Windows-Sicherheitscenterdienst kann nicht gestartet werden

Tsuji · 01.07.2011, 16:48

Avira hat mir vor einer Woche ein Trojanermeldung angezeigt
TR/Vundo.gen2
daraufhin wurde mir angezeigt das die datei "syswow64" im Ordner C:\Windows\... infiziert sei. Hab die Datei dann gelöscht, kurze Zeit später bekam ich diese Fehlermeldung
- Windows-Sicherheitscenterdienst kann nicht gestartet werden -
Ich hab schon versucht es manuell wieder zu aktivieren unter Dienste und was weis ich aber es deaktiviert sich immer wieder von selbst.

OTL Logfile

OTL logfile created on: 01.07.2011 15:14:38 - Run 2

OTL by OldTimer - Version 3.2.25.0 Folder = E:\Programme\Sicherheit

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407

4,00 Gb Total Physical Memory

8,00 Gb Paging File

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C:

Drive C:

Drive E:

Drive F:

Computer Name: TSUJI-PC

Boot Mode: Normal

Company Name Whitelist: Off

========== Processes (SafeList) ==========

PRC - [2011.06.30 19:31:35

PRC - [2011.06.30 17:18:27

PRC - [2011.06.25 20:31:47

PRC - [2011.06.06 12:55:28

PRC - [2011.05.29 09:11:28

PRC - [2011.04.28 16:37:16

PRC - [2010.12.01 04:04:51

PRC - [2010.11.20 14:17:56

PRC - [2010.10.16 12:46:40

PRC - [2010.10.06 22:28:12

PRC - [2010.03.18 14:16:28

PRC - [2008.11.25 10:22:10

PRC - [2008.08.13 22:00:16

PRC - [2008.08.13 21:59:56

PRC - [2008.08.13 21:59:52

PRC - [2008.08.13 17:21:56

PRC - [2008.07.15 12:29:00

PRC - [2007.08.08 01:08:40

========== Modules (SafeList) ==========

MOD - [2011.06.30 19:31:35

MOD - [2010.11.20 13:55:09

========== Win32 Services (SafeList) ==========

SRV - [2011.06.30 17:18:27

SRV - [2011.06.06 12:55:28

SRV - [2011.05.29 09:11:28

SRV - [2011.04.28 16:37:16

SRV - [2010.10.16 12:46:40

SRV - [2010.03.18 14:16:28

SRV - [2010.02.19 13:37:14

SRV - [2009.06.10 23:23:09

SRV - [2009.04.30 13:23:26

SRV - [2008.08.13 21:59:52

SRV - [2007.12.17 14:00:00

SRV - [2007.08.08 01:08:40

SRV - [2007.01.11 14:02:00

SRV - [2003.04.18 19:06:26

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.06.30 17:18:27

DRV:64bit: - [2011.05.29 09:11:20

DRV:64bit: - [2011.05.29 00:05:44

DRV:64bit: - [2011.03.21 13:22:06

DRV:64bit: - [2011.03.11 08:41:12

DRV:64bit: - [2010.11.28 18:16:38

DRV:64bit: - [2010.11.20 15:33:35

DRV:64bit: - [2010.11.20 13:07:05

DRV:64bit: - [2010.11.20 11:37:42

DRV:64bit: - [2010.09.07 22:08:55

DRV:64bit: - [2009.12.18 00:25:17

DRV:64bit: - [2009.09.15 20:40:42

DRV:64bit: - [2009.09.01 09:44:44

DRV:64bit: - [2009.08.09 23:25:45

DRV:64bit: - [2009.08.07 06:24:14

DRV:64bit: - [2009.07.14 03:52:20

DRV:64bit: - [2009.07.14 03:48:04

DRV:64bit: - [2009.07.14 03:45:55

DRV:64bit: - [2009.07.14 02:39:20

DRV:64bit: - [2009.07.14 02:35:37

DRV:64bit: - [2009.06.10 23:01:06

DRV:64bit: - [2009.06.10 22:38:56

DRV:64bit: - [2009.06.10 22:35:28

DRV:64bit: - [2009.06.10 22:34:33

DRV:64bit: - [2009.06.10 22:34:28

DRV:64bit: - [2009.06.10 22:34:23

DRV:64bit: - [2009.06.10 22:31:59

DRV:64bit: - [2009.05.25 14:34:54

DRV:64bit: - [2009.05.25 14:34:52

DRV:64bit: - [2009.05.25 14:34:50

DRV:64bit: - [2009.05.25 14:34:48

DRV:64bit: - [2009.05.18 14:17:08

DRV:64bit: - [2009.05.13 10:07:20

DRV:64bit: - [2009.03.18 17:35:42

DRV:64bit: - [2008.06.24 14:50:00

DRV:64bit: - [2008.01.09 12:28:20

DRV:64bit: - [2007.11.27 16:40:42

DRV:64bit: - [2007.07.27 20:45:52

DRV:64bit: - [2007.07.26 21:33:54

DRV - [2011.06.21 22:10:48

DRV - [2011.06.21 22:05:24

DRV - [2011.06.21 21:58:34

DRV - [2007.07.24 12:11:32

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3878311760-2502893905-259310059-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3878311760-2502893905-259310059-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKU\S-1-5-21-3878311760-2502893905-259310059-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 57 D6 9C 8F 13 CC 01 [binary data]

IE - HKU\S-1-5-21-3878311760-2502893905-259310059-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.sueddeutsche.de/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6

FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\program files (x86)\Mozilla Firefox\components [2011.06.25 20:31:47

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\program files (x86)\Mozilla Firefox\plugins [2011.06.19 23:40:31

[2010.11.27 22:36:03

[2011.06.26 22:47:59

[2011.06.21 22:03:48

[2011.06.26 22:47:59

[2011.06.01 13:54:18

[2011.05.01 10:10:26

[2011.05.01 01:08:18

[2011.06.21 22:03:44

[2011.04.30 00:03:35

[2011.02.06 22:21:33

File not found (No name found) --

() (No name found) -- C:\USERS\TSUJI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ODHMLBUZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011.06.25 20:31:47

[2011.02.06 22:21:20

[2010.01.01 10:00:00

O1 HOSTS File: ([2011.06.10 03:30:52

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: ::1 localhost127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 18 more lines...

