| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Aus Sicherheitsgründen wurde ihr WIndows System blockiert"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.12.2011, 22:11
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.12.2011, 22:54
| #17 |
 | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" GMER Logfile:
__________________Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-21 22:52:00
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB01
Running: 9hxl35o9[1].exe; Driver: C:\Users\Gini\AppData\Local\Temp\kxldqpod.sys
---- System - GMER 1.0.15 ----
SSDT 91E6E5F6 ZwCreateSection
SSDT 91E6E5FB ZwSetContextThread
SSDT 91E6E597 ZwTerminateProcess
INT 0x61 ? 9056D7D0
INT 0x62 ? 905547D0
INT 0x71 ? 9056DA50
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 832E1998 4 Bytes [F6, E5, E6, 91] {MUL CH; OUT 0x91, AL}
.text ntkrnlpa.exe!KeSetEvent + 56D 832E1CF0 4 Bytes [FB, E5, E6, 91] {STI ; IN EAX, 0xe6; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 621 832E1DA4 4 Bytes [97, E5, E6, 91] {XCHG EDI, EAX; IN EAX, 0xe6; XCHG ECX, EAX}
.text PCIIDEX.SYS!AtaPortTraceNotification + C1 80784D65 4 Bytes JMP 85D21FFC
.text PCIIDEX.SYS!AtaPortTraceNotification + 1A4 80784E48 4 Bytes JMP 85D21FFC
.text PCIIDEX.SYS!AtaPortTraceNotification + 1EB 80784E8F 4 Bytes JMP 85D21FFC
.text PCIIDEX.SYS!AtaPortGetScatterGatherList + 21F 8078511B 4 Bytes JMP 85D21FFC
.text PCIIDEX.SYS!AtaPortGetScatterGatherList + 321 8078521D 4 Bytes JMP 85D21FFC
.text PCIIDEX.SYS!AtaPortGetScatterGatherList + 3EB 807852E7 4 Bytes JMP 85D21FFC
.text PCIIDEX.SYS!AtaPortGetScatterGatherList + 433 8078532F 4 Bytes JMP 85D21FFC
.text PCIIDEX.SYS!AtaPortGetScatterGatherList + 560 8078545C 4 Bytes JMP 85D21FFC
.text iaStor.sys 88C0BC5E 4 Bytes JMP 86F2F42C
.text iaStor.sys 88C0BD38 4 Bytes JMP 86F2F42C
.text iaStor.sys 88C0C694 4 Bytes JMP 86F48114
.text iaStor.sys 88C0C9AB 4 Bytes JMP 86F48114
.text iaStor.sys 88C2ECFE 4 Bytes JMP 86F2F42C
.text ...
.text ataport.SYS!DllInitialize 88CDA09B 4 Bytes JMP 86EACAAC
.text ataport.SYS!DllInitialize 88CDAFC0 4 Bytes JMP 86EEB72C
.text ataport.SYS!DllInitialize 88CDB260 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortTraceNotification + C1 88CDCDC7 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortTraceNotification + 1A4 88CDCEAA 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortTraceNotification + 1EB 88CDCEF1 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortGetScatterGatherList + 21F 88CDD20F 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortGetScatterGatherList + 321 88CDD311 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortGetScatterGatherList + 3EB 88CDD3DB 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortGetScatterGatherList + 433 88CDD423 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortGetScatterGatherList + 560 88CDD550 4 Bytes JMP 86EEB72C
.text ...
