Sicherheitscenterdienst ist verschwunden

Waxweazle200 · 18.08.2013, 14:30

Hallo Leute,
ich habe das Problem das ich mir nen Virus eingefangen habe, dieser hat den Dienst des Sicherheitscenters unter Windows entfernt oder zumindest versteckt. Auch Microsoft Security Essentials kann nicht mehr geöffnet werden weil ich angeblich nicht die erforderlichen Rechte habe.
Nun habe ich schonmal Malwarebytes durchlaufen lassen, genauso wie hijackthis, beide haben nix gefunden. Antivir hat nen trojaner gefunden (hatte ich nur zum scannen installiert) diesen hab ich in Quarantäne verschoben.
Nun habe ich als letzte möglichkeit bevor ich den Laptop neu mache noch nen Scan mit Combofix gemacht in der Hoffnung das mir irgendwer von euch helfen kann.

Hier die Log-Datei:

ComboFix 13-08-18.01 - Waxweazle2001 18.08.2013 14:50:57.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2038.883 [GMT 2:00]
ausgeführt von:: e:\downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Waxweazle2001\AppData\Roaming\Xaypky
c:\users\Waxweazle2001\AppData\Roaming\Xaypky\coxoo.buy
c:\windows\PFRO.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-18 bis 2013-08-18 ))))))))))))))))))))))))))))))
.
.
2013-08-18 12:59 . 2013-08-18 12:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-18 10:10 . 2013-08-18 10:10 -------- d-----w- c:\programdata\AskPartnerNetwork
2013-08-18 10:10 . 2013-08-18 10:10 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2013-08-18 10:10 . 2013-08-18 10:10 -------- d-----w- c:\programdata\APN
2013-08-18 10:09 . 2013-08-18 12:33 -------- d-----w- c:\programdata\Avira
2013-08-17 16:25 . 2013-08-17 16:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-08-17 16:24 . 2013-08-18 12:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-08-17 15:21 . 2013-08-17 15:21 -------- d-----w- c:\users\Waxweazle2001\AppData\Roaming\Malwarebytes
2013-08-17 15:21 . 2013-08-17 15:21 -------- d-----w- c:\programdata\Malwarebytes
2013-08-16 18:55 . 2013-08-16 18:55 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5EC98090-E9F8-405F-86CC-306EF39A5D57}\offreg.dll
2013-08-16 18:54 . 2013-08-16 18:54 -------- d-----w- c:\program files (x86)\Google
2013-08-16 18:54 . 2013-08-16 18:54 -------- d-----w- c:\users\Waxweazle2001\AppData\Local\Google
2013-08-16 15:37 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5EC98090-E9F8-405F-86CC-306EF39A5D57}\mpengine.dll
2013-08-16 15:33 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-16 15:33 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-16 15:33 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-16 15:33 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-16 15:33 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-16 15:33 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-16 15:33 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-16 15:33 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-16 15:29 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-16 15:29 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-16 15:29 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-16 15:29 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-16 15:29 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-16 15:29 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-16 15:29 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-16 15:29 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-13 08:31 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-12 08:32 . 2013-08-12 08:32 -------- d-----w- c:\users\Waxweazle2001\.android
2013-08-12 08:27 . 2013-08-12 08:35 -------- d-----w- c:\users\Waxweazle2001\AppData\Roaming\MyPhoneExplorer
2013-08-04 17:40 . 2013-08-04 17:40 -------- d-----w- c:\programdata\Synology
2013-07-22 13:25 . 2013-07-22 13:25 -------- d-----w- C:\Drivers
2013-07-22 13:25 . 2006-11-01 19:59 7296 ----a-w- c:\windows\system32\drivers\fuj02e3.sys
2013-07-22 13:24 . 2013-07-22 13:24 -------- d-----w- c:\program files (x86)\SMSC
2013-07-22 13:24 . 2006-10-18 13:42 37376 ----a-w- c:\windows\system32\drivers\smscir64.sys
2013-07-22 13:23 . 2013-07-22 13:23 -------- d-----w- C:\dell
2013-07-22 13:21 . 2013-07-22 13:21 -------- d-----w- c:\program files (x86)\O2Micro International LTD
2013-07-22 13:21 . 2006-11-14 10:42 100480 ----a-w- c:\windows\SysWow64\drivers\OZSCRx64.sys
2013-07-22 13:21 . 2013-07-22 13:21 -------- d-----w- c:\users\Waxweazle2001\AppData\Roaming\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-16 21:52 . 2013-01-10 18:44 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-17 08:06 . 2013-07-17 08:07 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5FE211F-AFF3-4F98-A1D9-3F8CA8207D0B}\gapaengine.dll