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O4:64bit: - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found

O4 - Startup: C:\Users\Tsuji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Tsuji\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Free YouTube Download - C:\Users\Tsuji\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\spba: DllName - Reg Error: Key error. - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)

O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)

O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{b05f41bc-faa6-11df-9d9a-002243a1059a}\Shell - "" = AutoRun

O33 - MountPoints2\{b05f41bc-faa6-11df-9d9a-002243a1059a}\Shell\AutoRun\command - "" = H:\Startme.exe

O33 - MountPoints2\{e4549b34-fa5e-11df-ac1e-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{e4549b34-fa5e-11df-ac1e-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2011.06.30 15:18:58

[2011.06.28 20:18:27

[2011.06.28 20:18:26

[2011.06.28 20:18:25

[2011.06.28 20:18:23

[2011.06.26 22:54:23

[2011.06.26 22:54:08

[2011.06.26 22:54:07

[2011.06.26 22:54:04

[2011.06.26 22:48:03

[2011.06.23 23:50:30

[2011.06.23 23:48:14

[2011.06.22 03:01:18

[2011.06.22 03:00:59

[2011.06.21 22:20:13

[2011.06.21 21:21:03

[2011.06.21 21:21:02

[2011.06.19 23:11:03

[2011.06.18 05:46:16

[2011.06.18 05:46:15

[2011.06.18 05:46:14

[2011.06.18 03:50:32

[2011.06.17 03:22:45

[2011.06.17 03:12:48

[2011.06.17 03:11:49

[2011.06.17 00:45:12

[2011.06.14 13:18:42

[2011.06.12 16:35:48

[2011.06.12 00:23:48

[2011.06.11 12:40:46

[2011.06.07 00:51:04

[2011.06.07 00:02:28

[2011.06.06 22:34:00

[2011.06.06 21:29:07

[2011.06.06 01:56:49

[2011.06.01 15:28:16

[2011.05.31 22:02:59

[2011.05.31 22:02:58

[2011.05.31 20:00:05

[2011.05.31 19:58:31

[2011.05.31 19:58:05

[2011.05.31 19:57:18

[2011.05.31 19:53:17

[2011.05.29 04:12:57

[2011.05.29 00:10:44

[2011.05.29 00:05:42

[2011.05.29 00:05:36

[2011.05.28 21:54:13

[2011.05.28 21:51:28

[2011.05.28 20:02:15

[2011.05.28 14:59:05

[2011.05.27 03:25:53

[2011.05.27 00:00:06

[2011.05.26 14:46:04

[2011.05.25 23:22:18

[2011.05.22 01:27:43

[2011.05.22 01:15:58

[2011.05.21 11:32:49

[2011.05.21 01:28:05

[2011.05.20 14:50:46

[2011.05.19 16:20:36

[2011.05.18 21:37:56

[2011.05.18 01:47:35

[2011.05.16 18:14:12

[2011.05.16 18:13:58

[2011.05.16 18:13:57

[2011.05.16 18:13:23

[2011.05.15 22:40:00

[2011.05.14 18:14:15

[2011.05.14 18:14:11

[2011.05.14 18:14:09

[2011.05.14 18:09:45

[2011.05.14 18:09:41

[2011.05.12 12:50:14

[2011.05.11 18:41:26

[2011.05.11 02:29:56

[2011.05.08 00:49:46

[2011.05.07 02:01:03

[2011.05.07 01:45:56

[2011.05.07 01:23:18

[2011.05.07 00:48:00

[2011.05.07 00:46:07

[2011.05.07 00:43:39

[2011.05.02 20:15:23

[2011.04.28 19:56:41

[2011.04.28 19:56:40

[2011.04.28 19:56:31

[2011.04.28 19:56:30

[2011.04.28 19:56:29

[2011.04.25 15:24:36

[2011.04.23 21:33:12

[2011.04.21 15:31:16

[2011.04.21 15:31:03

[2011.04.21 15:31:02

[2011.04.21 15:30:59

[2011.04.21 15:30:58

[2011.04.21 15:30:52

[2011.04.21 15:30:35

[2011.04.14 00:40:10

[2011.04.09 18:55:44

[2011.04.09 18:55:42

[2011.04.07 00:27:55

[2011.04.07 00:27:54

[2011.04.07 00:27:53

[2011.04.06 23:34:51

[2011.01.29 01:01:16

========== Files - Modified Within 90 Days ==========

[2011.07.01 15:02:00

[2011.07.01 13:43:32

[2011.07.01 13:42:15

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Datenbank Version: 6992

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

01.07.2011 17:43:49

mbam-log-2011-07-01 (17-43-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\

Durchsuchte Objekte: 344997

Laufzeit: 1 Stunde(n), 10 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0

Infizierte Speicherprozesse: