Windows gesperrt - Bitte um Hilfe

nadile · 07.01.2012, 23:17

Hallo
mein Windws wurde gesperrt. Hab ein wenig recheriert und eine olt.txd Datei erstellt. Kann bitte jemand die fix Datei zur Verfügung stellen.

Danke im Vorraus!

Code:

ATTFilter

OTL logfile created on: 1/7/2012 11:04:51 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.96 Gb Total Space | 27.25 Gb Free Space | 36.36% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 148.98 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 3.70 Gb Total Space | 3.67 Gb Free Space | 99.09% Space Free | Partition Type: FAT32
Drive F: | 72.62 Gb Total Space | 68.35 Gb Free Space | 94.12% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (TOSHIBA Bluetooth Service)
SRV - [2011/10/11 07:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 07:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/09/02 17:38:28 | 000,010,752 | ---- | M] () [Auto] -- C:\Windows\System32\FUSServices.exe -- (FUSServices)
SRV - [2008/01/22 12:35:52 | 000,103,808 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/21 10:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 09:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 07:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 10:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 11:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/02/12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/08/23 10:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/17 08:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2011/12/11 07:35:02 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 08:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 08:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 08:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/06/18 16:31:58 | 000,018,944 | ---- | M] (OEM) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FaxLffv2.sys -- (FaxLffv2)
DRV - [2008/02/01 05:46:08 | 000,187,904 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService)
DRV - [2008/01/30 10:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/21 09:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/16 16:47:06 | 000,033,152 | ---- | M] (OEM) [Kernel | On_Demand] -- C:\Windows\System32\drivers\XMLDIUSB.sys -- (XMLDIUSB)
DRV - [2008/01/15 04:34:58 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/12/26 04:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/12/17 04:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/09 07:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/23 03:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/04/09 10:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006/10/30 04:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006/10/23 10:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 05:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2005/06/17 05:20:20 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\xyz_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKU\xyz_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
IE - HKU\xyz_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\xyz_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\xyz_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/28 09:42:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/13 03:59:18 | 000,000,000 | ---D | M]
 
