Windows Vista SP2: Kein Zugriff mehr auf viele Programme.

schrauber · 15.04.2014, 10:21

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\S-1-5-21-2149094274-397478528-610200255-1000\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\Windows Firewall\winfirewall.exe" [0 ] (Motorola, Inc.) <==== ATTENTION 
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
C:\ProgramData\Windows Firewall
C:\Users\Chaos\AppData\Roaming\msconfig.ini
C:\Users\Public\AlexaNSISPlugin.3456.dll

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Jetzt bitte nochmal Combofix.

Florian.K · 15.04.2014, 17:59

Danke Schrauber für die Fixlist, danach hatte Combofix dann auch endlich funktioniert

.
Hier die Auswertungslogs:

FRST Fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-04-2014
Ran by Chaos at 2014-04-15 18:29:26 Run:1
Running from C:\Users\Chaos\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2149094274-397478528-610200255-1000\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\Windows Firewall\winfirewall.exe" [0 ] (Motorola, Inc.) <==== ATTENTION 
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
C:\ProgramData\Windows Firewall
C:\Users\Chaos\AppData\Roaming\msconfig.ini
C:\Users\Public\AlexaNSISPlugin.3456.dll
         
*****************

HKU\S-1-5-21-2149094274-397478528-610200255-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe => Key deleted successfully.

"C:\ProgramData\Windows Firewall" directory move:

Could not move "C:\ProgramData\Windows Firewall\winfirewall.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Windows Firewall" directory. => Scheduled to move on reboot.

C:\Users\Chaos\AppData\Roaming\msconfig.ini => Moved successfully.
C:\Users\Public\AlexaNSISPlugin.3456.dll => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-15 18:31:06)<=

C:\ProgramData\Windows Firewall\winfirewall.exe => Is moved successfully.
C:\ProgramData\Windows Firewall => Moved successfully.

==== End of Fixlog ====

Combofix

Code:

