Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windowssystem blockiert Hilfe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.03.2012, 22:53   #1
BergF01
 
Windowssystem blockiert Hilfe - Standard

Windowssystem blockiert Hilfe



Hallo, habe auch nen Laptop der diese Problem hat hier wäre der Log von OTL
Danke für eure Hilfe

OTL logfile created on: 26.03.2012 23:48:06 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Bösl\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,96 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 74,55% Memory free
5,92 Gb Paging File | 5,20 Gb Available in Paging File | 87,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 211,89 Gb Total Space | 174,00 Gb Free Space | 82,12% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 14,59 Gb Free Space | 74,70% Space Free | Partition Type: NTFS

Computer Name: BÖSL-PC | User Name: Bösl | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.03.26 23:20:18 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Bösl\Desktop\OTL.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:21 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Programme\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.08.07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.06.12 11:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.04.29 05:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009.04.29 04:23:18 | 000,060,928 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\AzBusMon.exe -- (AzBusFixService)
SRV - [2008.08.08 12:13:12 | 000,053,325 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2008.03.14 03:08:38 | 000,054,560 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)
SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
DRV - [2010.03.05 12:21:30 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009.11.25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 01:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.20 12:12:52 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06000000}_0)
DRV - [2009.09.14 20:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.13 20:30:22 | 001,168,880 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009.07.10 00:44:50 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009.07.09 14:45:36 | 000,116,064 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009.06.23 10:27:14 | 000,487,936 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.05.14 02:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.04.29 05:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 34 6E D6 D6 BB CA 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {CB2779A8-A34C-45D4-B931-C9EA2F2628C1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKCU\..\SearchScopes\{917BE334-E281-4C70-BC11-659342E5676A}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{CB2779A8-A34C-45D4-B931-C9EA2F2628C1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO&o=101917&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=EV&apn_dtid=YYYYYYYYDE&apn_uid=CD49A675-2B21-4C2D-A1A8-FCA064010F50&apn_sauid=D4C32411-6A96-4E63-B3AA-0F4F641D8AD7
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Programme\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
O3 - HKLM\..\Toolbar: (Lenovo ThinkVantage Toolbox) - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Programme\PC-Doctor\ATLPcdToolbar544928.dll (PC-Doctor, Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant Systems, Inc.)
O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [{9061DB5E-5251-F873-DB6D-ECF66FE9F503}] C:\Users\Bösl\AppData\Roaming\Adex\xemoe.exe ()
O4 - HKCU..\Run: [SkypePM] C:\Users\Bösl\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Bösl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bösl\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1800C744-1002-4BF1-A4F5-AD43C049F04C}: DhcpNameServer = 192.168.2.10
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Programme\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{39ee832d-719e-11df-9a49-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{39ee832d-719e-11df-9a49-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4944b514-de23-11e0-89d3-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{4944b514-de23-11e0-89d3-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{752c11d7-2272-11e1-8908-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{752c11d7-2272-11e1-8908-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{966c5a2c-642f-11df-86c4-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{966c5a2c-642f-11df-86c4-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{966c5a32-642f-11df-86c4-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{966c5a32-642f-11df-86c4-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{966c5a3e-642f-11df-86c4-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{966c5a3e-642f-11df-86c4-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ad11a415-dd77-11e0-854f-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{ad11a415-dd77-11e0-854f-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ad11a418-dd77-11e0-854f-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{ad11a418-dd77-11e0-854f-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ad11a421-dd77-11e0-854f-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{ad11a421-dd77-11e0-854f-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d18866f3-e3a1-11e0-b301-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{d18866f3-e3a1-11e0-b301-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e33ca35d-3de2-11e0-8cee-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{e33ca35d-3de2-11e0-8cee-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e33ca362-3de2-11e0-8cee-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{e33ca362-3de2-11e0-8cee-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.03.26 23:47:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Bösl\Desktop\OTL.exe
[2012.03.26 23:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.03.15 20:14:54 | 003,957,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.03.15 20:14:48 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.03.14 17:48:07 | 002,341,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.14 17:48:05 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.14 17:48:05 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.03.14 17:48:04 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.03.14 17:48:04 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.03.14 17:48:04 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.03.13 20:49:29 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.03.13 20:49:29 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.03.13 20:49:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.03.13 20:46:51 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.03.06 22:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.03.06 22:04:44 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.03.26 23:44:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.26 23:44:37 | 2384,904,192 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.26 23:43:27 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.26 23:34:20 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.26 23:34:20 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.26 23:34:20 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.26 23:34:20 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.26 23:20:18 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Bösl\Desktop\OTL.exe
[2012.03.26 23:09:21 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.26 23:09:21 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 19:42:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.22 22:02:55 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.03.17 19:39:30 | 000,318,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.12 21:13:56 | 000,002,664 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012.03.06 22:04:44 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.03.12 21:13:56 | 000,002,664 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010.12.25 13:55:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.12.25 13:55:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.12.25 13:55:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.12.25 13:55:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.12.25 13:55:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.12.25 13:55:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.12.25 13:55:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.12.25 13:55:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.12.25 13:55:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.12.25 13:55:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.12.25 13:55:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.12.25 13:55:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.12.25 13:55:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.12.25 13:55:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.12.25 13:55:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.12.25 13:55:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.12.25 13:55:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.12.25 13:55:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.12.25 13:55:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.12.13 19:23:04 | 000,003,584 | ---- | C] () -- C:\Users\Bösl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.04.01 20:19:04 | 000,001,259 | ---- | C] () -- C:\Windows\eReg.dat

