 BroadCamService;BroadCam Video Streaming Server;e:\program files\NCH Software\BroadCam\broadcam.exe [2010-12-10 1175556]
R4 EyelineService;Eyeline Video System;e:\program files\NCH Software\Eyeline\eyeline.exe [2010-12-10 675844]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-28 218688]
S1 vwififlt;Virtual WiFi Filter Driver;e:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 vpnagent;Cisco AnyConnect VPN Agent;e:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-10-21 592120]
S3 netr28;Ralink 802.11n-Drahtlostreiber für Windows Vista;e:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;e:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
S3 RTL8167;Realtek 8167 NT Driver;e:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 VCam_WDM;e2eSoft VCam;e:\windows\system32\DRIVERS\VCam_WDM.sys [2010-06-30 95840]
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An OneNote s&enden - e:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - e:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - e:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - e:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - e:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - e:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - e:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - e:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\waujcnsy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - e:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - e:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - e:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-Acrocfgdsc - e:\users\Jenny\AppData\Local\acxEventlib\Acrocfgdsc.dll
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(4076)
e:\users\Jenny\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
e:\program files\WinSCP\DragExt.dll
e:\progra~1\SPYBOT~1\SDHelper.dll
e:\windows\system32\igfxsrvc.dll
e:\windows\system32\igfxrDEU.lrc
.
------------------------ Weitere laufende Prozesse ------------------------
.
e:\windows\system32\rundll32.exe
e:\windows\system32\taskhost.exe
e:\windows\system32\conhost.exe
e:\program files\Synaptics\SynTP\SynTPHelper.exe
e:\program files\Windows Media Player\wmpnetwk.exe
e:\windows\system32\sppsvc.exe
e:\windows\system32\mmc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-29 11:44:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-01-29 10:44
Vor Suchlauf: 7 Verzeichnis(se), 137.977.442.304 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 137.266.728.960 Bytes frei
- - End Of File - - 473D5ACA345D385C9EE562A773006CE9
mbr Code:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: MEDION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MEDION
System Product Name: E1212
Logical Drives Mask: 0x00000094
Kernel Drivers (total 189):
0x81E56000 \SystemRoot\system32\ntkrnlpa.exe
0x81E1F000 \SystemRoot\system32\halmacpi.dll
0x81CFE000 \SystemRoot\system32\kdcom.dll
0x86218000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x86290000 \SystemRoot\system32\PSHED.dll
0x862A1000 \SystemRoot\system32\BOOTVID.dll
0x862A9000 \SystemRoot\system32\CLFS.SYS
0x862EB000 \SystemRoot\system32\CI.dll
0x86419000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8648A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x86498000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x864E0000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x864E9000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x864F1000 \SystemRoot\system32\DRIVERS\pci.sys
0x8651B000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x86526000 \SystemRoot\System32\drivers\partmgr.sys
0x86537000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8653F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8654A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8655A000 \SystemRoot\System32\drivers\volmgrx.sys
0x865A5000 \SystemRoot\System32\drivers\mountmgr.sys
0x865BB000 \SystemRoot\system32\DRIVERS\atapi.sys
0x865C4000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x865E7000 \SystemRoot\system32\DRIVERS\msahci.sys
0x865F1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x86400000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x86396000 \SystemRoot\system32\drivers\fltmgr.sys
0x863CA000 \SystemRoot\system32\drivers\fileinfo.sys
0x8660A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86739000 \SystemRoot\System32\Drivers\msrpc.sys
0x86764000 \SystemRoot\System32\Drivers\ksecdd.sys
0x86777000 \SystemRoot\System32\Drivers\cng.sys
0x867D4000 \SystemRoot\System32\drivers\pcw.sys
0x867E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8683E000 \SystemRoot\system32\drivers\ndis.sys
0x868F5000 \SystemRoot\system32\drivers\NETIO.SYS
0x86933000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x86A18000 \SystemRoot\System32\drivers\tcpip.sys
0x86B61000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x86B92000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x86B9B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x86BDA000 \SystemRoot\System32\Drivers\spldr.sys
0x86958000 \SystemRoot\System32\drivers\rdyboost.sys
0x86BE2000 \SystemRoot\System32\Drivers\mup.sys
0x86BF2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x86985000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x86A00000 \SystemRoot\system32\DRIVERS\disk.sys
0x869B7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x86A11000 \SystemRoot\System32\Drivers\Null.SYS
0x86830000 \SystemRoot\System32\Drivers\Beep.SYS
0x86811000 \SystemRoot\System32\drivers\vga.sys
0x863DB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8681D000 \SystemRoot\System32\drivers\watchdog.sys
0x867EB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x867F3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x86600000 \SystemRoot\system32\drivers\rdprefmp.sys
0x86409000 \SystemRoot\System32\Drivers\Msfs.SYS
0x86200000 \SystemRoot\System32\Drivers\Npfs.SYS
