Sicherheitscenter wird automatisch deaktiviert und Google leitet weiter...

Mentfruit · 04.08.2011, 13:59

ComboFix:

Code:

ATTFilter

ComboFix 11-08-03.03 - Engin 04.08.2011  14:40:06.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3999.2868 [GMT 2:00]
ausgeführt von:: c:\users\Engin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\settings.bin
c:\users\Engin\AppData\Roaming\Enginlog.dat
c:\users\Engin\AppData\Roaming\Microsoft\Protect\Credentials\shockwave.exe
c:\users\Engin\AppData\Roaming\PCFix
c:\users\Engin\AppData\Roaming\PCFix\log.dat
c:\users\Engin\AppData\Roaming\PCFix\unresolvederrors.dat
c:\users\Engin\AppData\Roaming\startup
c:\windows\ST6UNST.000
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\ts3server_2010-10-13__21_39_24.586886.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-07-04 bis 2011-08-04  ))))))))))))))))))))))))))))))
.
.
2011-08-04 12:46 . 2011-08-04 12:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-03 16:19 . 2011-08-03 16:19	--------	d-----w-	c:\program files (x86)\uTorrent
2011-08-03 16:19 . 2011-08-03 17:06	--------	d-----w-	c:\users\Engin\AppData\Roaming\uTorrent
2011-08-03 16:19 . 2011-08-03 16:19	--------	d-----w-	c:\users\Engin\AppData\Local\uTorrent
2011-08-03 15:43 . 2011-08-03 15:43	--------	d-----w-	c:\program files (x86)\MySQL
2011-07-30 12:49 . 2011-07-30 13:04	--------	d-----w-	c:\program files (x86)\nLite
2011-07-29 13:53 . 2011-07-29 13:57	--------	d-----w-	C:\xampp
2011-07-29 13:49 . 2011-07-29 13:49	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-07-29 13:49 . 2011-07-29 13:49	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-07-29 13:49 . 2011-07-29 13:49	1166144	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-07-26 19:03 . 2011-07-26 19:03	--------	d-----w-	c:\programdata\PC Tools
2011-07-26 18:44 . 2011-07-06 17:52	41272	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-26 18:44 . 2011-07-26 18:44	--------	d-----w-	c:\programdata\Malwarebytes
2011-07-26 18:44 . 2011-07-26 18:44	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-24 18:38 . 2011-07-26 17:00	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2011-07-24 18:38 . 2011-07-26 17:00	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-07-24 13:22 . 2011-07-24 13:22	--------	d-----w-	C:\$WINDOWS.~LS
2011-07-24 13:20 . 2011-07-24 13:20	--------	d-----w-	C:\$WINDOWS.~BT
2011-07-23 22:54 . 2011-07-23 22:54	--------	d-----w-	c:\users\Engin\AppData\Roaming\Malwarebytes
2011-07-23 22:50 . 2011-07-06 17:52	25912	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-07-23 22:19 . 2011-07-24 17:58	--------	d-----w-	c:\programdata\clp
2011-07-23 22:19 . 2011-07-23 22:19	--------	d-----w-	c:\programdata\Common Toolkit Suite
2011-07-23 22:19 . 2011-07-26 18:37	--------	d-----w-	c:\programdata\Fighters
2011-07-23 22:19 . 2011-07-26 18:36	--------	d-----w-	c:\users\Engin\AppData\Roaming\Fighters
2011-07-23 21:08 . 2011-07-23 21:09	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-07-23 21:08 . 2011-07-23 21:08	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-07-23 21:08 . 2011-07-23 21:08	1166144	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-23 08:36 . 2011-07-23 08:36	--------	d-----w-	c:\users\Engin\AppData\Roaming\Avira
2011-07-23 08:31 . 2011-07-23 21:03	88288	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-07-23 08:31 . 2011-07-23 21:03	123784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-07-23 08:31 . 2011-07-23 08:31	--------	d-----w-	c:\programdata\Avira
2011-07-23 08:31 . 2011-07-23 08:31	--------	d-----w-	c:\program files (x86)\Avira
2011-07-22 16:24 . 2011-07-13 04:53	8578896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A04489AB-CDD4-4BB4-B464-C6FD5F293C95}\mpengine.dll
2011-07-21 20:00 . 2011-07-21 20:00	--------	d-----w-	c:\users\Engin\AppData\Roaming\Template
2011-07-19 14:55 . 2011-07-19 14:56	--------	d-----w-	c:\users\Engin\Privat
2011-07-16 08:19 . 2011-07-16 08:19	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2011-07-15 09:51 . 2011-07-23 07:29	--------	d-----w-	c:\users\Engin\AppData\Local\fabi.me
2011-07-15 08:06 . 2011-07-15 08:06	--------	d-----w-	c:\program files\Windows Journal
