| |
| |||||||
Log-Analyse und Auswertung: Achtung! Aus Sicherheitsgründen wird ihr Windowssystem blockiert !Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.02.2012, 17:11
| #1 |
| |  Achtung! Aus Sicherheitsgründen wird ihr Windowssystem blockiert ! hallo,vor ca. 3 Tagen wurde mein Bildschirm schwarz mit schwarz-rot-goldenen Streifen ,darunter stand Achtung aus Sicherheitsgründen wird ihr Windowssystem blockiert! Diese Meldung kam noch zweimal , dann habe ich mal bei Avira geguckt und habe einen älteren Fund gesehen, danach gesucht und die Datei gelöscht.Ich weiß nicht woran es liegt aber ich kann jetzt wieder am Laptop arbeiten ohne das diese Meldung kommt . Jetzt weiß ich nicht ob das "Problem" noch besteht , da ich leider keine Ahnung in diesen Sachen habe.Vielen Dank schonmal im Vorraus  Das sind die dds und GMER Logfiles. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6002.18005 Run by Valentina at 18:30:41 on 2012-02-09 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2038.902 [GMT 1:00] . AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\agrsmsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe c:\program files\common files\gnab\service\servicecontroller.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxbxcoms.exe C:\Program Files\Medion\MEDIONbox\Program\GCS.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\igfxtray.exe C:\Program Files\Softex\OmniPass\opvapp.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\WButton.exe C:\Program Files\Softex\OmniPass\scureapp.exe C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe C:\Program Files\Launch Manager\WisLMSvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe C:\Program Files\ICQ7.5\ICQ.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe C:\Users\Valentina\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Valentina\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Valentina\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\rundll32.exe C:\Users\Valentina\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Valentina\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\conime.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 uSearch Bar = mDefault_Page_URL = hxxp://www.aldi.com/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=86571b63000000000000001b77b86850&tlver=1.4.19.19&ss=1&affID=17395 uURLSearchHooks: H - No File uURLSearchHooks: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\prxtbsof0.dll uURLSearchHooks: H - No File uURLSearchHooks: H - No File mURLSearchHooks: H - No File mURLSearchHooks: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\prxtbsof0.dll mURLSearchHooks: H - No File BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\prxtbsof0.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll TB: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\prxtbsof0.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File TB: {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000 uRun: [T-Online_Software_6\WLAN-Access Finder] c:\program files\t-online\wlan-access finder\ToWLaAcF.exe /StartMinimized uRun: [SMSlisto] "c:\program files\smslisto.com\smslisto\SMSlisto.exe" -nosplash -minimized uRun: [ICQ] "c:\program files\icq7.5\ICQ.exe" silent loginmode=4 uRun: [Google Update] "c:\users\valentina\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [LaunchAp] "c:\program files\launch manager\LaunchAp.exe" mRun: [HotkeyApp] "c:\program files\launch manager\HotkeyApp.exe" mRun: [CtrlVol] "c:\program files\launch manager\CtrlVol.exe" mRun: [LMgrOSD] "c:\program files\launch manager\OSD.exe" mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe" mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe mRun: [RemoteControl] "c:\program files\home cinema\powerdvd\PDVDServ.exe" mRun: [LanguageShortcut] "c:\program files\home cinema\powerdvd\language\Language.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [toolbar_eula_launcher] c:\program files\googleeula\EULALauncher.exe mRun: [Skytel] Skytel.exe mRun: [LXBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBXtime.dll,_RunDLLEntry@16 mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\users\valent~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\imvu.lnk - c:\users\valentina\appdata\roaming\imvuclient\IMVUQualityAgent.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{6C395699-C9E9-4033-BBF3-620ECC9DDFB9} : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{B1BD1AFE-2142-4FF3-B8B0-AE088816908A} : DhcpNameServer = 192.168.2.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL . ============= SERVICES / DRIVERS =============== . R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2007-9-12 210736] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-7 36000] R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-2-7 86224] R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-2-7 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-7 74640] R2 GnabService;GnabService;c:\program files\common files\gnab\service\ServiceController.exe [2007-9-18 36864] R2 srvcPVR;Sceneo PVR Service;c:\program files\sceneo\absoluttv\services\pvr\pvrservice.exe [2007-9-18 1681408] R3 PhilCap;NXP service;c:\windows\system32\drivers\PhilCap.sys [2007-9-12 908896] R3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2007-9-18 118784] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2007-9-18 13976] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-10 135664] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\aldi foto service nord\common\database\bin\fbserver.exe [2007-9-19 1527900] S3 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-5-23 21504] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-9-19 30192] S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-10 135664] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632] S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\t-online\t-onli~1\basis-~1\basis1\MTOnlPktAlyX.SYS [2011-2-22 17536] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-02-09 15:55:51 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{399e3f75-24b5-42cf-a483-402458afd0f4}\offreg.dll 2012-02-08 15:10:26 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{399e3f75-24b5-42cf-a483-402458afd0f4}\mpengine.dll 2012-02-07 15:07:48 -------- d-----w- c:\users\valentina\appdata\roaming\Avira 2012-02-07 14:50:21 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-02-07 14:50:21 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-02-07 14:50:20 -------- d-----w- c:\programdata\Avira 2012-02-07 14:50:20 -------- d-----w- c:\program files\Avira . ==================== Find3M ==================== . 2012-01-26 23:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-11-27 15:04:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 18:36:46,01 =============== GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-02-09 19:26:00 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0 Running: kc82qgmv.exe; Driver: C:\Users\VALENT~1\AppData\Local\Temp\pwlcauoc.sys ---- System - GMER 1.0.15 ---- SSDT 8D978FC6 ZwCreateSection SSDT 8D978FD0 ZwRequestWaitReplyPort SSDT 8D978FCB ZwSetContextThread SSDT 8D978FD5 ZwSetSecurityObject SSDT 8D978FDA ZwSystemDebugControl SSDT 8D978F67 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 215 81CBE978 4 Bytes [C6, 8F, 97, 8D] .text ntkrnlpa.exe!KeSetEvent + 539 81CBEC9C 4 Bytes [D0, 8F, 97, 8D] .text ntkrnlpa.exe!KeSetEvent + 56D 81CBECD0 4 Bytes [CB, 8F, 97, 8D] .text ntkrnlpa.exe!KeSetEvent + 5D1 81CBED34 4 Bytes [D5, 8F, 97, 8D] .text ntkrnlpa.exe!KeSetEvent + 619 81CBED7C 4 Bytes [DA, 8F, 97, 8D] .text ... ? C:\Users\VALENT~1\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. ! ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@c!s!f!`!j!`!m!`!\22!t!t!r!j!r!s!f! 19583823 ---- EOF - GMER 1.0.15 ---- soll ich das Attach oder defogger disabled Logfile auch noch posten ? |
| Themen zu Achtung! Aus Sicherheitsgründen wird ihr Windowssystem blockiert ! |
| .com, achtung!, adobe, antivir, avira, bildschirm, blockiert, defender, desktop, dll, explorer, fontcache, google, harddisk, home, icq, ics, nmbgmonitor.exe, pdf, problem, rundll, scan, software, svchost.exe, temp, updates, webcam, yontoo |
Baum-Darstellung