0x87A1F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x87A36000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x87A41000 \SystemRoot\system32\drivers\afd.sys
0x87A9B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x87ACD000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x87AD4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x87AF3000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x87B04000 \SystemRoot\system32\DRIVERS\netbios.sys
0x87B12000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x87B4D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x87B60000 \SystemRoot\system32\DRIVERS\termdd.sys
0x87B70000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x87BB1000 \SystemRoot\system32\drivers\nsiproxy.sys
0x87BBB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x87BC5000 \SystemRoot\System32\drivers\discache.sys
0x8A21A000 \SystemRoot\system32\drivers\csc.sys
0x8A27E000 \SystemRoot\System32\Drivers\dfsc.sys
0x8A296000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8A2A4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8CC39000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8D142000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CC00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8A2C5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A2E4000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x8A329000 \SystemRoot\system32\DRIVERS\netr28.sys
0x8A3B2000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x8A3BC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8D818000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8D863000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8D872000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D88A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D897000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D8C6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D8C8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D8D5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8D8D9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8D8E2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8D8F4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8D901000 \SystemRoot\system32\DRIVERS\VCam_WDM.sys
0x8D917000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8D925000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D959000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8D96B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D983000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D98E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D9B0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D9C8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D9DF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D9F6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8D800000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D802000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E80C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E850000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E861000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x80C2E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x80E71000 \SystemRoot\system32\drivers\portcls.sys
0x80EA0000 \SystemRoot\system32\drivers\drmk.sys
0x80EB9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x80EC6000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x80ED1000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x80EDB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x81060000 \SystemRoot\System32\win32k.sys
0x80EEC000 \SystemRoot\System32\drivers\Dxapi.sys
0x80EF6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x80F01000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x80F14000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x80F1B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x80F26000 \SystemRoot\system32\DRIVERS\monitor.sys
0x812C0000 \SystemRoot\System32\TSDDD.dll
0x80F31000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x80F48000 \SystemRoot\System32\Drivers\usbvideo.sys
0x80F6C000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x812F0000 \SystemRoot\System32\cdd.dll
0x80F98000 \SystemRoot\system32\drivers\luafv.sys
0x80FB3000 \SystemRoot\system32\drivers\WudfPf.sys
0x80FCD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8E880000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x80FDD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x80FED000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8E8C6000 \SystemRoot\system32\drivers\HTTP.sys
0x80C00000 \SystemRoot\system32\DRIVERS\bowser.sys
0x80C19000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8E94B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8E96E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8E9A9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA5C17000 \SystemRoot\system32\drivers\peauth.sys
0xA5CAE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA5CB8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA5CD9000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA5CE6000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA5D35000 \SystemRoot\System32\DRIVERS\srv.sys
0xA5D86000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77B50000 \Windows\System32\ntdll.dll
0x47BB0000 \Windows\System32\smss.exe
0x77D90000 \Windows\System32\apisetschema.dll
0x00260000 \Windows\System32\autochk.exe
0x77D20000 \Windows\System32\shlwapi.dll
0x77AA0000 \Windows\System32\msvcrt.dll
0x76E50000 \Windows\System32\shell32.dll
0x76CF0000 \Windows\System32\ole32.dll
0x76BF0000 \Windows\System32\wininet.dll
0x76A50000 \Windows\System32\setupapi.dll
0x769B0000 \Windows\System32\advapi32.dll
0x767B0000 \Windows\System32\iertutil.dll
0x77D10000 \Windows\System32\nsi.dll
0x77CE0000 \Windows\System32\imagehlp.dll
0x77CA0000 \Windows\System32\ws2_32.dll
0x76760000 \Windows\System32\Wldap32.dll
0x76710000 \Windows\System32\gdi32.dll
0x766B0000 \Windows\System32\difxapi.dll
0x76630000 \Windows\System32\comdlg32.dll
0x76610000 \Windows\System32\imm32.dll
0x77C90000 \Windows\System32\lpk.dll
0x76530000 \Windows\System32\kernel32.dll
0x76460000 \Windows\System32\user32.dll
0x76450000 \Windows\System32\normaliz.dll
0x763B0000 \Windows\System32\usp10.dll
0x76300000 \Windows\System32\rpcrt4.dll
0x76270000 \Windows\System32\oleaut32.dll
0x76250000 \Windows\System32\sechost.dll
0x76240000 \Windows\System32\psapi.dll
0x761B0000 \Windows\System32\clbcatq.dll
0x760E0000 \Windows\System32\msctf.dll
0x75FA0000 \Windows\System32\urlmon.dll
0x75F80000 \Windows\System32\devobj.dll
0x75F50000 \Windows\System32\wintrust.dll
0x75F20000 \Windows\System32\cfgmgr32.dll
0x75E90000 \Windows\System32\comctl32.dll
0x75E40000 \Windows\System32\KernelBase.dll
0x75D20000 \Windows\System32\crypt32.dll
0x75D10000 \Windows\System32\msasn1.dll
Processes (total 42):
0 System Idle Process
4 System
264 E:\Windows\System32\smss.exe
404 csrss.exe
460 E:\Windows\System32\wininit.exe
468 csrss.exe
516 E:\Windows\System32\services.exe
548 E:\Windows\System32\winlogon.exe
568 E:\Windows\System32\lsass.exe
576 E:\Windows\System32\lsm.exe
684 E:\Windows\System32\svchost.exe
764 E:\Windows\System32\svchost.exe
828 E:\Windows\System32\svchost.exe
896 E:\Windows\System32\svchost.exe
944 E:\Windows\System32\svchost.exe
1088 E:\Windows\System32\svchost.exe
1200 E:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
1240 E:\Windows\System32\svchost.exe
1384 E:\Windows\System32\spoolsv.exe
1412 E:\Windows\System32\svchost.exe
1444 E:\Windows\System32\taskeng.exe
1480 E:\Windows\System32\rundll32.exe
1656 E:\Windows\System32\taskhost.exe
1676 E:\Windows\System32\dwm.exe
1728 E:\Windows\explorer.exe
1796 E:\Windows\System32\svchost.exe
1628 E:\Windows\System32\igfxtray.exe
1592 E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
1748 E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1756 E:\Program Files\Windows Sidebar\sidebar.exe
1852 E:\Windows\System32\rundll32.exe
2092 E:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2876 E:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
3060 E:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
3568 E:\Program Files\Mozilla Firefox\firefox.exe
3596 E:\Program Files\Windows Media Player\wmpnetwk.exe
3732 E:\Windows\System32\svchost.exe
3984 E:\Windows\servicing\TrustedInstaller.exe
3248 E:\Windows\System32\audiodg.exe
2980 E:\Windows\System32\dllhost.exe
3968 E:\Users\Jenny\Downloads\MBRCheck.exe
3992 E:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`64041600 (NTFS)
PhysicalDrive0 Model Number: ST9160310AS, Rev: SD03
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
otl Code:
OTL Extras logfile created on: 29.01.2011 01:26:56 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = E:\Users\Jenny\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.013,00 Mb Total Physical Memory | 407,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 1,56 Gb Total Space | 0,15 Gb Free Space | 9,36% Space Free | Partition Type: NTFS
Drive E: | 147,49 Gb Total Space | 128,46 Gb Free Space | 87,10% Space Free | Partition Type: NTFS
Computer Name: JENNY-NET | User Name: Jenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- E:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- E:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{668842FC-6827-4B6F-82BF-3828BE6D3007}" = Cisco AnyConnect VPN Client
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C53AA9D3-1FE1-46FA-A4FA-D66D16E8A81B}" = PowerArchiver 2009 German
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE07EBD9-AEC3-4F3B-903F-54DEE3B88178}" = Stylus Studio 2011 XML Enterprise Suite
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BroadCam" = BroadCam Video Streaming Server
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Debut" = Debut Video Capture Software
"DivX Setup.divx.com" = DivX-Setup
"e2eSoft VCam_is1" = e2eSoft VCam v5.1
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 7.0.1 Home Edition
"EasyBCD" = EasyBCD 2.0
"eMule" = eMule
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Eyeline" = Eyeline Video System
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MOOS Project Viewer" = MOOS Project Viewer
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Office14.STANDARD" = Microsoft Office Standard 2010
"PDF Converter_is1" = PDF Converter 3.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VideoPad" = VideoPad Videobearbeitungs-Software
"Wecker 2.2" = Wecker 2.2 2.2
"winscp3_is1" = WinSCP 4.2.9
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DrKawashima_Demo" = Dr Kawashima Demo
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.01.2011 09:08:24 | Computer Name = Jenny-Net | Source = Windows Backup | ID = 4104
Description =
Error - 24.01.2011 09:37:02 | Computer Name = Jenny-Net | Source = Windows Backup | ID = 4104
Description =
Error - 24.01.2011 09:45:09 | Computer Name = Jenny-Net | Source = Windows Backup | ID = 4104
Description =
Error - 25.01.2011 11:19:58 | Computer Name = Jenny-Net | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 14.0.4760.1000 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: bf4 Startzeit: 01cbbca31438c2f4 Endzeit: 63 Anwendungspfad:
E:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE Berichts-ID: 88f4c365-2896-11e0-ae19-0024216246e8
Error - 25.01.2011 17:59:11 | Computer Name = Jenny-Net | Source = Application Hang | ID = 1002
Description = Programm integrator.exe, Version 10.0.2020.1 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: b54 Startzeit: 01cbbcc40cd712a1 Endzeit: 1377 Anwendungspfad:
E:\Program Files\TuneUp Utilities 2011\integrator.exe Berichts-ID: 458aea20-28ce-11e0-ae19-0024216246e8
Error - 27.01.2011 14:59:52 | Computer Name = Jenny-Net | Source = System Restore | ID = 8193
Description =