2011-07-13 16:50 . 2011-07-13 16:50	--------	d-----w-	c:\program files (x86)\Common Files\Plasmoo
2011-07-07 12:51 . 2011-07-07 12:52	--------	d-----w-	c:\users\DefaultAppPool
2011-07-07 11:08 . 2011-07-07 11:08	--------	d-----w-	c:\programdata\muvee Technologies
2011-07-07 11:07 . 2011-07-07 11:09	--------	d-----w-	c:\users\Engin\AppData\Roaming\muvee Technologies
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-29 11:22 . 2011-06-29 11:22	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2011-06-29 11:22 . 2011-06-29 11:22	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-29 11:22 . 2011-06-29 11:22	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-29 11:22 . 2011-06-29 11:22	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2011-06-29 11:22 . 2011-06-29 11:22	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2011-06-29 11:22 . 2011-06-29 11:22	367104	----a-w-	c:\windows\SysWow64\html.iec
2011-06-29 11:22 . 2011-06-29 11:22	1797632	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-06-29 11:22 . 2011-06-29 11:22	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2011-06-29 11:22 . 2011-06-29 11:22	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-06-29 11:22 . 2011-06-29 11:22	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2011-06-29 11:22 . 2011-06-29 11:22	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2011-06-29 11:22 . 2011-06-29 11:22	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-06-29 11:22 . 2011-06-29 11:22	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-06-29 11:22 . 2011-06-29 11:22	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-06-29 11:22 . 2011-06-29 11:22	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2011-06-29 11:22 . 2011-06-29 11:22	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2011-06-29 11:22 . 2011-06-29 11:22	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2011-06-29 11:22 . 2011-06-29 11:22	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2011-06-29 11:22 . 2011-06-29 11:22	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2011-06-29 11:22 . 2011-06-29 11:22	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-06-29 11:22 . 2011-06-29 11:22	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-06-29 11:22 . 2011-06-29 11:22	49664	----a-w-	c:\windows\system32\imgutil.dll
2011-06-29 11:22 . 2011-06-29 11:22	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-06-29 11:22 . 2011-06-29 11:22	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2011-06-29 11:22 . 2011-06-29 11:22	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-06-29 11:22 . 2011-06-29 11:22	2303488	----a-w-	c:\windows\system32\jscript9.dll
2011-06-29 11:22 . 2011-06-29 11:22	222208	----a-w-	c:\windows\system32\msls31.dll
2011-06-29 11:22 . 2011-06-29 11:22	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2011-06-29 11:22 . 2011-06-29 11:22	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-06-29 11:22 . 2011-06-29 11:22	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-06-29 11:22 . 2011-06-29 11:22	12288	----a-w-	c:\windows\system32\mshta.exe
2011-06-29 11:22 . 2011-06-29 11:22	114176	----a-w-	c:\windows\system32\admparse.dll
2011-06-29 11:22 . 2011-06-29 11:22	111616	----a-w-	c:\windows\system32\iesysprep.dll
2011-06-29 11:22 . 2011-06-29 11:22	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2011-06-29 11:22 . 2011-06-29 11:22	85504	----a-w-	c:\windows\system32\iesetup.dll
2011-06-29 11:22 . 2011-06-29 11:22	76800	----a-w-	c:\windows\system32\tdc.ocx
2011-06-29 11:22 . 2011-06-29 11:22	603648	----a-w-	c:\windows\system32\vbscript.dll
2011-06-29 11:22 . 2011-06-29 11:22	448512	----a-w-	c:\windows\system32\html.iec
2011-06-29 11:22 . 2011-06-29 11:22	30720	----a-w-	c:\windows\system32\licmgr10.dll
2011-06-29 11:22 . 2011-06-29 11:22	165888	----a-w-	c:\windows\system32\iexpress.exe
2011-06-29 11:22 . 2011-06-29 11:22	160256	----a-w-	c:\windows\system32\wextract.exe
2011-06-29 11:22 . 2011-06-29 11:22	1492992	----a-w-	c:\windows\system32\inetcpl.cpl
2011-06-29 11:14 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-06-29 11:14 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-06-25 09:10 . 2011-05-13 20:56	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 05:57 . 2011-07-13 12:34	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2011-05-25 09:36 . 2011-05-25 09:36	13720	----a-w-	c:\windows\system32\drivers\avfsfilter.sys
