Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 23.02.2012, 18:56   #16
Morgensonne
 
Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. - Standard

Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.



Ich hatte nur Angst irgendwas falsch zu machen.. Für mich ist das alles Altägyptisch! So hier der Log:

[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-02-22.01 - sandra.langenberg 23.02.2012  18:00:40.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.1944.526 [GMT 1:00]
ausgeführt von:: c:\users\sandra.langenberg\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\swtools\APPS\CBED\CBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CBED\CBE\ACTIVATION_104\BIN\_desktop.ini
c:\users\sandra.langenberg\Documents\~WRL0005.tmp
c:\users\sandra.langenberg\Documents\~WRL2729.tmp
Q:\AUTORUN.INF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-23 bis 2012-02-23  ))))))))))))))))))))))))))))))
.
.
2012-02-23 17:20 . 2012-02-23 17:26	--------	d-----w-	c:\users\sandra.langenberg\AppData\Local\temp
2012-02-23 11:45 . 2012-02-23 11:45	--------	d-----w-	C:\_OTL
2012-02-21 22:18 . 2012-02-21 22:18	--------	d-----w-	c:\program files\ESET
2012-02-21 09:17 . 2012-02-21 09:17	--------	d-----w-	c:\users\sandra.langenberg\AppData\Roaming\Malwarebytes
2012-02-21 08:25 . 2012-02-21 08:25	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-21 08:25 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-21 08:25 . 2012-02-21 08:25	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-21 07:05 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{82F5171A-AA9B-4961-B31A-3777FE7491FB}\mpengine.dll
2012-02-21 00:10 . 2012-02-21 00:57	--------	d-----w-	c:\users\neu
2012-02-16 11:44 . 2011-12-30 05:27	478720	----a-w-	c:\windows\system32\timedate.cpl
2012-02-16 11:44 . 2011-12-16 07:52	690688	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-16 11:44 . 2012-01-04 08:58	442880	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-16 11:44 . 2012-01-14 03:35	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-01-31 08:30 . 2012-01-31 08:31	--------	d-----w-	c:\program files\iTunes
2012-01-31 08:30 . 2012-01-31 08:30	--------	d-----w-	c:\program files\iPod
2012-01-28 10:00 . 2011-11-17 05:41	134000	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-01-28 10:00 . 2011-11-17 05:39	369352	----a-w-	c:\windows\system32\drivers\cng.sys
2012-01-28 10:00 . 2011-11-17 05:34	224768	----a-w-	c:\windows\system32\schannel.dll
2012-01-28 10:00 . 2011-11-17 05:32	1038848	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-28 10:00 . 2011-11-17 05:41	67440	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-28 10:00 . 2011-11-17 05:35	314880	----a-w-	c:\windows\system32\webio.dll
2012-01-28 10:00 . 2011-11-17 05:34	15872	----a-w-	c:\windows\system32\sspisrv.dll
2012-01-28 10:00 . 2011-11-17 05:34	100352	----a-w-	c:\windows\system32\sspicli.dll
2012-01-28 10:00 . 2011-11-17 05:34	22016	----a-w-	c:\windows\system32\secur32.dll
2012-01-28 10:00 . 2011-11-17 05:29	22528	----a-w-	c:\windows\system32\lsass.exe
2012-01-26 19:09 . 2012-01-26 19:09	--------	d-----w-	c:\users\sandra.langenberg\AppData\Roaming\OpenOffice.org
2012-01-26 18:44 . 2012-01-26 18:45	--------	d-----w-	c:\program files\OpenOffice.org 3
2012-01-26 18:39 . 2012-01-26 18:39	--------	d-----w-	c:\program files\licenses
2012-01-26 18:39 . 2012-01-26 18:39	--------	d-----w-	c:\program files\readmes
2012-01-26 18:39 . 2012-01-26 18:39	--------	d-----w-	c:\program files\redist
2012-01-26 14:12 . 2012-01-26 14:12	--------	d-----w-	c:\users\sandra.langenberg\AppData\Local\Mozilla
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 07:54 . 2011-06-03 07:19	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 04:10 . 2010-03-30 11:16	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-01-19 11:34 . 2011-01-19 11:34	3003392	----a-w-	c:\program files\openofficeorg33.msi
2011-01-19 11:33 . 2011-01-19 11:33	475016	----a-w-	c:\program files\setup.exe
2012-02-17 13:21 . 2012-01-26 14:09	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\sandra.langenberg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\sandra.langenberg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\sandra.langenberg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-01 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"Akamai NetSession Interface"="c:\users\sandra.langenberg\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-09-09 176128]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-05-10 1258856]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-13 36864]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Daemon for Mouse Suite"="c:\program files\Lenovo\Lenovo Mouse Suite\ICO.EXE" [2009-11-06 98304]
"BackupAndRecoveryMonitor.exe"="c:\program files\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe" [2009-11-27 1550280]
"AcronisTimounterMonitor"="c:\program files\Common Files\Acronis\Timounter\TimounterMonitor.exe" [2009-11-27 959192]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-27 382816]
"TrayMonitor.exe"="c:\program files\Acronis\TrayMonitor\TrayMonitor.exe" [2009-11-27 843016]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2009-08-31 132608]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-30 54120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-09-29 520192]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-05-25 281768]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-13 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-13 170520]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-09-28 136416]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\sandra.langenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\sandra.langenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-2-17 795936]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-3-6 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 135664]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 106496]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-05-10 292200]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-07 204800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-22 9728]
R3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-08-18 20848]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-05-10 83304]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-04 1124848]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 131888]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 ApRunSvc;Alps Application Launcher Service;c:\program files\Apoint2K\ApRunSvc.exe [x]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-05-10 25968]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-01-13 20592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 pelmoubt;Mouse Suite Bluetooth Driver;c:\windows\system32\DRIVERS\pelmoubt.sys [2009-04-23 18432]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AcronisAgent;Acronis Remote Agent;c:\program files\Common Files\Acronis\Agent\agent.exe [2009-11-27 1877848]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-06-28 340136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-25 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-06-28 428200]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-10-21 1824064]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-10-21 98304]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-30 41320]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-30 65896]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 Lexware_Professional_Datenbank;Lexware Professional Datenbank;c:\program files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [2008-07-02 83248]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824]
S2 MMS;Acronis Managed Machine Service;c:\program files\Acronis\BackupAndRecovery\mms.exe [2009-11-27 4290896]
S2 PelService;Session Launcher Service;c:\program files\Lenovo\Lenovo Mouse Suite\PelService.exe [2009-11-13 172032]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-05-10 148840]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2011-06-14 201080]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 130920]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [2009-08-31 241664]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-10-21 659968]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-23 45352]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-23 29472]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 63616]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944]
S3 pelbtm;Bluetooth Mouse Filter Driver;c:\windows\system32\DRIVERS\pelbtm.sys [2007-09-20 13312]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 09:59]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 09:59]
.
2012-01-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:43]
.
2012-02-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\sandra.langenberg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///E:/launch.ocx
FF - ProfilePath - c:\users\sandra.langenberg\AppData\Roaming\Mozilla\Firefox\Profiles\8wxyuxwj.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{26647ca4-a2a7-4eac-8a72-761aa9141de7} - (no file)
HKCU-Run-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
HKLM-Run-tsnp2uvc - c:\windows\tsnp2uvc.exe
HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{C4B36920-79E24793-06000000}_0]
"ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2760)
c:\users\sandra.langenberg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\GR\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\SvcGuiHlpr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-23  18:32:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-23 17:32
.
Vor Suchlauf: 14 Verzeichnis(se), 111.382.450.176 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 110.810.972.160 Bytes frei
.
- - End Of File - - 35FF691522161061495698BC20727E01
         