2013-07-14 09:35 . 2013-01-20 12:58 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-14 09:35 . 2013-01-20 12:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-22 12:15 . 2013-03-12 20:17 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-21 13:10 . 2013-06-21 13:11 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-21 13:10 . 2013-01-10 21:19 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-21 13:10 . 2013-01-10 21:19 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-18 19:50 . 2013-06-18 19:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2012-08-30 21:03 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-12 16:57 . 2013-06-12 16:58 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 16:57 . 2013-06-12 16:58 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-05 03:34 . 2013-07-11 15:40 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 15:40 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 15:40 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-26 16:37 . 2013-05-26 16:37 715038 ----a-w- c:\windows\unins000.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-07-26 20:30 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-07-26 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3070 B611 series (NET)"="c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"TRUUpdater"="c:\program files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2009-06-26 558360]
"WatcherHelper"="c:\program files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2009-04-07 62744]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-07-26 1558480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SystemStoreService;System Store;c:\program files (x86)\SoftwareUpdater\SystemStore.exe -displayname System Store -servicename SystemStoreService;c:\program files (x86)\SoftwareUpdater\SystemStore.exe -displayname System Store -servicename SystemStoreService [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SWNC8U32;Sierra Wireless MUX NDIS Driver (UMTS32);c:\windows\system32\DRIVERS\swnc8u32.sys;c:\windows\SYSNATIVE\DRIVERS\swnc8u32.sys [x]
R3 SWUMX32;Sierra Wireless USB MUX Driver (UMTS32);c:\windows\system32\DRIVERS\swumx32.sys;c:\windows\SYSNATIVE\DRIVERS\swumx32.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;d:\programme\TomTom HOME 2\TomTomHOMEService.exe;d:\programme\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UsbClientService;UsbClientService;d:\programme\Synology\Assistant\UsbClientService.exe;d:\programme\Synology\Assistant\UsbClientService.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys;c:\windows\SYSNATIVE\DRIVERS\FUJ02E3.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdx64.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdx64.sys [x]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCir64.sys;c:\windows\SYSNATIVE\DRIVERS\SMSCir64.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-20 09:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{CB83EE71-F22D-4466-8F04-EE9EACCB2BA3}: NameServer = 192.168.20.1
FF - ProfilePath - c:\users\Waxweazle2001\AppData\Roaming\Mozilla\Firefox\Profiles\pj0junss.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.http - 91.143.60.172
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-07-26 22:31; toolbar_AVIRA-V7@apn.ask.com; c:\users\Waxweazle2001\AppData\Roaming\Mozilla\Firefox\Profiles\pj0junss.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF - user.js: extensions.autoDisableScopes - 10
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-dBpoweramp AAC Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp AIFF Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Batch Ripper - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp CLI Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DirectShow Decoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Nero AAC Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Utilities - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4b Audio book Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Midi Decoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPowerAMP Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Musepack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis aoTuV Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp OptimFROG Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Shorten Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Speex Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp TTA Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Wave64 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Audio Info] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Channel Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Length Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-MPEG Suite 2001r2 - c:\windows\system32\SpoonUninstall.exe
AddRemove-Ogg Vorbis CLI - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\o2flash.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
d:\programme\VMWarePlayer\vmware-authd.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-18 15:21:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-08-18 13:20
.
Vor Suchlauf: 8.310.218.752 Bytes frei
Nach Suchlauf: 8.264.355.840 Bytes frei
.
- - End Of File - - A32599FA80D989D09D22E513ACFC66D0
A36C5E4F47E84449FF07ED3517B43A31

Sicherheitscenterdienst ist verschwunden

Log-Analyse und Auswertung: Sicherheitscenterdienst ist verschwunden

Sicherheitscenterdienst ist verschwunden

Ähnliche Themen: Sicherheitscenterdienst ist verschwunden