Error - 27.01.2011 20:49:59 | Computer Name = Jenny-Net | Source = .NET Runtime Optimization Service | ID = 1103
Description =
Error - 27.01.2011 21:07:24 | Computer Name = Jenny-Net | Source = ESENT | ID = 215
Description = WinMail (3528) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 27.01.2011 21:18:38 | Computer Name = Jenny-Net | Source = Microsoft-Windows-LoadPerf | ID = 3009
Description = Die Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl)
konnten nicht installiert werden. Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 28.01.2011 15:50:24 | Computer Name = Jenny-Net | Source = VSS | ID = 8194
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 27.01.2011 06:31:41 | Computer Name = Jenny-Net | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7578 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 27.01.2011 06:31:41 | Computer Name = Jenny-Net | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
5613 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 27.01.2011 06:31:41 | Computer Name = Jenny-Net | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5353
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33095647 (0xFE070021) Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 27.01.2011 06:31:41 | Computer Name = Jenny-Net | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5315
Invoked
Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 27.01.2011 06:31:41 | Computer Name = Jenny-Net | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5077 Invoked Function: CMainThread::noticeHandler Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 27.01.2011 06:31:41 | Computer Name = Jenny-Net | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
5003 Invoked Function: internalCallbackHandler Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 27.01.2011 21:05:26 | Computer Name = Jenny-Net | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 27.01.2011 21:05:26 | Computer Name = Jenny-Net | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 27.01.2011 21:05:26 | Computer Name = Jenny-Net | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7578 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 27.01.2011 21:05:26 | Computer Name = Jenny-Net | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 325 Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
[ System Events ]
Error - 28.01.2011 16:21:50 | Computer Name = Jenny-Net | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1079
Error - 28.01.2011 16:22:56 | Computer Name = Jenny-Net | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1079
Error - 28.01.2011 16:26:52 | Computer Name = Jenny-Net | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Defender" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1297
Error - 28.01.2011 19:57:24 | Computer Name = Jenny-Net | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
Error - 28.01.2011 20:00:51 | Computer Name = Jenny-Net | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1083
Error - 28.01.2011 20:04:41 | Computer Name = Jenny-Net | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1083
Error - 28.01.2011 20:05:00 | Computer Name = Jenny-Net | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "Sicherheitscenter"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 28.01.2011 20:13:07 | Computer Name = Jenny-Net | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1079
Error - 28.01.2011 20:22:32 | Computer Name = Jenny-Net | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1079
Error - 28.01.2011 20:22:44 | Computer Name = Jenny-Net | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1079
< End of report >
hijackthis Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:35:23, on 27.01.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
E:\Windows\system32\Dwm.exe
E:\Windows\Explorer.EXE
E:\Windows\system32\taskhost.exe
E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\Program Files\PDF24\pdf24.exe
E:\Windows\System32\rundll32.exe
E:\Program Files\Synaptics\SynTP\SynTPHelper.exe
E:\Program Files\Windows Sidebar\sidebar.exe
E:\Windows\system32\taskmgr.exe
E:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
E:\Windows\system32\taskhost.exe
E:\Program Files\Stylus Studio 2011 XML Enterprise Suite\bin\struzzo.exe
E:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
E:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Users\Jenny\AppData\Roaming\Dropbox\bin\Dropbox.exe
E:\Windows\regedit.exe
E:\Windows\system32\mmc.exe
E:\Users\Jenny\Downloads\HiJackThis204.exe
E:\Program Files\TuneUp Utilities 2011\Integrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PDFPrint] E:\Program Files\PDF24\pdf24.exe
O4 - HKCU\..\Run: [Acrocfgdsc] rundll32.exe "E:\Users\Jenny\AppData\Local\acxEventlib\Acrocfgdsc.dll",tapinetAgent dbUservga
O4 - HKCU\..\Run: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = E:\Users\Jenny\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: An OneNote s&enden - res://E:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://E:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - E:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: BroadCam Video Streaming Server (BroadCamService) - Unknown owner - E:\Program Files\NCH Software\BroadCam\broadcam.exe
O23 - Service: Eyeline Video System (EyelineService) - Unknown owner - E:\Program Files\NCH Software\Eyeline\eyeline.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - E:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - E:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
--
End of file - 7274 bytes
malwarebytes Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5633
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
29.01.2011 01:42:23
mbam-log-2011-01-29 (01-42-23).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 134437
Laufzeit: 5 Minute(n), 3 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Vielen Dank für eure Hilfe |
