|
Windowssystem blockiert Hilfe Hallo, habe auch nen Laptop der diese Problem hat hier wäre der Log von OTL Danke für eure Hilfe OTL logfile created on: 26.03.2012 23:48:06 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Bösl\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,96 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 74,55% Memory free 5,92 Gb Paging File | 5,20 Gb Available in Paging File | 87,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 211,89 Gb Total Space | 174,00 Gb Free Space | 82,12% Space Free | Partition Type: NTFS Drive D: | 19,53 Gb Total Space | 14,59 Gb Free Space | 74,70% Space Free | Partition Type: NTFS Computer Name: BÖSL-PC | User Name: Bösl | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.26 23:20:18 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Bösl\Desktop\OTL.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:14:21 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Programme\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009.08.07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.06.12 11:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2009.04.29 05:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) SRV - [2009.04.29 04:23:18 | 000,060,928 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\AzBusMon.exe -- (AzBusFixService) SRV - [2008.08.08 12:13:12 | 000,053,325 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2008.03.14 03:08:38 | 000,054,560 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC) SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen) DRV - [2010.03.05 12:21:30 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2009.11.25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2009.11.25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009.11.25 01:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009.11.20 12:12:52 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06000000}_0) DRV - [2009.09.14 20:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.13 20:30:22 | 001,168,880 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2009.07.10 00:44:50 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV - [2009.07.09 14:45:36 | 000,116,064 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2009.06.23 10:27:14 | 000,487,936 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009.05.14 02:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.04.29 05:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 34 6E D6 D6 BB CA 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {CB2779A8-A34C-45D4-B931-C9EA2F2628C1} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de IE - HKCU\..\SearchScopes\{917BE334-E281-4C70-BC11-659342E5676A}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms} IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{CB2779A8-A34C-45D4-B931-C9EA2F2628C1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO&o=101917&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=EV&apn_dtid=YYYYYYYYDE&apn_uid=CD49A675-2B21-4C2D-A1A8-FCA064010F50&apn_sauid=D4C32411-6A96-4E63-B3AA-0F4F641D8AD7 IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Programme\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.) O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O3 - HKLM\..\Toolbar: (Lenovo ThinkVantage Toolbox) - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Programme\PC-Doctor\ATLPcdToolbar544928.dll (PC-Doctor, Inc.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\\NeroCheck.exe () O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant Systems, Inc.) O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKCU..\Run: [{9061DB5E-5251-F873-DB6D-ECF66FE9F503}] C:\Users\Bösl\AppData\Roaming\Adex\xemoe.exe () O4 - HKCU..\Run: [SkypePM] C:\Users\Bösl\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation) O4 - Startup: C:\Users\Bösl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bösl\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1800C744-1002-4BF1-A4F5-AD43C049F04C}: DhcpNameServer = 192.168.2.10 O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc) O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Programme\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{39ee832d-719e-11df-9a49-00235a191967}\Shell - "" = AutoRun O33 - MountPoints2\{39ee832d-719e-11df-9a49-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{4944b514-de23-11e0-89d3-00235a191967}\Shell - "" = AutoRun O33 - MountPoints2\{4944b514-de23-11e0-89d3-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{752c11d7-2272-11e1-8908-00235a191967}\Shell - "" = AutoRun O33 - MountPoints2\{752c11d7-2272-11e1-8908-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{966c5a2c-642f-11df-86c4-00235a191967}\Shell - "" = AutoRun O33 - MountPoints2\{966c5a2c-642f-11df-86c4-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{966c5a32-642f-11df-86c4-00235a191967}\Shell - "" = AutoRun O33 - MountPoints2\{966c5a32-642f-11df-86c4-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{966c5a3e-642f-11df-86c4-00235a191967}\Shell - "" = AutoRun O33 - MountPoints2\{966c5a3e-642f-11df-86c4-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ad11a415-dd77-11e0-854f-00235a191967}\Shell - "" = AutoRun O33 - MountPoints2\{ad11a415-dd77-11e0-854f-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ad11a418-dd77-11e0-854f-00235a191967}\Shell - "" = AutoRun O33 - MountPoints2\{ad11a418-dd77-11e0-854f-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ad11a421-dd77-11e0-854f-00235a191967}\Shell - "" = AutoRun O33 - MountPoints2\{ad11a421-dd77-11e0-854f-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d18866f3-e3a1-11e0-b301-00235a191967}\Shell - "" = AutoRun O33 - MountPoints2\{d18866f3-e3a1-11e0-b301-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e33ca35d-3de2-11e0-8cee-00235a191967}\Shell - "" = AutoRun O33 - MountPoints2\{e33ca35d-3de2-11e0-8cee-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e33ca362-3de2-11e0-8cee-00235a191967}\Shell - "" = AutoRun O33 - MountPoints2\{e33ca362-3de2-11e0-8cee-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.26 23:47:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Bösl\Desktop\OTL.exe [2012.03.26 23:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2012.03.15 20:14:54 | 003,957,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.03.15 20:14:48 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.03.14 17:48:07 | 002,341,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.03.14 17:48:05 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.03.14 17:48:05 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.03.14 17:48:04 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.03.14 17:48:04 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.03.14 17:48:04 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.03.13 20:49:29 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012.03.13 20:49:29 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012.03.13 20:49:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012.03.13 20:46:51 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2012.03.06 22:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.03.06 22:04:44 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.26 23:44:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.26 23:44:37 | 2384,904,192 | -HS- | M] () -- C:\hiberfil.sys [2012.03.26 23:43:27 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.26 23:34:20 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.26 23:34:20 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.26 23:34:20 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.26 23:34:20 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.26 23:20:18 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Bösl\Desktop\OTL.exe [2012.03.26 23:09:21 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.26 23:09:21 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.25 19:42:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.22 22:02:55 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.03.17 19:39:30 | 000,318,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.12 21:13:56 | 000,002,664 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2012.03.06 22:04:44 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.12 21:13:56 | 000,002,664 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2010.12.25 13:55:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.12.25 13:55:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.12.25 13:55:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.12.25 13:55:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.12.25 13:55:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.12.25 13:55:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.12.25 13:55:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.12.25 13:55:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.12.25 13:55:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.12.25 13:55:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.12.25 13:55:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.12.25 13:55:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.12.25 13:55:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.12.25 13:55:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.12.25 13:55:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.12.25 13:55:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.12.25 13:55:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.12.25 13:55:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.12.25 13:55:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.12.13 19:23:04 | 000,003,584 | ---- | C] () -- C:\Users\Bösl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.04.01 20:19:04 | 000,001,259 | ---- | C] () -- C:\Windows\eReg.dat ========== LOP Check ========== [2011.12.19 16:28:09 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\Adex [2012.03.24 13:15:51 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\Atah [2010.03.04 22:42:58 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\Canneverbe Limited [2010.03.04 22:26:18 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\Downloaded Installations [2011.09.13 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\DVDVideoSoft [2011.07.03 15:14:00 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.05 09:32:24 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\InterVideo [2010.03.13 17:38:59 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\OpenOffice.org [2012.02.07 22:47:49 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\TuneUp Software [2010.03.05 11:09:26 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\Ulead Systems [2010.03.05 12:29:16 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012.02.18 20:10:33 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.03.22 22:02:55 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== < End of report > |
Hi, Fix für OTL:
Code:
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. chris |
Danke hat alles super geklappt :) |
Hi, poste bitte noch das Fix-LOG von OTL und das MAM-Log... chris |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 22:43 Uhr. |
Copyright ©2000-2025, Trojaner-Board