"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" auf WinXP - System wieder in Ordnung?

cosinus · 18.01.2012, 12:14

Warum postest du die Log nicht in CODE-Tags? Ich habs doch min. einmal erwähnt ...

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

UliG · 18.01.2012, 21:45

Ok:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Unable to set value : HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E!
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-606747145-688789844-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-606747145-688789844-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{297d6a76-94d2-4170-b64d-f67cfa008b5e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{297d6a76-94d2-4170-b64d-f67cfa008b5e}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-606747145-688789844-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ deleted successfully.
C:\Programme\adawaretb\adawareDx.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-606747145-688789844-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d45171f3-7da8-4d5a-8257-bcb94b9092aa} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d45171f3-7da8-4d5a-8257-bcb94b9092aa}\ deleted successfully.
C:\Programme\mako_LIVE\prxtbmak0.dll moved successfully.
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: "Search the Web" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.com/?rlz=1V1IPYX" removed from browser.startup.homepage
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "hxxp://www.google.com/search?ie=utf-8&rlz=1V2IPYX&q=" removed from keyword.URL
Prefs.js: 4 removed from network.proxy.type
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\cs@dictionari es.addons.mozilla.org\dictionaries folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\cs@dictionari es.addons.mozilla.org folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\engine@condui t.com\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\engine@condui t.com\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\engine@condui t.com\lib folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\engine@condui t.com\DualPackage folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\engine@condui t.com\defaults folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\engine@condui t.com\components folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\engine@condui t.com\chrome folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\engine@condui t.com folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\ffxtlbr@Facem oods.com\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\ffxtlbr@Facem oods.com\defaults folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\ffxtlbr@Facem oods.com\content\preferences folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\ffxtlbr@Facem oods.com\content\images\dropdownicons folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\ffxtlbr@Facem oods.com\content\images folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\ffxtlbr@Facem oods.com\content folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\ffxtlbr@Facem oods.com\components folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\ffxtlbr@Facem oods.com\chrome folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\extensions\ffxtlbr@Facem oods.com folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\plucswuc.default\searchplugins\winamp-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
C:\Programme\Winamp Toolbar\winamptb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{297d6a76-94d2-4170-b64d-f67cfa008b5e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{297d6a76-94d2-4170-b64d-f67cfa008b5e}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ not found.
File C:\Programme\adawaretb\adawareDx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A876E312-7D08-401a-B7A6-FAFC5DC2F292}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A876E312-7D08-401a-B7A6-FAFC5DC2F292}\ deleted successfully.
C:\Programme\CrossriderWebApps\Crossrider.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d45171f3-7da8-4d5a-8257-bcb94b9092aa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d45171f3-7da8-4d5a-8257-bcb94b9092aa}\ not found.
File C:\Programme\mako_LIVE\prxtbmak0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{297d6a76-94d2-4170-b64d-f67cfa008b5e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{297d6a76-94d2-4170-b64d-f67cfa008b5e}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ not found.
File C:\Programme\adawaretb\adawareDx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{965B54B0-71E0-4611-8DE7-F73FA0B20E26} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965B54B0-71E0-4611-8DE7-F73FA0B20E26}\ deleted successfully.
C:\Programme\Babylon\Babylon Toolbar\BabylonIEToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d45171f3-7da8-4d5a-8257-bcb94b9092aa} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d45171f3-7da8-4d5a-8257-bcb94b9092aa}\ not found.
File C:\Programme\mako_LIVE\prxtbmak0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Programme\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_USERS\S-1-5-21-606747145-688789844-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{297D6A76-94D2-4170-B64D-F67CFA008B5E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{297D6A76-94D2-4170-B64D-F67CFA008B5E}\ not found.
Registry value HKEY_USERS\S-1-5-21-606747145-688789844-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{297D6A76-94D2-4170-B64D-F67CFA008B5E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{297D6A76-94D2-4170-B64D-F67CFA008B5E}\ not found.
Registry value HKEY_USERS\S-1-5-21-606747145-688789844-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{965B54B0-71E0-4611-8DE7-F73FA0B20E26} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965B54B0-71E0-4611-8DE7-F73FA0B20E26}\ not found.
File C:\Programme\Babylon\Babylon Toolbar\BabylonIEToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-606747145-688789844-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D45171F3-7DA8-4D5A-8257-BCB94B9092AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D45171F3-7DA8-4D5A-8257-BCB94B9092AA}\ not found.
File C:\Programme\mako_LIVE\prxtbmak0.dll not found.
Registry value HKEY_USERS\S-1-5-21-606747145-688789844-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
File C:\Programme\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
C:\Programme\Winamp\winampa.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Picasa Media Detector deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Picasa Media Detector not found.
Registry value HKEY_USERS\S-1-5-21-606747145-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-606747145-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\CrossRiderPlugin deleted successfully.
C:\Programme\CrossriderWebApps\Crossrider.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-606747145-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware_XP deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware_XP not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Winamp Search\ deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Winamp Toolbar Search\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\add to &BOM\ deleted successfully.
File move failed. C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
C:\Programme\Spybot - Search & Destroy\SDHelper.dll moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{663ab5fc-9370-11de-a82a-00140b0dab68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{663ab5fc-9370-11de-a82a-00140b0dab68}\ not found.
File G:\Toshiba\more4you.exe not found.
C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Facebook folder moved successfully.
C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\facemoods.com\facemoods folder moved successfully.
C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\facemoods.com folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\inst.exe moved successfully.
ADS C:\install.exe:SummaryInformation deleted successfully.
ADS C:\WINDOWS:44EA0897B9CA9660 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:ECF54A0E deleted successfully.
========== FILES ==========
C:\install.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 577617009 bytes
->Temporary Internet Files folder emptied: 3892293 bytes
->FireFox cache emptied: 11640445 bytes
->Flash cache emptied: 348 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Gast
->Temp folder emptied: 5955111035 bytes
->Temporary Internet Files folder emptied: 108527198 bytes
->Java cache emptied: 4061917 bytes
->FireFox cache emptied: 13050328 bytes
->Flash cache emptied: 65239 bytes

User: ich
->Temp folder emptied: 2705315911 bytes
->Temporary Internet Files folder emptied: 812808 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61669164 bytes
->Flash cache emptied: 1022049 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 3047424 bytes
->Temporary Internet Files folder emptied: 92986722 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119608 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 24192 bytes
Windows Temp folder emptied: 31875440 bytes
RecycleBin emptied: 124952 bytes

Total Files Cleaned = 9.129,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01182012_095043

Files\Folders moved on Reboot...
File move failed. C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 18.01.2012, 21:50

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" auf WinXP - System wieder in Ordnung?

Log-Analyse und Auswertung: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" auf WinXP - System wieder in Ordnung?