Und zusätzlich hat das Programm noch eine Extras.Txt datei geöffnet. Diese noch einmal hier, falls nötig.


OTL EXTRAS Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 17.01.2012 22:28:44 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Simon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,75% Memory free
6,19 Gb Paging File | 4,99 Gb Available in Paging File | 80,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126,37 Gb Total Space | 12,50 Gb Free Space | 9,89% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 13,03 Gb Free Space | 57,51% Space Free | Partition Type: FAT32
 
Computer Name: SIMON-LAPTOP | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3667741701-2761226800-4140390284-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3667741701-2761226800-4140390284-1004]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3667741701-2761226800-4140390284-1005]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16559EA7-1C7C-4145-9CAC-5FCA860226B7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1C347F18-A62C-46CA-9B0D-7D37960B2BF9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3B62A8A7-A54A-4B72-8ED2-3823341FCDCE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5CB3A194-6777-4EDD-A870-78547F6FCE22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{866D3D89-1444-4BCB-8D49-B05C427375F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8B10FB02-C228-4129-B9C0-0414BA278F63}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8C9E3C4E-72B0-4919-A3C1-C61543D60E2D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{93A7A66C-CE9C-44F2-A4AA-3382838A651C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{97A9B9E7-890D-4442-829B-68FF293B9B7E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{A423895E-A5ED-4517-A919-966A0F4335D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B6109842-23BA-40A9-96CF-A81BDAD63582}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BC77AC54-36C6-4BDC-88AB-3D64DF8D913C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{BD5AF4A7-FC76-4021-9773-037A086C55EB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BF60903C-8628-4EB3-BA78-2381946DC864}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CCACAAB3-89BF-4696-885F-73FEEB6C5DDE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D3683363-C25E-4E62-B70E-4C3FB2AEA18C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DA3DA2C6-799E-4758-B90A-E3728934BD4A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DC55C927-7D6E-41EA-BC6F-9C4BC9C9DB59}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DCF5399E-8FCF-412D-A267-60E24FA30E31}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E3CABC93-55C7-4366-8600-D5BE6A938EA8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E75316DE-D9BE-4CB6-927A-58F70941252E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FC21A2B1-9A68-43A7-B7EC-38D1F1438788}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FECBD4DD-8B19-4D39-A69A-79E8928DAB76}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FFC38105-F532-4776-9BA0-AE9938DF913F}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0459AAFC-10EA-438B-B750-7BAEDEE254AD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{0504AF66-C59A-4A41-8EE6-A47FB1E4DC19}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{21414FA7-3F37-4E11-8D5C-980CF98F1FE3}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{37EF9A4E-79BA-4590-B70C-9593101FCDC7}" = protocol=6 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3BE72712-8ADC-49A4-BBB7-7B77289622FD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{3FA1A0C0-0B49-4A09-8DDB-73628879A0E6}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{46F5CD80-22F6-4654-A8B5-BAB5694FB1D8}" = protocol=17 | dir=in | app=f:\alicesetup.exe | 
"{4EC07EC3-6C26-42D5-B0EB-E5AC6F69F25E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4EC74D28-0581-4BD3-A335-95D678FE65CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{556C9AD7-930D-4B94-BA48-0C4E15DAC5D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{58F212B2-482C-4857-9105-08559C791259}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{59328249-D84D-4E46-A42D-39E52DB0502E}" = protocol=6 | dir=in | app=f:\alicesetup.exe | 
"{61CDA90A-84BA-4EE3-9BB9-E6C4DBE458F7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{63BDC5FE-51B5-446A-B6CF-3B281F208F77}" = protocol=17 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6B30E3A7-1816-4985-9FF3-2B8A2125B784}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6D88E1C9-8F84-405D-80A5-CF8EF2B67593}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{794808C0-0E31-4B71-9BE5-6A78B58AB1A9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7CDE39F6-95A4-44A1-BED5-A153AFFD84AA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8228C060-9437-4475-B3F5-C86DF863C03A}" = protocol=6 | dir=out | app=system | 
"{8BB6AD56-65B5-44B9-928F-1EEC9EAA0122}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9488B774-23A3-4028-960F-65C3559E19E6}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{9DCE4BD7-A42B-421F-A510-ACC24CD7170B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B235E801-B6DB-4E7C-9B72-30956AF0C64B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B38136FD-B73C-4ED7-9C66-5C860C32D25D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BAA6538B-EBF4-46F9-9651-C1258A18665C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CBBD4BAD-2251-4AE8-8C54-E26DBD3FD7AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F936256C-4A85-4970-BB21-EC78B71C95E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{100D128F-6CF2-4A0E-9784-8C5EED02D9FC}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{1D2FE0AF-39BD-423F-B869-CEB6705D8E4D}C:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{6DDF4039-F796-4F40-8B56-67B1F4990592}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{3F25882A-FC74-4A7A-91D6-A63068B2E089}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{4C640E53-AC68-473C-8B1F-8BB94229A71D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{FE0D66FB-D920-4163-AFE8-2BB2C0FDF4BB}C:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = YouCam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}" = Nero 8 Essentials
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{835A6F5F-BC13-48DF-BEBE-8D80B419D145}" = Cisco AnyConnect VPN Client
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.1 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0CC5440-E305-11E0-BCC1-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3B7C24-30A1-4961-8039-94919F5ED2EE}" = Noiseware Community Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"1Password_is1" = 1Password 1.0.8.220
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mp3tag" = Mp3tag v2.46a
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro41x32_is1" = Photomatix Pro version 4.1.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VideoLAN VLC media player 0.8.6c
"vShare.tv plugin" = vShare.tv plugin 1.3
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.01.2012 12:55:55 | Computer Name = Simon-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1721659
 