2011-05-24 17:14 . 2010-06-07 15:14	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 11:06	404480	----a-w-	c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 11:06	64512	----a-w-	c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 11:06	44544	----a-w-	c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 11:06	145920	----a-w-	c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 11:06	252928	----a-w-	c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DynDNS Updater Tray Icon.lnk - c:\program files (x86)\DynDNS Updater\DynTray.exe [2011-4-15 76656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]
R2 AV Engine Scanning Service;AV Engine Scanning Service;C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe [x]
R2 AV Watch Service;AV Watch Service;C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory; [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS); [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 DynDNS Updater;DynDNS Updater;c:\program files (x86)\DynDNS Updater\DynUpSvc.exe [2011-04-15 93048]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = 
IE: Free YouTube to MP3 Converter - c:\users\Engin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1FCFFEC4-A03D-4138-9EA4-D5CB37B31EBB}: NameServer = 216.146.35.35,216.146.36.36
TCP: Interfaces\{1FCFFEC4-A03D-4138-9EA4-D5CB37B31EBB}\75C414E4D2030313144364430323449333: NameServer = 216.146.35.35,216.146.36.36
TCP: Interfaces\{9E4AC53F-EDFB-4547-A52A-40DD4B0E561B}: NameServer = 216.146.35.35,216.146.36.36
TCP: Interfaces\{EF0E56D7-94A1-4245-9F95-B31F83A21A3C}: NameServer = 216.146.35.35,216.146.36.36
FF - ProfilePath - c:\users\Engin\AppData\Roaming\Mozilla\Firefox\Profiles\in4ml7ho.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-shockwave.exe - c:\users\Engin\AppData\Roaming\Microsoft\Protect\Credentials\shockwave.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AV Watch Service]
"ImagePath"="C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AV Watch Service]
"ImagePath"="C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3108945900-3578650200-747349248-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{57DB612F-7FE7-714E-3B43-213B23D90F04}*]
"hahkfdokjamimikm"=hex:6b,61,61,61,65,63,66,65,6e,6b,62,6d,6b,63,66,6b,68,65,
   68,65,69,70,00,76
"iajkpadgnibmplkkpb"=hex:6b,61,61,61,65,63,66,65,6e,6b,62,6d,6b,63,66,6b,68,65,
   68,65,69,70,00,76
.
[HKEY_USERS\S-1-5-21-3108945900-3578650200-747349248-1000\Software\SecuROM\License information*]
"datasecu"=hex:05,1b,1c,8a,6e,56,3c,b9,5c,83,8f,fb,bd,7f,59,09,31,e7,73,03,88,
   bb,4b,8f,23,50,71,e7,96,da,9d,97,1f,3a,12,ae,03,67,52,81,03,ce,72,03,8e,d4,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-08-04  14:53:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-08-04 12:53
.
Vor Suchlauf: 18 Verzeichnis(se), 246.659.108.864 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 246.410.006.528 Bytes frei
.
- - End Of File - - 674ADB2D8DE898433195DEA17920CC3A

Mentfruit · 04.08.2011, 14:04

Ey.. Danke Sicherheits-Center aktiviert

Windows Defender funktiniert

und Kommt kein Google weiterleitung

Danke ey das ist beste Forum der Welt

cosinus · 04.08.2011, 15:32

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

File::
c:\windows\SySWOW64\drivers\is3srv64.sys
c:\windows\SySWOW64\DRIVERS\szkg64.sys

Driver::
szkg5
is3srv

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Mentfruit · 04.08.2011, 18:37

Wieso denn PC funktiniort doch ?

cosinus · 04.08.2011, 19:47

Ja hm klar...ich fixe irgendwelche Einträge auch nur aus Spaß

04.08.2011, 19:47	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Sicherheitscenter wird automatisch deaktiviert und Google leitet weiter... Ja hm klar...ich fixe irgendwelche Einträge auch nur aus Spaß __________________ Logfiles bitte immer in CODE-Tags posten

Sicherheitscenter wird automatisch deaktiviert und Google leitet weiter...

Plagegeister aller Art und deren Bekämpfung: Sicherheitscenter wird automatisch deaktiviert und Google leitet weiter...