| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Aus Sicherheitsgründen wurde ihr WIndows System blockiert"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
21.12.2011, 22:11
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.12.2011, 22:54
| #2 |
 | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" GMER Logfile:
__________________Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-21 22:52:00
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB01
Running: 9hxl35o9[1].exe; Driver: C:\Users\Gini\AppData\Local\Temp\kxldqpod.sys
---- System - GMER 1.0.15 ----
SSDT 91E6E5F6 ZwCreateSection
SSDT 91E6E5FB ZwSetContextThread
SSDT 91E6E597 ZwTerminateProcess
INT 0x61 ? 9056D7D0
INT 0x62 ? 905547D0
INT 0x71 ? 9056DA50
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 832E1998 4 Bytes [F6, E5, E6, 91] {MUL CH; OUT 0x91, AL}
.text ntkrnlpa.exe!KeSetEvent + 56D 832E1CF0 4 Bytes [FB, E5, E6, 91] {STI ; IN EAX, 0xe6; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 621 832E1DA4 4 Bytes [97, E5, E6, 91] {XCHG EDI, EAX; IN EAX, 0xe6; XCHG ECX, EAX}
.text PCIIDEX.SYS!AtaPortTraceNotification + C1 80784D65 4 Bytes JMP 85D21FFC
.text PCIIDEX.SYS!AtaPortTraceNotification + 1A4 80784E48 4 Bytes JMP 85D21FFC
.text PCIIDEX.SYS!AtaPortTraceNotification + 1EB 80784E8F 4 Bytes JMP 85D21FFC
.text PCIIDEX.SYS!AtaPortGetScatterGatherList + 21F 8078511B 4 Bytes JMP 85D21FFC
.text PCIIDEX.SYS!AtaPortGetScatterGatherList + 321 8078521D 4 Bytes JMP 85D21FFC
.text PCIIDEX.SYS!AtaPortGetScatterGatherList + 3EB 807852E7 4 Bytes JMP 85D21FFC
.text PCIIDEX.SYS!AtaPortGetScatterGatherList + 433 8078532F 4 Bytes JMP 85D21FFC
.text PCIIDEX.SYS!AtaPortGetScatterGatherList + 560 8078545C 4 Bytes JMP 85D21FFC
.text iaStor.sys 88C0BC5E 4 Bytes JMP 86F2F42C
.text iaStor.sys 88C0BD38 4 Bytes JMP 86F2F42C
.text iaStor.sys 88C0C694 4 Bytes JMP 86F48114
.text iaStor.sys 88C0C9AB 4 Bytes JMP 86F48114
.text iaStor.sys 88C2ECFE 4 Bytes JMP 86F2F42C
.text ...
.text ataport.SYS!DllInitialize 88CDA09B 4 Bytes JMP 86EACAAC
.text ataport.SYS!DllInitialize 88CDAFC0 4 Bytes JMP 86EEB72C
.text ataport.SYS!DllInitialize 88CDB260 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortTraceNotification + C1 88CDCDC7 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortTraceNotification + 1A4 88CDCEAA 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortTraceNotification + 1EB 88CDCEF1 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortGetScatterGatherList + 21F 88CDD20F 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortGetScatterGatherList + 321 88CDD311 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortGetScatterGatherList + 3EB 88CDD3DB 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortGetScatterGatherList + 433 88CDD423 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortGetScatterGatherList + 560 88CDD550 4 Bytes JMP 86EEB72C
.text ...