--- --- ---

Alt 23.02.2012, 21:00   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. - Standard

Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________

__________________

Alt 25.02.2012, 13:30   #18
Morgensonne
 
Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. - Standard

Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.



Hallo Arne,
irgendwie klappt es jetzt nicht mehr so richtig bei mir.
OSAM war ok:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:23:01 on 23.02.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"PCDoctorBackgroundMonitorTask.job" - "PC-Doctor, Inc." - C:\Program Files\PC-Doctor\pcdr5cuiw32.exe
"SystemToolsDailyTest.job" - "PC-Doctor, Inc." - C:\Program Files\PC-Doctor\pcdr5cuiw32.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl
"ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"PWMCP32V.cpl" - "Lenovo Group Limited" - C:\Windows\system32\PWMCP32V.cpl
"TpShCPL.cpl" - "Lenovo." - C:\Windows\system32\TpShCPL.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\iproset.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys
"APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\Windows\System32\DRIVERS\ApsHM86.sys
"AuthenTec TruePrint USB Driver" (ATSwpWDF) - "AuthenTec, Inc." - C:\Windows\System32\Drivers\ATSwpWDF.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\SANDRA~1.LAN\AppData\Local\Temp\catchme.sys  (File not found)
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\Windows\system32\Drivers\DgiVecp.sys
"DozeHDD" (DozeHDD) - "Lenovo." - C:\Windows\System32\DRIVERS\DozeHDD.sys
"Lenovo System Interface Driver" (lenovo.smi) - "Lenovo Group Limited" - C:\Windows\System32\DRIVERS\smiif32.sys
"PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver" (PCDSRVC{C4B36920-79E24793-06000000}_0) - "PC-Doctor, Inc." - c:\progra~1\pc-doc~1\pcdsrvc.pkms
"regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys
"Shockprf" (Shockprf) - "Lenovo." - C:\Windows\System32\DRIVERS\Apsx86.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys
"uxtyipog" (uxtyipog) - ? - C:\Users\SANDRA~1.LAN\AppData\Local\Temp\uxtyipog.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis Backup and Recovery 10 Shell Context Menu Extension" - "Acronis" - C:\Program Files\Common Files\Acronis\Timounter\tishell_abr.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Backup and Recovery 10 Shell Extension" - "Acronis" - C:\Program Files\Common Files\Acronis\Timounter\tishell_abr.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{AE20061D-C1E1-4292-972E-16B91D9BD401} "CPL Mouse Manager" - ? - C:\Program Files\Lenovo\Lenovo Mouse Suite\xManager.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\MLSHEXT.DLL
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{6F15128C-E66A-490C-B848-5000B5ABEEAC} "HP Download Manager" - "Hewlett-Packard Co." - C:\Windows\Downloaded Program Files\HPDEXAXO.dll / https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{A6616B31-4860-41E2-98E3-CA7649AF172F} "Launch Control" - "Lenovo" - C:\Windows\DOWNLO~1\launch.ocx / file:///E:/launch.ocx
{FF1CD9A3-00CD-45C1-8182-4EEC229A182D} "Plaxo Auto-Import Utility" - ? - C:\Windows\system32\plx_upldr.dll / https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
{3D3B42C2-11BF-4732-A304-A01384B70D68} "UploadListView Class" - "Google, Inc." - C:\Windows\Downloaded Program Files\UploaderX.dll / hxxp://picasaweb.google.de/s/v/66.31/uploader2.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\sandra.langenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\sandra.langenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Digital Line Detect.lnk" - "Avanquest Software " - C:\Program Files\Digital Line Detect\DLG.exe  (Shortcut exists | File exists)
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Akamai NetSession Interface" - "Akamai Technologies, Inc" - "C:\Users\sandra.langenberg\AppData\Local\Akamai\netsession_win.exe"
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor" - "Acronis" - C:\Program Files\Common Files\Acronis\Timounter\TimounterMonitor.exe
"AcWin7Hlpr" - ? - C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe  (File found, but it contains no detailed information)
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BackupAndRecoveryMonitor.exe" - "Acronis" - C:\Program Files\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe
"CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"Daemon for Mouse Suite" - "Primax Electronics Ltd." - C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE
"FingerPrintSoftware" - "AuthenTec" - "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
"FingerPrintSoftwareSplashScreen" - "AuthenTec, Inc." - "C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe" \s
"HotKeysCmds" - "Intel Corporation" - C:\Windows\system32\hkcmd.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LENOVO.TPKNRRES" - "Lenovo Group Limited" - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
"LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"Memeo Instant Backup" - "Memeo Inc." - C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
"Message Center Plus" - ? - C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
"Persistence" - "Intel Corporation" - C:\Windows\system32\igfxpers.exe
"PWMTRV" - "Lenovo Group Limited" - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Samsung PanelMgr" - ? - C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
"SmartAudio" - ? - C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TpShocks" - "Lenovo." - TpShocks.exe
"TrayMonitor.exe" - "Acronis" - C:\Program Files\Acronis\TrayMonitor\TrayMonitor.exe
"UIExec" - ? - "C:\Program Files\Join Air\UIExec.exe"  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"GMX Fax Monitor" - "GMX GmbH" - C:\Windows\system32\UIGMXMON.DLL
"OKI HiperC Language Monitor7 2K" - "Oki Data Corporation" - C:\Windows\system32\OPDMN074.DLL
"spd__ Langmon" - ? - C:\Windows\system32\spd__l.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AcPrfMgrSvc" (AcPrfMgrSvc) - "Lenovo" - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
"Acronis Managed Machine Service" (MMS) - "Acronis" - C:\Program Files\Acronis\BackupAndRecovery\mms.exe
"Acronis Remote Agent" (AcronisAgent) - "Acronis" - C:\Program Files\Common Files\Acronis\Agent\agent.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
"AcSvc" (AcSvc) - "Lenovo" - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
"AD Monitor" (ADMonitor) - ? - C:\Windows\system32\ADMonitor.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Active File Monitor V5" (AdobeActiveFileMonitor5.0) - ? - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe  (File found, but it contains no detailed information)
"Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_7de0ed9.dll  (File found, but it contains no detailed information)
"Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"AuthenTec Fingerprint Service" (ATService) - "AuthenTec, Inc." - C:\Windows\system32\AtService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
"Cisco EnergyWise Enabler" (PwmEWSvc) - "Lenovo Group Limited" - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
"Data Transfer Service" (dtsvc) - ? - C:\Windows\system32\DTS.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"Inkjet Printer/Scanner Extended Survey Program" (IJPLMSVC) - ? - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Lenovo Auto Scroll" (Lenovo.VIRTSCRLSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
"Lenovo Camera Mute" (LENOVO.CAMMUTE) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
"Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
"Lenovo Hotkey Client Loader" (TPHKLOAD) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
"Lenovo Keyboard Noise Reduction" (LENOVO.TPKNRSVC) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
"Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
"Lexware Professional Datenbank" (Lexware_Professional_Datenbank) - "iAnywhere Solutions, Inc." - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
"MemeoBackgroundService" (MemeoBackgroundService) - "Memeo" - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Power Manager DBC Service" (Power Manager DBC Service) - "Lenovo" - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
"RoxMediaDB10" (RoxMediaDB10) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
"Samsung UPD Service" (Samsung UPD Service) - "Samsung Electronics CO., LTD." - C:\Windows\System32\SUPDSvc.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Session Launcher Service" (PelService) - ? - C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe  (File found, but it contains no detailed information)
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"System Update" (SUService) - "Lenovo Group Limited" - C:\Program Files\Lenovo\System Update\SUService.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
"TGCM_ImportWiFiSvc" (TGCM_ImportWiFiSvc) - "Telefónica" - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
"ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\Windows\System32\TPHDEXLG.exe
"ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) - "Lenovo Group Limited" - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
"TVT Backup Service" (TVT Backup Service) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
"UI Assistant Service" (UI Assistant Service) - ? - C:\Program Files\Join Air\AssistantServices.exe  (File found, but it contains no detailed information)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]