Error - 16.01.2012 07:14:29 | Computer Name = Simon-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.01.2012 07:14:29 | Computer Name = Simon-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1497
 
Error - 16.01.2012 07:14:29 | Computer Name = Simon-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1497
 
Error - 16.01.2012 07:14:32 | Computer Name = Simon-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.01.2012 07:14:32 | Computer Name = Simon-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5194
 
Error - 16.01.2012 07:14:32 | Computer Name = Simon-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5194
 
Error - 16.01.2012 16:23:41 | Computer Name = Simon-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ping.exe, Version 6.0.6001.18000, Zeitstempel
 0x47919130, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x04ad2810,  Prozess-ID 0x132c, Anwendungsstartzeit
 01ccd48c50986d55.
 
Error - 16.01.2012 17:04:12 | Computer Name = Simon-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ping.exe, Version 6.0.6001.18000, Zeitstempel
 0x47919130, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x04cd7090,  Prozess-ID 0x86c, Anwendungsstartzeit
 01ccd4924de808db.
 
Error - 16.01.2012 17:28:21 | Computer Name = Simon-Laptop | Source = EventSystem | ID = 4609
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 17.01.2012 17:29:43 | Computer Name = Simon-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CTlsTransport::OnTransportInitiateComplete File: .\IP\TlsTransport.cpp
Line:
 344 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
 -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 17.01.2012 17:29:43 | Computer Name = Simon-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
 815 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
 -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 17.01.2012 17:29:43 | Computer Name = Simon-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 253 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 17.01.2012 17:29:43 | Computer Name = Simon-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
 1149 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 17.01.2012 17:29:51 | Computer Name = Simon-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
 815 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
 -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 17.01.2012 17:29:51 | Computer Name = Simon-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 253 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 17.01.2012 17:29:51 | Computer Name = Simon-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
 1149 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 17.01.2012 17:29:51 | Computer Name = Simon-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 976 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target 
 
Error - 17.01.2012 17:29:51 | Computer Name = Simon-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 812 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
Error - 17.01.2012 17:29:51 | Computer Name = Simon-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 189 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
[ OSession Events ]
Error - 03.04.2011 17:45:28 | Computer Name = Simon-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1634
 seconds with 1620 seconds of active time.  This session ended with a crash.
 