.text ataport.SYS!AtaPortInitialize + 89B 88CDE357 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortInitialize + 2C49 88CE0705 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortInitialize + 31A7 88CE0C63 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortInitialize + 36F9 88CE11B5 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortInitialize + 3A84 88CE1540 4 Bytes JMP 86EACAAC
.text CLASSPNP.SYS!ClassReleaseRemoveLock + 37C8 893A17EE 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassResetMediaChangeTimer + 936 893A24E3 4 Bytes JMP 856A7114
.text CLASSPNP.SYS!ClassResetMediaChangeTimer + D08 893A28B5 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassResetMediaChangeTimer + E33 893A29E0 4 Bytes JMP 86F6E14C
.text CLASSPNP.SYS!ClassResetMediaChangeTimer + EBC 893A2A69 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassCompleteRequest + D 893A2D5B 4 Bytes JMP 86F9B564
.text CLASSPNP.SYS!ClassDeviceControl + 2D6 893A31FF 4 Bytes JMP 86F9B564
.text CLASSPNP.SYS!ClassDeviceControl + 71E 893A3647 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassDeviceControl + CA1 893A3BCA 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassSignalCompletion + 69 893A3D52 4 Bytes JMP 856A7114
.text CLASSPNP.SYS!ClassSendSrbSynchronous + 1E7 893A41BF 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassIoComplete + 2D4 893A4698 4 Bytes JMP 856A7114
.text CLASSPNP.SYS!ClassReleaseQueue + 10C 893A638C 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassSendIrpSynchronous + 3A 893A66DF 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassNotifyFailurePredicted + 27D 893A82C3 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassNotifyFailurePredicted + 30F 893A8355 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassInternalIoControl + 87 893A88C5 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassReleaseChildLock + 1B5 893A8B33 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassReleaseChildLock + 30E 893A8C8C 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassSendStartUnit + CB 893A8FDD 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassSendSrbAsynchronous + 140 893A91BA 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassWmiFireEvent + 27D 893A944C 4 Bytes JMP 86F9B564
.text CLASSPNP.SYS!ClassWmiFireEvent + 826 893A99F5 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassWmiFireEvent + 906 893A9AD5 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassWmiFireEvent + DCD 893A9F9C 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassWmiFireEvent + 1257 893AA426 4 Bytes JMP 86EBA804
.text ...
.text CLASSPNP.SYS!ClassIoCompleteAssociated + 29B 893ABD68 4 Bytes JMP 856A7114
.text CLASSPNP.SYS!ClassDebugPrint + 1365 893AD1DC 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassDebugPrint + 13FB 893AD272 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassDebugPrint + 145D 893AD2D4 4 Bytes JMP 86F9B564
.text CLASSPNP.SYS!ClassDebugPrint + 1506 893AD37D 4 Bytes JMP 86F9B564
.text CLASSPNP.SYS!ClassDebugPrint + 1572 893AD3E9 4 Bytes JMP 86F9B564
.text ...
.text storport.sys!StorPortExtendedFunction 8DBA1043 4 Bytes JMP 86F9E60C
.text storport.sys!StorPortMoveMemory + 5F 8DBA1A4F 4 Bytes JMP 86F3CADC
.text storport.sys!DllInitialize + 17D7 8DBA3E9E 4 Bytes JMP 86F3CADC
.text storport.sys!DllInitialize + 27C1 8DBA4E88 4 Bytes JMP 86F3CADC
.text storport.sys!StorPortExtendedFunction + 29C7 8DBAEA83 4 Bytes JMP 86F3CADC
.text storport.sys!StorPortExtendedFunction + 2C20 8DBAECDC 4 Bytes JMP 86F3CADC
.text storport.sys!StorPortExtendedFunction + 2CE7 8DBAEDA3 4 Bytes JMP 86F3CADC
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xA360B400, 0x6E292, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA3695420] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA3695420]
.protectÿÿÿÿhardlockunknown last code section [0xA3695200, 0x511A, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xA3695200, 0x511A, 0xE0000020]
? system32\drivers\99111928.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\Gini\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\tdx.sys[TDI.SYS!TdiRegisterDeviceObject] [893C7D56] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\smb.sys[TDI.SYS!TdiRegisterDeviceObject] [893C7D56] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [893C7D56] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.sys
Device \Driver\20499141 \Device\KLMD14092011_206080 99111928.sys
Device \Driver\BTHUSB \Device\0000007a bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000007c bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37e47c73
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37e47c73@9021559659cd 0xD3 0x3F 0x57 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37e47c73 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37e47c73@9021559659cd 0xD3 0x3F 0x57 0x4A ...