ATTFilter

ComboFix 14-04-12.01 - Chaos 15.04.2014  18:45:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3071.1703 [GMT 2:00]
ausgeführt von:: c:\users\Chaos\Desktop\ComboFixx.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-15 bis 2014-04-15  ))))))))))))))))))))))))))))))
.
.
2014-04-15 16:54 . 2014-04-15 16:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-15 16:54 . 2014-04-15 16:54	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-04-15 16:37 . 2014-04-15 16:37	39464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F930E937-BE9B-4975-B1DC-2C0C526D8B59}\MpKslb7668738.sys
2014-04-15 16:30 . 2014-03-07 04:35	7969936	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F930E937-BE9B-4975-B1DC-2C0C526D8B59}\mpengine.dll
2014-04-14 16:00 . 2014-04-14 16:00	--------	d-----w-	c:\program files\Samsung
2014-04-13 15:52 . 2014-04-15 16:31	--------	d-----w-	C:\FRST
2014-04-13 13:21 . 2014-04-14 22:17	--------	d-----w-	c:\users\Administrator\AppData\Local\TSVNCache
2014-04-13 13:21 . 2014-04-13 13:21	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Subversion
2014-04-13 13:06 . 2010-04-05 20:00	221568	----a-w-	c:\windows\system32\drivers\netio.sys
2014-04-13 12:54 . 2014-04-13 12:54	--------	d-----w-	c:\program files\Check Point Software Technologies LTD
2014-04-13 12:54 . 2014-04-13 12:54	--------	d-----w-	c:\users\Chaos\AppData\Roaming\Check Point Software Technologies LTD
2014-04-13 12:54 . 2014-04-13 13:07	--------	d-----w-	c:\program files\CheckPoint
2014-04-13 12:52 . 2014-04-13 12:52	--------	d-----w-	c:\programdata\CheckPoint
2014-04-13 12:00 . 2014-03-17 08:16	7969936	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4BB82B5-309C-493D-9C53-BB4620520742}\mpengine.dll
2014-04-11 17:42 . 2014-04-11 17:42	--------	d-----w-	c:\users\Chaos\AppData\Roaming\com.wb.DC2
2014-04-11 17:41 . 2014-04-11 17:41	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2014-04-11 11:43 . 2014-03-07 04:35	7969936	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-08 17:30 . 2014-04-08 17:30	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2014-04-08 17:30 . 2014-04-08 17:30	--------	d-----w-	c:\program files\DVDVideoSoft
2014-04-08 17:29 . 2014-04-08 17:30	--------	d-----w-	c:\users\Chaos\AppData\Roaming\DVDVideoSoft
2014-04-08 15:10 . 2014-04-08 15:10	--------	d-----w-	c:\users\Chaos\AppData\Roaming\Enterbrain
2014-04-08 15:10 . 2014-04-08 15:10	--------	d-----w-	c:\program files\Common Files\Enterbrain
2014-04-08 15:08 . 2014-04-09 10:32	--------	d-----w-	c:\program files\RPG Maker VX Ace
2014-04-08 14:34 . 2013-10-17 15:32	19448	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\TeamViewer_PrintProcessor.dll
2014-04-08 14:32 . 2014-04-10 11:06	--------	d-----w-	c:\users\Chaos\AppData\Roaming\TeamViewer
2014-04-08 14:32 . 2013-10-17 15:32	25088	----a-w-	c:\windows\system32\drivers\teamviewervpn.sys
2014-04-07 10:20 . 2014-04-07 10:20	--------	d-----w-	c:\users\Chaos\AppData\Roaming\LolClient
2014-04-06 22:14 . 2008-07-12 06:18	467984	----a-w-	c:\windows\system32\d3dx10_39.dll
2014-04-06 22:14 . 2008-07-12 06:18	1493528	----a-w-	c:\windows\system32\D3DCompiler_39.dll
2014-04-06 22:14 . 2008-07-12 06:18	3851784	----a-w-	c:\windows\system32\D3DX9_39.dll
2014-04-06 22:13 . 2014-04-06 22:13	--------	d-sh--w-	c:\windows\system32\AI_RecycleBin
2014-04-06 22:12 . 2014-04-12 20:03	--------	d-----w-	c:\users\Chaos\AppData\Local\PMB Files
2014-04-06 22:12 . 2014-04-12 20:03	--------	d-----w-	c:\programdata\PMB Files
2014-04-06 22:12 . 2014-04-06 22:12	--------	d-----w-	c:\program files\Pando Networks
2014-04-06 22:11 . 2014-04-06 22:12	--------	d-----w-	c:\users\Chaos\AppData\Roaming\Riot Games
2014-04-06 16:46 . 2014-04-06 16:46	--------	d-----w-	c:\program files\Infogrames
2014-04-06 16:45 . 2002-12-05 12:10	155648	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2014-04-06 16:45 . 2002-12-02 13:22	5632	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2014-04-06 16:45 . 2002-12-02 11:33	57344	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2014-04-06 16:45 . 2002-12-02 11:33	32768	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2014-04-06 16:45 . 2002-12-02 11:33	237568	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2014-04-06 16:45 . 2002-12-05 12:12	692224	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2014-04-06 16:44 . 2014-04-06 16:44	282756	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2014-04-06 16:44 . 2014-04-06 16:44	163972	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2014-04-05 10:45 . 2014-04-05 10:45	--------	d-----w-	c:\program files\Pro Pinball
2014-04-03 08:39 . 2014-04-03 08:39	--------	d-----w-	c:\users\Chaos\AppData\Local\Electronic Arts
2014-04-02 17:40 . 2014-04-02 17:46	--------	d-----w-	c:\users\Chaos\AppData\Roaming\Notepad++
2014-04-02 17:39 . 2014-04-02 17:39	--------	d-----w-	C:\Neuer Ordner
2014-03-31 13:10 . 2014-03-31 13:10	--------	d-----w-	c:\program files\InterActual
2014-03-30 09:57 . 2014-03-30 09:57	--------	d-----w-	c:\program files\SCOL
2014-03-30 09:52 . 2014-03-30 09:57	--------	d-----w-	c:\program files\Scotland Yard
2014-03-30 09:50 . 2014-03-30 09:50	--------	d-----w-	C:\SCOL
2014-03-30 09:49 . 1998-01-23 10:22	304128	----a-w-	c:\windows\IsUninst.exe
2014-03-29 20:39 . 2014-04-15 16:31	--------	d-----w-	c:\users\Chaos\AppData\Local\TSVNCache
2014-03-29 19:58 . 2014-03-29 19:58	--------	d-----w-	c:\users\Chaos\AppData\Roaming\TortoiseSVN
2014-03-29 19:58 . 2014-03-29 19:58	--------	d-----w-	c:\users\Chaos\AppData\Roaming\Subversion
2014-03-29 19:56 . 2014-03-29 19:57	--------	d-----w-	c:\program files\TortoiseSVN
2014-03-29 19:56 . 2014-03-29 19:56	--------	d-----w-	c:\program files\Common Files\TortoiseOverlays
2014-03-25 20:36 . 2014-03-25 20:37	--------	d-----w-	c:\users\Chaos\AppData\Local\Sniper Elite Zombie Army 2