Error - 12.05.2011 17:24:19 | Computer Name = Simon-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 423
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 12.05.2011 17:24:36 | Computer Name = Simon-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.12.2011 13:00:17 | Computer Name = Simon-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1104
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 15.12.2011 07:29:38 | Computer Name = Simon-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 875
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 17.01.2012 08:03:41 | Computer Name = Simon-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2012 08:03:41 | Computer Name = Simon-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2012 08:30:34 | Computer Name = Simon-Laptop | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 17.01.2012 08:33:47 | Computer Name = Simon-Laptop | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 17.01.2012 08:33:47 | Computer Name = Simon-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2012 08:33:47 | Computer Name = Simon-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2012 12:22:18 | Computer Name = Simon-Laptop | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = 
 
Error - 17.01.2012 12:23:40 | Computer Name = Simon-Laptop | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 17.01.2012 12:23:40 | Computer Name = Simon-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2012 12:23:40 | Computer Name = Simon-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         

--- --- ---

Ist da etwas mit anzufangen?

Aktualisierung:

Nachdem ich den Laptop ca. eine halbe Stunde eingeschaltete hatte ohne im Internet zu sein, kam ein Bluescreen.

Hier die Windowsfehlermeldung nach dem Neustart:

Code: Alles auswählenAufklappen

ATTFilter

Problemsignatur:
  Problemereignisname:	BlueScreen
  Betriebsystemversion:	6.0.6002.2.2.0.768.3
  Gebietsschema-ID:	1031

Zusatzinformationen zum Problem:
  BCCode:	50
  BCP1:	9C742000
  BCP2:	00000000
  BCP3:	87F7F7F0
  BCP4:	00000000
  OS Version:	6_0_6002
  Service Pack:	2_0
  Product:	768_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
  C:\Windows\Minidump\Mini011812-01.dmp
  C:\Users\Simon\AppData\Local\Temp\WER-60497-0.sysdata.xml
  C:\Users\Simon\AppData\Local\Temp\WER7F9A.tmp.version.txt

Lesen Sie unsere Datenschutzrichtlinie:
  hxxp://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0407
         

Du hast da offensichtlich ein ZeroAccess Rootkit im System. Die Bereingung solcher Gäste ist nicht ohne, du solltest dich innerlich schonmal auf eine komplette Neuinstallation des Systems einstellen.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop.

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Ich habe die Datei runtergeladen. Antivir ausgeschaltet, auf Windows Defender kann ich komischerweise nicht zugreifen. Wenn ich dann auf ComboFix.exe (Was übrigens nicht mit dem "normalen" Symbol angezeigt wird) auf dem Desktop klicke, kommt die Warnungmeldung, die ich bestätige. Danach poppt kurz ein schwarzes "Eingabe" Fenster auf. Danach verschwindet es und es passiert nichts mehr...

Internetverbindung aktivieren oder nicht? Hab ich wieder etwas falsch gemacht?

Verbindung zum Internet muss aktiv sein

Bisher habe ich noch nicht geschafft ComboFix zu starten, da der PC sehr träge wird.

Hoffentlich klappt es gleich...

Das selbe Problem wie vorher.

Habe ein wenig in Eigenschaften von ComboFix.exe geguckt. Wenn ich unter Programm das Häckchen bei "Nach Beenden schließen" entferne und es versuche, bleibt das Eingabefenster mit dem Text: "Program too big too fit in memory"

Was nun?

probier es im abgesicherten mit Netzwerk




Abgesicherter Modus zur Bereinigung

• Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
• Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:
  
  

Nachdem ich Combofix im abgesicherten Modus erneut runtergeladen habe, sah es gut aus. Endlich war auch das Symbol richtig.
Beim Öffnen kam auch die Frage nach Haftunsausschluss. Danach ging der Laptop einfach aus. Beim erneuten Start erst Bluscreen, aber zu unterschiedlichen Zeiten.
Jetzt ist er wieder ganz hochgefahren... Combofix aktiviert, dekompromiert Datein, Laptop geht aus.

Das wars dann wohl oder?

Hmpf, ist das Gerät ünerhaupt noch stabil?
Nicht, dass du da auch noch ein Hardwareproblem hast.

Ich würde erstmal versuchen rauszufinden, ob das nur unter Windows so ist, oder auch mit anderen Betriebssystemen.
Lad dir mal sowas wie Knoppix oder Ubuntu herunter, brenn die iso Datei per Imagebrennfunktion auf eine CD und boote den Rechner davon.
Teste dann mal ausgiebig das System unter Linux und berichte ob es dort normal läuft.