.text ataport.SYS!AtaPortInitialize + 89B 88CDE357 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortInitialize + 2C49 88CE0705 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortInitialize + 31A7 88CE0C63 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortInitialize + 36F9 88CE11B5 4 Bytes JMP 86EEB72C
.text ataport.SYS!AtaPortInitialize + 3A84 88CE1540 4 Bytes JMP 86EACAAC
.text CLASSPNP.SYS!ClassReleaseRemoveLock + 37C8 893A17EE 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassResetMediaChangeTimer + 936 893A24E3 4 Bytes JMP 856A7114
.text CLASSPNP.SYS!ClassResetMediaChangeTimer + D08 893A28B5 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassResetMediaChangeTimer + E33 893A29E0 4 Bytes JMP 86F6E14C
.text CLASSPNP.SYS!ClassResetMediaChangeTimer + EBC 893A2A69 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassCompleteRequest + D 893A2D5B 4 Bytes JMP 86F9B564
.text CLASSPNP.SYS!ClassDeviceControl + 2D6 893A31FF 4 Bytes JMP 86F9B564
.text CLASSPNP.SYS!ClassDeviceControl + 71E 893A3647 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassDeviceControl + CA1 893A3BCA 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassSignalCompletion + 69 893A3D52 4 Bytes JMP 856A7114
.text CLASSPNP.SYS!ClassSendSrbSynchronous + 1E7 893A41BF 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassIoComplete + 2D4 893A4698 4 Bytes JMP 856A7114
.text CLASSPNP.SYS!ClassReleaseQueue + 10C 893A638C 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassSendIrpSynchronous + 3A 893A66DF 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassNotifyFailurePredicted + 27D 893A82C3 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassNotifyFailurePredicted + 30F 893A8355 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassInternalIoControl + 87 893A88C5 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassReleaseChildLock + 1B5 893A8B33 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassReleaseChildLock + 30E 893A8C8C 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassSendStartUnit + CB 893A8FDD 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassSendSrbAsynchronous + 140 893A91BA 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassWmiFireEvent + 27D 893A944C 4 Bytes JMP 86F9B564
.text CLASSPNP.SYS!ClassWmiFireEvent + 826 893A99F5 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassWmiFireEvent + 906 893A9AD5 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassWmiFireEvent + DCD 893A9F9C 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassWmiFireEvent + 1257 893AA426 4 Bytes JMP 86EBA804
.text ...
.text CLASSPNP.SYS!ClassIoCompleteAssociated + 29B 893ABD68 4 Bytes JMP 856A7114
.text CLASSPNP.SYS!ClassDebugPrint + 1365 893AD1DC 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassDebugPrint + 13FB 893AD272 4 Bytes JMP 86EBA804
.text CLASSPNP.SYS!ClassDebugPrint + 145D 893AD2D4 4 Bytes JMP 86F9B564
.text CLASSPNP.SYS!ClassDebugPrint + 1506 893AD37D 4 Bytes JMP 86F9B564
.text CLASSPNP.SYS!ClassDebugPrint + 1572 893AD3E9 4 Bytes JMP 86F9B564
.text ...
.text storport.sys!StorPortExtendedFunction 8DBA1043 4 Bytes JMP 86F9E60C
.text storport.sys!StorPortMoveMemory + 5F 8DBA1A4F 4 Bytes JMP 86F3CADC
.text storport.sys!DllInitialize + 17D7 8DBA3E9E 4 Bytes JMP 86F3CADC
.text storport.sys!DllInitialize + 27C1 8DBA4E88 4 Bytes JMP 86F3CADC
.text storport.sys!StorPortExtendedFunction + 29C7 8DBAEA83 4 Bytes JMP 86F3CADC
.text storport.sys!StorPortExtendedFunction + 2C20 8DBAECDC 4 Bytes JMP 86F3CADC
.text storport.sys!StorPortExtendedFunction + 2CE7 8DBAEDA3 4 Bytes JMP 86F3CADC
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xA360B400, 0x6E292, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA3695420] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA3695420]
.protectÿÿÿÿhardlockunknown last code section [0xA3695200, 0x511A, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xA3695200, 0x511A, 0xE0000020]
? system32\drivers\99111928.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\Gini\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\tdx.sys[TDI.SYS!TdiRegisterDeviceObject] [893C7D56] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\smb.sys[TDI.SYS!TdiRegisterDeviceObject] [893C7D56] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [893C7D56] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.sys
Device \Driver\20499141 \Device\KLMD14092011_206080 99111928.sys
Device \Driver\BTHUSB \Device\0000007a bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000007c bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37e47c73
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37e47c73@9021559659cd 0xD3 0x3F 0x57 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37e47c73 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37e47c73@9021559659cd 0xD3 0x3F 0x57 0x4A ...
---- EOF - GMER 1.0.15 ----
Rest kommt "gleich"  |
|
21.12.2011, 23:02
| #18 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" OSAM Logfile:
__________________Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:01:21 on 21.12.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl "TSSMPM" - "Teleca Sweden AB" - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tssmpm.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "as6eio" (as6eio) - ? - C:\Windows\System32\drivers\as6eio.sys (File not found) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys "Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys "catchme" (catchme) - ? - C:\Users\Gini\AppData\Local\Temp\catchme.sys (File not found) "cdrblock" (cdrblock) - "Canopus Co,. Ltd." - C:\Windows\System32\DRIVERS\cdrblock.sys "ICatch (VI) PC Camera" (CA561) - ? - C:\Windows\System32\Drivers\SPCA561.SYS (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kxldqpod" (kxldqpod) - ? - C:\Users\Gini\AppData\Local\Temp\kxldqpod.sys (Hidden registry entry, rootkit activity | File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys (File not found) "Trust Flat Scan USB 19200" (GT680x) - " " - C:\Windows\System32\Drivers\Tr11691g.SYS [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {4871A87A-BFDD-4106-8153-FFDE2BAC2967} "DLM Control" - "Akamai Technologies, Inc." - C:\Windows\DOWNLO~1\DOWNLO~1.OCX / hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10c.ocx / https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Gini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "MCtlSvc.lnk" - "ZTE" - C:\Program Files\T-Mobile\InternetManager_Z\Bin\mcserver.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "HPAdvisor" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe "HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe "hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "Mobile Connectivity Suite" - "Teleca Sweden AB" - "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions "OnScreenDisplay" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe "QlbCtrl" - " Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" "WAWifiMessage" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Com4Qlb" (Com4Qlb) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe "GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe "HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "QuickPlay Background Capture Service (QBCS)" (QPCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe "QuickPlay Task Scheduler (QTS)" (QPSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
22.12.2011, 00:22
| #19 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software Run date: 2011-12-21 23:03:55 ----------------------------- 23:03:55.038 OS Version: Windows 6.0.6002 Service Pack 2 23:03:55.038 Number of processors: 2 586 0x1706 23:03:55.039 ComputerName: GINI-PC UserName: Gini 23:03:56.728 Initialize success 23:05:35.112 AVAST engine defs: 11122102 23:06:40.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 23:06:40.050 Disk 0 Vendor: TOSHIBA_ LB01 Size: 238475MB BusType: 3 23:06:42.560 Disk 0 MBR read successfully 23:06:42.563 Disk 0 MBR scan 23:06:42.581 Disk 0 unknown MBR code 23:06:42.632 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226510 MB offset 63 23:06:42.780 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11962 MB offset 463892940 23:06:43.078 Disk 0 scanning sectors +488392065 23:06:43.553 Disk 0 scanning C:\Windows\system32\drivers 23:08:22.479 Service scanning 23:08:24.434 Modules scanning 23:10:35.410 Disk 0 trace - called modules: 23:10:35.489 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86eba6f8]<< 23:10:35.493 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86974478] 23:10:36.571 AVAST engine scan C:\Windows 23:12:56.579 AVAST engine scan C:\Windows\system32 23:21:55.110 AVAST engine scan C:\Windows\system32\drivers 23:22:48.500 AVAST engine scan C:\Users\Gini 23:59:13.280 AVAST engine scan C:\ProgramData 00:20:34.722 Scan finished successfully 00:20:55.299 Disk 0 MBR has been saved successfully to "C:\Users\Gini\Desktop\MBR.dat" 00:20:55.316 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt" |
|
22.12.2011, 13:42
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2011, 02:02