========== LOP Check ==========

[2011.12.19 16:28:09 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\Adex
[2012.03.24 13:15:51 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\Atah
[2010.03.04 22:42:58 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\Canneverbe Limited
[2010.03.04 22:26:18 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\Downloaded Installations
[2011.09.13 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\DVDVideoSoft
[2011.07.03 15:14:00 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.05 09:32:24 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\InterVideo
[2010.03.13 17:38:59 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\OpenOffice.org
[2012.02.07 22:47:49 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\TuneUp Software
[2010.03.05 11:09:26 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\Ulead Systems
[2010.03.05 12:29:16 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.02.18 20:10:33 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.22 22:02:55 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >

Alt 27.03.2012, 06:51   #2
Chris4You
 
Windowssystem blockiert Hilfe - Standard

Windowssystem blockiert Hilfe



Hi,


Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [{9061DB5E-5251-F873-DB6D-ECF66FE9F503}] C:\Users\Bösl\AppData\Roaming\Adex\xemoe.exe ()
O4 - HKCU..\Run: [SkypePM] C:\Users\Bösl\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation)
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{39ee832d-719e-11df-9a49-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{39ee832d-719e-11df-9a49-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4944b514-de23-11e0-89d3-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{4944b514-de23-11e0-89d3-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{752c11d7-2272-11e1-8908-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{752c11d7-2272-11e1-8908-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{966c5a2c-642f-11df-86c4-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{966c5a2c-642f-11df-86c4-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{966c5a32-642f-11df-86c4-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{966c5a32-642f-11df-86c4-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{966c5a3e-642f-11df-86c4-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{966c5a3e-642f-11df-86c4-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ad11a415-dd77-11e0-854f-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{ad11a415-dd77-11e0-854f-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ad11a418-dd77-11e0-854f-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{ad11a418-dd77-11e0-854f-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ad11a421-dd77-11e0-854f-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{ad11a421-dd77-11e0-854f-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d18866f3-e3a1-11e0-b301-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{d18866f3-e3a1-11e0-b301-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e33ca35d-3de2-11e0-8cee-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{e33ca35d-3de2-11e0-8cee-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e33ca362-3de2-11e0-8cee-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{e33ca362-3de2-11e0-8cee-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
[2012.03.24 13:15:51 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\A

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris
__________________

__________________

Alt 27.03.2012, 10:37   #3
BergF01
 
Windowssystem blockiert Hilfe - Standard

Windowssystem blockiert Hilfe



Danke hat alles super geklappt
__________________

Alt 27.03.2012, 11:06   #4
Chris4You
 
Windowssystem blockiert Hilfe - Standard

Windowssystem blockiert Hilfe



Hi,

poste bitte noch das Fix-LOG von OTL und das MAM-Log...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu Windowssystem blockiert Hilfe
antivirus, avast, bho, blockiert, bonjour, conduit, converter, defender, error, explorer, firefox, format, home, langs, lenovo, log, logfile, microsoft, monitor, monitor.exe, mp3, plug-in, problem, programme, registry, scan, searchscopes, software, staropen, windows, wmp



Ähnliche Themen: Windowssystem blockiert Hilfe


  1. Ihr Windowssystem wurde blockiert. Herunterladen und Bezahlen. Hilfe
    Log-Analyse und Auswertung - 11.03.2012 (9)
  2. Ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 02.03.2012 (10)
  3. Windowssystem blockiert !
    Log-Analyse und Auswertung - 29.02.2012 (13)
  4. Windowssystem (Win 7) blockiert 50€
    Log-Analyse und Auswertung - 18.02.2012 (4)
  5. Windowssystem blockiert!
    Log-Analyse und Auswertung - 13.02.2012 (3)
  6. Windowssystem blockiert!
    Log-Analyse und Auswertung - 11.02.2012 (1)
  7. Windowssystem blockiert
    Log-Analyse und Auswertung - 09.02.2012 (9)
  8. Windowssystem blockiert...
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (13)
  9. Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 06.02.2012 (3)
  10. "Windowssystem blockiert 50 Euro für bereinigung", brauche Hilfe!
    Log-Analyse und Auswertung - 04.02.2012 (5)
  11. Windows 7 blockiert! Achtung! "Aus Sicherheitsgründen wurde ihr windowssystem blockiert"
    Log-Analyse und Auswertung - 17.01.2012 (8)
  12. Windowssystem blockiert
    Log-Analyse und Auswertung - 12.01.2012 (21)
  13. Trojaner: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert (Bitte um Hilfe)
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (1)
  14. Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (1)
  15. Windowssystem Blockiert ...
    Log-Analyse und Auswertung - 19.12.2011 (2)
  16. Windowssystem blockiert... -.-
    Alles rund um Windows - 16.12.2011 (3)
  17. roter Bildschirm "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" Hilfe
    Plagegeister aller Art und deren Bekämpfung - 01.12.2011 (18)

Zum Thema Windowssystem blockiert Hilfe - Hallo, habe auch nen Laptop der diese Problem hat hier wäre der Log von OTL Danke für eure Hilfe OTL logfile created on: 26.03.2012 23:48:06 - Run 1 OTL by - Windowssystem blockiert Hilfe...
Archiv
Du betrachtest: Windowssystem blockiert Hilfe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.