Bisher hatte ich auch mit den Warnungen und nach dem Virusfund ja überhaupt keine Probleme, ausser das sich diese Website geöffnet hat.
Ich hab es jetzt auch noch einmal probiert und dabei ist er auch nicht abgestürzt. Allerdings sagt Combofix mir jetzt: Warning - Do not run Combofix in Compatibility Mode. Doing so may damage the machine.

Dabei ist es egal, ob ich es im normalen oder abgesicherten Modus probiere. Drücke ich auf "Ok", passiert nichts mehr mit CF. Sonst geht aber alles am PC... Also der hängt sich nicht auf oder so.
Auch das neu downloaden von CF brachte nichts.

Ich probier mal weiter rum

Hab es jetzt unter einem anderen Benutzerkonto (auch Administrator) am laufen. Stellt das ein Problem dar?

Es hat geklappt, Cosinus

[code]
Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-01-18.04 - Bernd2 18.01.2012  17:57:10.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.2144 [GMT 1:00]
ausgeführt von:: c:\users\Bernd2\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB24042$\1844902489
c:\windows\$NtUninstallKB24042$\3473773287\@
c:\windows\$NtUninstallKB24042$\3473773287\bckfg.tmp
c:\windows\$NtUninstallKB24042$\3473773287\cfg.ini
c:\windows\$NtUninstallKB24042$\3473773287\Desktop.ini
c:\windows\$NtUninstallKB24042$\3473773287\keywords
c:\windows\$NtUninstallKB24042$\3473773287\kwrd.dll
c:\windows\$NtUninstallKB24042$\3473773287\L\qnbwvoto
c:\windows\$NtUninstallKB24042$\3473773287\U\00000001.@
c:\windows\$NtUninstallKB24042$\3473773287\U\00000002.@
c:\windows\$NtUninstallKB24042$\3473773287\U\00000004.@
c:\windows\$NtUninstallKB24042$\3473773287\U\80000000.@
c:\windows\$NtUninstallKB24042$\3473773287\U\80000004.@
c:\windows\$NtUninstallKB24042$\3473773287\U\80000032.@
c:\windows\security\Database\tmp.edb
c:\windows\$NtUninstallKB24042$ . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-18 bis 2012-01-18  ))))))))))))))))))))))))))))))
.
.
2012-01-18 17:08 . 2012-01-18 17:10	--------	d-----w-	c:\users\Bernd2\AppData\Local\temp
2012-01-18 17:08 . 2012-01-18 17:08	--------	d-----w-	c:\users\Simon\AppData\Local\temp
2012-01-17 13:21 . 2012-01-17 13:21	--------	d-----w-	c:\users\Simon\AppData\Roaming\Malwarebytes
2012-01-17 13:21 . 2012-01-17 13:21	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-17 13:21 . 2012-01-17 13:21	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-01-17 13:21 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-17 12:30 . 2012-01-17 12:30	--------	d-----w-	C:\_OTL
2012-01-17 11:17 . 2012-01-17 11:17	--------	d-----w-	c:\program files\CCleaner
2012-01-17 06:55 . 2012-01-17 06:55	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-01-16 20:03 . 2012-01-16 20:03	--------	d-----w-	c:\program files\PhotomatixPro4
2012-01-14 17:09 . 2012-01-14 17:09	--------	d-----w-	c:\program files\Imagenomic
2012-01-14 10:02 . 2012-01-14 10:02	--------	d-----w-	c:\users\Simon\AppData\Roaming\HDRsoft
2012-01-13 09:21 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C51F070-F142-4D7D-B22B-078DD8E29E4C}\mpengine.dll
2012-01-11 12:21 . 2011-10-14 16:03	189952	----a-w-	c:\windows\system32\winmm.dll
2012-01-11 12:21 . 2011-10-14 16:00	23552	----a-w-	c:\windows\system32\mciseq.dll
2012-01-11 12:21 . 2011-11-18 20:23	1205064	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 12:19 . 2011-11-18 17:47	66560	----a-w-	c:\windows\system32\packager.dll
2012-01-11 12:19 . 2011-11-25 15:59	376320	----a-w-	c:\windows\system32\winsrv.dll
2012-01-11 12:19 . 2011-12-01 15:21	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 12:19 . 2011-10-25 15:58	1314816	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 12:19 . 2011-10-25 15:58	497152	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 12:18 . 2011-11-16 16:23	377344	----a-w-	c:\windows\system32\winhttp.dll
2012-01-11 12:18 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2012-01-11 12:18 . 2011-11-16 16:23	278528	----a-w-	c:\windows\system32\schannel.dll
2012-01-11 12:18 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