| #21 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Ich hoffe, dass ist das richtige was ich hier poste  aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software Run date: 2011-12-21 23:03:55 ----------------------------- 23:03:55.038 OS Version: Windows 6.0.6002 Service Pack 2 23:03:55.038 Number of processors: 2 586 0x1706 23:03:55.039 ComputerName: GINI-PC UserName: Gini 23:03:56.728 Initialize success 23:05:35.112 AVAST engine defs: 11122102 23:06:40.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 23:06:40.050 Disk 0 Vendor: TOSHIBA_ LB01 Size: 238475MB BusType: 3 23:06:42.560 Disk 0 MBR read successfully 23:06:42.563 Disk 0 MBR scan 23:06:42.581 Disk 0 unknown MBR code 23:06:42.632 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226510 MB offset 63 23:06:42.780 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11962 MB offset 463892940 23:06:43.078 Disk 0 scanning sectors +488392065 23:06:43.553 Disk 0 scanning C:\Windows\system32\drivers 23:08:22.479 Service scanning 23:08:24.434 Modules scanning 23:10:35.410 Disk 0 trace - called modules: 23:10:35.489 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86eba6f8]<< 23:10:35.493 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86974478] 23:10:36.571 AVAST engine scan C:\Windows 23:12:56.579 AVAST engine scan C:\Windows\system32 23:21:55.110 AVAST engine scan C:\Windows\system32\drivers 23:22:48.500 AVAST engine scan C:\Users\Gini 23:59:13.280 AVAST engine scan C:\ProgramData 00:20:34.722 Scan finished successfully 00:20:55.299 Disk 0 MBR has been saved successfully to "C:\Users\Gini\Desktop\MBR.dat" 00:20:55.316 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt" aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software Run date: 2011-12-22 15:12:53 ----------------------------- 15:12:53.170 OS Version: Windows 6.0.6002 Service Pack 2 15:12:53.171 Number of processors: 2 586 0x1706 15:12:53.172 ComputerName: GINI-PC UserName: Gini 15:12:54.234 Initialize success 15:12:58.873 AVAST engine defs: 11122102 15:13:17.139 Verifying 15:13:27.173 Disk 0 Windows 600 MBR fixed successfully 01:39:38.942 Disk 0 MBR has been saved successfully to "C:\Users\Gini\Desktop\MBR.dat" 01:39:38.994 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt" aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software Run date: 2011-12-23 01:57:00 ----------------------------- 01:57:00.324 OS Version: Windows 6.0.6002 Service Pack 2 01:57:00.324 Number of processors: 2 586 0x1706 01:57:00.325 ComputerName: GINI-PC UserName: Gini 01:57:41.360 Initialize success 02:00:24.491 AVAST engine defs: 11122201 02:00:38.241 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt" |
|
23.12.2011, 17:19
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Du solltest auch ein neues Log machen nach dem Fix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.12.2011, 01:19
| #23 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Ich bin verwirrt. Nachdem ich neu gestartet hatte bin ich auf "save log" gegangen... oder soll ich direkt ein neuen Scan machen? |
|
25.12.2011, 23:41
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Natürlich wird damit ein neuer Scan gemeint...der MBR soll sich ja hofffentlich auch signifikant zum Guten hin geändert haben und das muss man nunmal logischerweise auch komplett dann neu scannen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.12.2011, 01:24
| #25 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Kein Grund gleich so pampig zu werden. Es gibt nun mal Leute die nicht alltäglich damit zu tun habe. Und fragen wird ja noch erlaubt sein! aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software Run date: 2011-12-21 23:03:55 ----------------------------- 23:03:55.038 OS Version: Windows 6.0.6002 Service Pack 2 23:03:55.038 Number of processors: 2 586 0x1706 23:03:55.039 ComputerName: GINI-PC UserName: Gini 23:03:56.728 Initialize success 23:05:35.112 AVAST engine defs: 11122102 23:06:40.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 23:06:40.050 Disk 0 Vendor: TOSHIBA_ LB01 Size: 238475MB BusType: 3 23:06:42.560 Disk 0 MBR read successfully 23:06:42.563 Disk 0 MBR scan 23:06:42.581 Disk 0 unknown MBR code 23:06:42.632 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226510 MB offset 63 23:06:42.780 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11962 MB offset 463892940 23:06:43.078 Disk 0 scanning sectors +488392065 23:06:43.553 Disk 0 scanning C:\Windows\system32\drivers 23:08:22.479 Service scanning 23:08:24.434 Modules scanning 23:10:35.410 Disk 0 trace - called modules: 23:10:35.489 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86eba6f8]<< 23:10:35.493 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86974478] 23:10:36.571 AVAST engine scan C:\Windows 23:12:56.579 AVAST engine scan C:\Windows\system32 23:21:55.110 AVAST engine scan C:\Windows\system32\drivers 23:22:48.500 AVAST engine scan C:\Users\Gini 23:59:13.280 AVAST engine scan C:\ProgramData 00:20:34.722 