2014-03-24 18:52 . 2014-03-24 19:22	--------	d-----w-	c:\users\Chaos\AppData\Local\ESN Sonar
2014-03-24 15:51 . 2014-03-24 15:51	--------	d-----w-	c:\users\Chaos\AppData\Local\Skype
2014-03-23 17:07 . 2014-03-23 17:17	--------	d-----w-	c:\users\Chaos\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2014-03-23 10:03 . 2014-03-23 17:42	--------	d-----w-	c:\users\Chaos\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2014-03-22 18:15 . 2014-03-22 18:15	--------	d-----w-	c:\program files\CDCheck
2014-03-16 19:36 . 2014-04-13 22:06	--------	d-----w-	c:\users\Chaos\AppData\Roaming\FileZilla
2014-03-16 19:36 . 2014-04-11 14:32	--------	d-----w-	c:\program files\FileZilla FTP Client
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-09 13:35 . 2013-12-15 21:09	138056	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2014-04-09 13:35 . 2013-12-15 21:09	138056	----a-w-	c:\users\Chaos\AppData\Roaming\PnkBstrK.sys
2014-04-09 13:35 . 2013-12-15 21:09	189248	----a-w-	c:\windows\system32\PnkBstrB.exe
2014-04-09 13:35 . 2013-12-15 21:09	189248	----a-w-	c:\windows\system32\PnkBstrB.ex0
2014-04-09 13:35 . 2013-12-15 21:09	75136	----a-w-	c:\windows\system32\PnkBstrA.exe
2014-04-05 12:54 . 2014-03-06 11:15	280904	----a-w-	c:\windows\system32\PnkBstrB.xtr
2014-03-31 07:35 . 2013-10-12 18:28	231584	------w-	c:\windows\system32\MpSigStub.exe
2014-03-12 19:10 . 2013-10-12 18:26	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-03-12 19:10 . 2013-10-12 18:26	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 07:52 . 2013-09-27 08:53	104264	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-26 11:34 . 2014-02-26 11:34	140664	----a-r-	c:\users\Chaos\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut32_2E5D39767F054810B83C83055B807C9B.exe
2014-02-26 11:34 . 2014-02-26 11:34	140664	----a-r-	c:\users\Chaos\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut31_B73A0743FB134C4FB6C20785375EEA87.exe
2014-02-26 11:34 . 2014-02-26 11:34	140664	----a-r-	c:\users\Chaos\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut161_93A99C3B61474B5EBFCC517073898C1A.exe
2014-02-26 11:34 . 2014-02-26 11:34	140664	----a-r-	c:\users\Chaos\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\ARPPRODUCTICON.exe
2014-02-07 10:38 . 2014-03-12 17:49	2050560	----a-w-	c:\windows\system32\win32k.sys
2014-02-03 10:37 . 2014-03-12 17:49	505344	----a-w-	c:\windows\system32\qedit.dll
2014-01-30 07:46 . 2014-03-12 17:48	876032	----a-w-	c:\windows\system32\wer.dll
2014-01-24 23:19 . 2014-01-24 23:19	231960	----a-w-	c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Installer"="c:\program files\CheckPoint\Install\Launcher.exe" [2014-04-13 435848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe"  -osboot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLB7668738
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-08 21:45	1077576	----a-w-	c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-12 19:10]
.
2014-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-12 12:57]
.
2014-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-12 12:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ie_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ab05ecf424094889917629fe99e7a7a4_39_1006_20131019_DE_ie_sp_
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=026eb550-70ca-0627-a2c3-9e18f96de028&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/01/2014&type=hp1000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Chaos\AppData\Roaming\Mozilla\Firefox\Profiles\m44lhb7g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ab05ecf424094889917629fe99e7a7a4_39_1006_20131019_DE_ff_sp_
FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=de&gu=3116355a4a3d46799656bd523f45b98c&tu=10G9z00DR1D03M0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=3116355a4a3d46799656bd523f45b98c&tu=10G9z00DR1D03M0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 50dafc6500000000000000ff290e3ad9
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16173
FF - user.js: extensions.zonealarm.vrsn - 1.8.29.17
FF - user.js: extensions.zonealarm.vrsni - 1.8.29.17
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.29.1714:54
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - NewUSR
FF - user.js: extensions.zonealarm.tlbrId - HFA5
FF - user.js: extensions.zonealarm.instlRef - ZLN122667745103209-1001
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=de&gu=3116355a4a3d46799656bd523f45b98c&tu=10G9z00DR1D03M0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\Chaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Amazon Browser Settings - c:\program files\Amazon Browser Bar\uninstall.exe
AddRemove-Bochs 2.6.2 - c:\program files\Bochs-2.6.2\Uninstall.exe
AddRemove-Build and Shoot Launcher - c:\program files\Build and Shoot\uninst.exe
AddRemove-LUXOR Evolved - c:\program files\MumboJumbo\LUXOR Evolved\uninstall.exe
AddRemove-Myst Masterpiece Edition - c:\windows\IsUn0407.exe
AddRemove-Origin - c:\program files\Origin\OriginUninstall.exe
AddRemove-{7E265513-8CDA-4631-B696-F40D983F3B07}_is1 - c:\program files\CDBurnerXP\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-04-15 18:54
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-04-15  18:56:13
ComboFix-quarantined-files.txt  2014-04-15 16:56
.
Vor Suchlauf: 13 Verzeichnis(se), 52.543.275.008 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 52.937.965.568 Bytes frei
.
- - End Of File - - 9AAB0FDA03DDA6DB3CE86AB1CAAEF722
5C616939100B85E558DA92B899A0FC36

Grüsse,
Florian.K

Windows Vista SP2: Kein Zugriff mehr auf viele Programme.

Log-Analyse und Auswertung: Windows Vista SP2: Kein Zugriff mehr auf viele Programme.

Windows Vista SP2: Kein Zugriff mehr auf viele Programme.

Windows Vista SP2: Kein Zugriff mehr auf viele Programme.

Ähnliche Themen: Windows Vista SP2: Kein Zugriff mehr auf viele Programme.