2012-01-11 12:18 . 2011-11-17 06:48	440192	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-11 12:18 . 2011-11-16 16:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-08 16:02 . 2012-01-08 16:02	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2012-01-06 17:37 . 2012-01-06 17:37	--------	d-----w-	c:\users\Simon\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-01-06 17:36 . 2012-01-06 17:36	--------	d-----w-	c:\program files\Adobe Download Assistant
2012-01-06 17:36 . 2012-01-06 17:36	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2012-01-06 11:15 . 2012-01-06 11:15	--------	d-----w-	c:\programdata\FLEXnet
2012-01-06 11:12 . 2007-02-20 15:04	190696	------w-	c:\windows\system32\NPSWF32_FlashUtil.exe
2012-01-06 11:12 . 2007-02-20 15:04	2463976	------w-	c:\windows\system32\NPSWF32.dll
2012-01-06 10:57 . 2012-01-06 10:57	--------	d-----w-	c:\program files\Common Files\Macrovision Shared
2012-01-06 10:52 . 2012-01-06 10:52	239168	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-06 10:52 . 2012-01-06 10:52	--------	d-----w-	c:\program files\DAEMON Tools Lite
2012-01-06 10:51 . 2012-01-06 10:54	--------	d-----w-	c:\users\Simon\AppData\Roaming\DAEMON Tools Lite
2012-01-06 10:51 . 2012-01-06 10:51	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2012-01-01 21:53 . 2012-01-01 21:53	--------	d-----w-	c:\program files\iPod
2012-01-01 21:53 . 2012-01-01 21:54	--------	d-----w-	c:\program files\iTunes
2011-12-27 11:53 . 2011-12-27 11:53	626688	----a-w-	c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-27 11:53 . 2011-12-27 11:53	548864	----a-w-	c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-27 11:53 . 2011-12-27 11:53	479232	----a-w-	c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-27 11:53 . 2011-12-27 11:53	43992	----a-w-	c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-14 17:08 . 2011-06-12 20:23	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37 . 2011-12-14 11:19	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-11-08 14:42 . 2011-12-14 11:19	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-14 11:24	1798144	----a-w-	c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-14 11:24	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 11:24	1127424	----a-w-	c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-14 11:24	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-10-27 08:01 . 2011-12-14 11:19	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01 . 2011-12-14 11:19	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56 . 2011-12-14 11:19	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-10-24 13:29 . 2011-10-24 13:29	94208	------w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	------w-	c:\windows\system32\QuickTime.qts
2011-12-27 11:53 . 2011-03-10 22:31	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-18 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-18 8501792]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"toolbar_eula_launcher"=c:\program files\GoogleEULA\EULALauncher.exe
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3667741701-2761226800-4140390284-1003]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3667741701-2761226800-4140390284-1004]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3667741701-2761226800-4140390284-1005]
"EnableNotificationsRef"=dword:00000001
.
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - c:\progra~1\1PASSW~1\AGILE1~1.DLL
TCP: DhcpNameServer = 192.168.11.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Bernd2\AppData\Roaming\Mozilla\Firefox\Profiles\ib27m6gx.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-18  18:17:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-18 17:17
.
Vor Suchlauf: 10 Verzeichnis(se), 12.570.509.312 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 12.575.477.760 Bytes frei
.
- - End Of File - - 7998EFDBB88700C793905FFADA2373F5
         

--- --- ---


Ist das schon einmal gut?

Ja hauptsache der andere User mit dem du dich einlogsst hat auch Adminrechte...hatte er
Zum alltäglichen Surfen/Arbeiten am Rechner solltest du aber in Zukunft ein Konto mit eingeschränkten Rechten nehmen

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code: Alles auswählenAufklappen

ATTFilter

Folder::
c:\windows\$NtUninstallKB24042$
         

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!