---- EOF - GMER 1.0.15 ----
Rest kommt "gleich"  |
|
21.12.2011, 23:02
| #3 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" OSAM Logfile:
__________________Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:01:21 on 21.12.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl "TSSMPM" - "Teleca Sweden AB" - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tssmpm.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "as6eio" (as6eio) - ? - C:\Windows\System32\drivers\as6eio.sys (File not found) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys "Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys "catchme" (catchme) - ? - C:\Users\Gini\AppData\Local\Temp\catchme.sys (File not found) "cdrblock" (cdrblock) - "Canopus Co,. Ltd." - C:\Windows\System32\DRIVERS\cdrblock.sys "ICatch (VI) PC Camera" (CA561) - ? - C:\Windows\System32\Drivers\SPCA561.SYS (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kxldqpod" (kxldqpod) - ? - C:\Users\Gini\AppData\Local\Temp\kxldqpod.sys (Hidden registry entry, rootkit activity | File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys (File not found) "Trust Flat Scan USB 19200" (GT680x) - " " - C:\Windows\System32\Drivers\Tr11691g.SYS [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {4871A87A-BFDD-4106-8153-FFDE2BAC2967} "DLM Control" - "Akamai Technologies, Inc." - C:\Windows\DOWNLO~1\DOWNLO~1.OCX / hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10c.ocx / https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Gini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "MCtlSvc.lnk" - "ZTE" - C:\Program Files\T-Mobile\InternetManager_Z\Bin\mcserver.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "HPAdvisor" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe "HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe "hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "Mobile Connectivity Suite" - "Teleca Sweden AB" - "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions "OnScreenDisplay" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe "QlbCtrl" - " Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" "WAWifiMessage" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Com4Qlb" (Com4Qlb) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe "GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe "HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "QuickPlay Background Capture Service (QBCS)" (QPCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe "QuickPlay Task Scheduler (QTS)" (QPSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
22.12.2011, 00:22
| #4 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software Run date: 2011-12-21 23:03:55 ----------------------------- 23:03:55.038 OS Version: Windows 6.0.6002 Service Pack 2 23:03:55.038 Number of processors: 2 586 0x1706 23:03:55.039 ComputerName: GINI-PC UserName: Gini 23:03:56.728 Initialize success 23:05:35.112 AVAST engine defs: 11122102 23:06:40.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 23:06:40.050 Disk 0 Vendor: TOSHIBA_ LB01 Size: 238475MB BusType: 3 23:06:42.560 Disk 0 MBR read successfully 23:06:42.563 Disk 0 MBR scan 23:06:42.581 Disk 0 unknown MBR code 23:06:42.632 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226510 MB offset 63 23:06:42.780 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11962 MB offset 463892940 23:06:43.078 Disk 0 scanning sectors +488392065 23:06:43.553 Disk 0 scanning C:\Windows\system32\drivers 23:08:22.479 Service scanning 23:08:24.434 Modules scanning 23:10:35.410 Disk 0 trace - called modules: 23:10:35.489 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86eba6f8]<< 23:10:35.493 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86974478] 23:10:36.571 AVAST engine scan C:\Windows 23:12:56.579 AVAST engine scan C:\Windows\system32 23:21:55.110 AVAST engine scan C:\Windows\system32\drivers 23:22:48.500 AVAST engine scan C:\Users\Gini 23:59:13.280 AVAST engine scan C:\ProgramData 00:20:34.722 Scan finished successfully 00:20:55.299 Disk 0 MBR has been saved successfully to "C:\Users\Gini\Desktop\MBR.dat" 00:20:55.316 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt" |
|
| Themen zu "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" |
| aus sicherheitsgründen, blockiert, hoffe, log, sicherheitsgründe, sicherheitsgründen, system, system blockiert, windows, windows system, windows system blockiert, wurde ihr |
Hybrid-Darstellung