[2011/11/28 11:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/28 09:42:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/12 07:49:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/12 07:49:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/12 07:49:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/12 07:49:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/12 07:49:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/12 07:49:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/01/07 22:28:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MFFirmwareUpdate] C:\Program Files\Companion Suite Pro LL2\FirmwareDevice.exe ()
O4 - HKLM..\Run: [MFFSum_Pro_LL2] C:\Program Files\Companion Suite Pro LL2\MFFSUM.exe ()
O4 - HKLM..\Run: [MFPrintServer_Pro_LL2] C:\Program Files\Companion Suite Pro LL2\MFPrintServer.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\xyz_ON_C..\Run: [{11BCC3CF-1EB5-11DD-9A74-806E6F6E6963}] C:\Users\xyz\AppData\Roaming\Microsoft\loadhst.exe (The Pidgin developer community)
O4 - HKU\xyz_ON_C..\Run: [PhonostarAgent] C:\Program Files\phonostar\ps_agent.exe (phonostar)
O4 - HKU\xyz_ON_C..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe (phonostar)
O4 - Startup: Error locating startup folders.
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/07 15:29:16 | 000,000,000 | ---D | C] -- C:\5415ebba4c17566b4fd5004a48
[2012/01/07 12:55:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/01/02 06:43:22 | 000,000,000 | ---D | C] -- C:\Users\xyz\AppData\Roaming\elsterformular
[2011/12/30 22:30:40 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/12/30 22:30:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/27 15:36:18 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/12/25 22:15:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/07 22:28:30 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/07 16:31:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 16:31:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 16:31:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/07 16:31:20 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/06 15:55:18 | 000,039,936 | ---- | M] () -- C:\Users\xyz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/03 12:57:19 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/01/03 12:57:19 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/03 12:57:19 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/01/03 12:57:19 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/02 12:43:01 | 000,002,395 | ---- | M] () -- C:\Users\xyz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/01/02 06:42:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2011/12/31 09:41:16 | 031,326,720 | ---- | M] () -- C:\Users\xyz\Desktop\dlf_20111229_1010_75e67975.mp3
[2011/12/11 07:35:02 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/12/31 09:40:50 | 031,326,720 | ---- | C] () -- C:\Users\xyz\Desktop\dlf_20111229_1010_75e67975.mp3
[2011/12/28 05:52:41 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/08 04:29:47 | 000,055,296 | ---- | C] () -- C:\Windows\System32\LFOGRPJL.DLL
[2010/08/08 04:29:47 | 000,016,896 | ---- | C] () -- C:\Windows\System32\LFOGRPOW.EXE
[2010/08/08 04:29:47 | 000,013,312 | ---- | C] () -- C:\Windows\System32\LFOGRCOI.DLL
[2009/09/20 10:04:53 | 000,004,096 | -H-- | C] () -- C:\Users\xyz\AppData\Local\keyfile3.drm
[2009/06/08 12:06:46 | 000,187,502 | ---- | C] () -- C:\Windows\hphins25.dat
[2009/01/19 08:02:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/10/19 07:14:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2008/09/15 08:49:06 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/09/15 08:49:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/02 17:38:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\FUSServices.exe
[2008/05/26 04:38:36 | 000,000,032 | ---- | C] () -- C:\Windows\azeugnis.INI
[2008/05/23 00:33:46 | 000,000,795 | ---- | C] () -- C:\Windows\hphmdl25.dat
[2008/05/22 06:46:37 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008/05/22 06:45:10 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/05/18 11:13:12 | 000,001,717 | ---- | C] () -- C:\Windows\hpdj3600.ini
[2008/05/14 14:19:43 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/05/11 05:13:34 | 000,000,016 | -H-- | C] () -- C:\Users\xyz\AppData\Roaming\mxfilerelatedcache.mxc2
[2008/05/11 05:13:34 | 000,000,016 | -H-- | C] () -- C:\Users\xyz\AppData\mxfilerelatedcache.mxc2
[2008/05/11 05:13:34 | 000,000,016 | -H-- | C] () -- C:\Users\xyz\AppData\Local\mxfilerelatedcache.mxc2
[2008/05/11 04:59:45 | 000,000,680 | ---- | C] () -- C:\Users\xyz\AppData\Local\d3d9caps.dat
[2008/05/10 14:32:19 | 000,039,936 | ---- | C] () -- C:\Users\xyz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/10 13:13:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/05/10 12:43:19 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008/05/10 12:23:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/03/04 06:43:58 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/03/04 06:29:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/03/04 06:29:50 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/03/04 06:29:50 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/03/04 06:29:50 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/03/04 06:29:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/03/04 06:29:50 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/03/04 06:24:24 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008/03/04 05:58:04 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/03/04 05:57:54 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/03/04 05:57:54 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/03/04 05:57:54 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/03/04 05:57:54 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/03/04 05:48:04 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/04 05:48:04 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/03/04 05:48:04 | 000,159,146 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/01/28 11:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/01/28 11:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/01/28 10:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/01/28 10:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/01/28 10:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/01/28 10:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2008/01/21 02:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 02:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007/12/21 10:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,275,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/04/21 04:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2005/07/22 15:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[1997/09/11 18:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/09/11 18:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2008/12/16 07:29:02 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\Canon
[2009/03/31 08:38:46 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\DeepBurner
[2008/10/06 05:22:17 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\Desktopicon
[2012/01/02 06:43:23 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\elsterformular
[2012/01/02 12:43:10 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\go
[2011/01/07 04:56:30 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\Lexware
[2008/05/10 16:35:25 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\myphotobook
[2008/05/22 09:08:14 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\NewSoft
[2009/09/21 09:17:41 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\phonostar-Player
[2008/05/22 06:44:57 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\ScanSoft
[2010/03/14 03:51:10 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\TeamViewer
[2009/01/31 07:01:35 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\Toshiba
[2008/06/30 05:46:57 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\Ulead Systems
[2009/01/16 04:31:38 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\WebCompiler2
[2009/09/27 03:26:52 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\WebStripper
[2008/05/10 12:35:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/12/13 12:44:01 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM
[2008/12/16 07:29:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2008/05/14 13:59:18 | 000,000,000 | ---D | M] -- C:\ProgramData\CheckPoint
[2010/08/08 05:40:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Companion Suite Pro LL2
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/05/10 12:35:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/01/02 16:23:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Easybits GO
[2012/01/02 06:43:12 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2008/05/10 12:35:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/01/02 05:18:53 | 000,000,000 | ---D | M] -- C:\ProgramData\FreePDF
[2011/01/07 05:26:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexware
[2008/05/16 13:11:17 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2008/05/22 06:44:54 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/05/10 12:35:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/03/04 06:13:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Toshiba
[2008/05/10 12:40:31 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2008/03/04 06:28:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2008/05/10 12:35:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/02/07 04:43:44 | 000,000,000 | ---D | M] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2012/01/07 15:37:24 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

cosinus · 09.01.2012, 12:09

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Windows gesperrt - Bitte um Hilfe

Log-Analyse und Auswertung: Windows gesperrt - Bitte um Hilfe

Windows gesperrt - Bitte um Hilfe

Windows gesperrt - Bitte um Hilfe

Ähnliche Themen: Windows gesperrt - Bitte um Hilfe