Scan finished successfully 00:20:55.299 Disk 0 MBR has been saved successfully to "C:\Users\Gini\Desktop\MBR.dat" 00:20:55.316 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt" aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software Run date: 2011-12-22 15:12:53 ----------------------------- 15:12:53.170 OS Version: Windows 6.0.6002 Service Pack 2 15:12:53.171 Number of processors: 2 586 0x1706 15:12:53.172 ComputerName: GINI-PC UserName: Gini 15:12:54.234 Initialize success 15:12:58.873 AVAST engine defs: 11122102 15:13:17.139 Verifying 15:13:27.173 Disk 0 Windows 600 MBR fixed successfully 01:39:38.942 Disk 0 MBR has been saved successfully to "C:\Users\Gini\Desktop\MBR.dat" 01:39:38.994 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt" aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software Run date: 2011-12-23 01:57:00 ----------------------------- 01:57:00.324 OS Version: Windows 6.0.6002 Service Pack 2 01:57:00.324 Number of processors: 2 586 0x1706 01:57:00.325 ComputerName: GINI-PC UserName: Gini 01:57:41.360 Initialize success 02:00:24.491 AVAST engine defs: 11122201 02:00:38.241 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt" aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software Run date: 2011-12-26 00:19:32 ----------------------------- 00:19:32.445 OS Version: Windows 6.0.6002 Service Pack 2 00:19:32.446 Number of processors: 2 586 0x1706 00:19:32.447 ComputerName: GINI-PC UserName: Gini 00:19:36.508 Initialize success 00:19:48.691 AVAST engine defs: 11122501 00:20:01.819 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt" aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software Run date: 2011-12-26 00:19:32 ----------------------------- 00:19:32.445 OS Version: Windows 6.0.6002 Service Pack 2 00:19:32.446 Number of processors: 2 586 0x1706 00:19:32.447 ComputerName: GINI-PC UserName: Gini 00:19:36.508 Initialize success 00:19:48.691 AVAST engine defs: 11122501 00:20:01.819 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt" 00:20:20.541 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 00:20:20.543 Disk 0 Vendor: TOSHIBA_ LB01 Size: 238475MB BusType: 3 00:20:20.549 Disk 0 MBR read successfully 00:20:20.551 Disk 0 MBR scan 00:20:20.599 Disk 0 Windows VISTA default MBR code 00:20:20.602 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226510 MB offset 63 00:20:20.634 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11962 MB offset 463892940 00:20:20.653 Disk 0 scanning sectors +488392065 00:20:20.757 Disk 0 scanning C:\Windows\system32\drivers 00:20:48.515 Service scanning 00:20:50.882 Modules scanning 00:21:18.588 Disk 0 trace - called modules: 00:21:18.650 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 00:21:18.655 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86961288] 00:21:18.659 3 CLASSPNP.SYS[893a48b3] -> nt!IofCallDriver -> [0x85e17798] 00:21:18.664 5 acpi.sys[8069e6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85e1d030] 00:21:20.477 AVAST engine scan C:\Windows 00:21:33.300 AVAST engine scan C:\Windows\system32 00:24:33.475 File: C:\Windows\system32\perfh007.dat **SUSPICIOUS** 00:25:59.641 AVAST engine scan C:\Windows\system32\drivers 00:26:26.653 AVAST engine scan C:\Users\Gini 00:37:14.369 AVAST engine scan C:\ProgramData 00:39:57.321 Scan finished successfully 01:20:49.131 Disk 0 MBR has been saved successfully to "C:\Users\Gini\Desktop\MBR.dat" 01:20:49.145 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt" |
|
26.12.2011, 01:36
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert"Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.12.2011, 02:14
| #27 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" "Natürlich" und "logischerweise" lassen darauf schließen. Aber wenn das nicht der Fall ist, umso besser. Nein ich bin nicht im Weihnachtsstress, verlief ziemlich gechillt! Können wir zum wesentlichen zurückkehren? |
|
26.12.2011, 03:55
| #28 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert"Zitat:
Zitat:
 Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.12.2011, 09:58
| #29 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Soll ich das was gefunden wird auch gleich löschen?  |
|
28.12.2011, 16:57
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Nein erstmal nur Log posten! Siehe => Gehe sicher das bei Remove Found Threats kein Haken gesetzt ist.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" |
| aus sicherheitsgründen, blockiert, hoffe, log, sicherheitsgründe, sicherheitsgründen, system, system blockiert, windows, windows system, windows system blockiert, wurde ihr |
Linear-Darstellung