GMER lief 22 Stunden und das ist alles was im Log stand: (ich hatte den Eindruck, dass es zwischendurch neu gestartet ist, kann das sein?)


GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-25 13:15:46
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925031 rev.0020
Running: zj3yur7s.exe; Driver: C:\Users\SANDRA~1.LAN\AppData\Local\Temp\uxtyipog.sys


---- System - GMER 1.0.15 ----

SSDT            8F730076                                                                                                                    ZwCreateSection
SSDT            8F73007B                                                                                                                    ZwSetContextThread
SSDT            8F730017                                                                                                                    ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                                               82E84369 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                      82EBDD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                         82EC4EAC 4 Bytes  [76, 00, 73, 8F] {JBE 0x2; JAE 0xffffffffffffff93}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                         82EC524C 4 Bytes  [7B, 00, 73, 8F] {JNP 0x2; JAE 0xffffffffffffff93}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 166F                                                                                         82EC5324 4 Bytes  [17, 00, 73, 8F] {POP SS; ADD [EBX-0x71], DH}
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                  Das System kann die angegebene Datei nicht finden. !
?               C:\Users\SANDRA~1.LAN\AppData\Local\Temp\aswMBR.sys                                                                         Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.exe[2760] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc]                                             [74402437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2760] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup]                                        [743E5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2760] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown]                                       [743E56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2760] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree]                                              [744024B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2760] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics]                                    [743F8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2760] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage]                                      [743F4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2760] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth]                                     [743F506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2760] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight]                                    [743F5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2760] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                           [743F6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2760] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC]                                     [743F826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2760] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode]                                [743F87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2760] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                              [743F901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2760] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI]                                    [743FE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2760] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage]                                        [743F4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Program Files\Lenovo\System Update\SUService.exe[5444] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [756FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Lenovo\System Update\SUService.exe[5444] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [756FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Lenovo\System Update\SUService.exe[5444] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [756FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Lenovo\System Update\SUService.exe[5444] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [756FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Lenovo\System Update\SUService.exe[5444] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]   [756FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Lenovo\System Update\SUService.exe[5444] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]   [756FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000056                                                                                           halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                      snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                      snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                      snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\BTHUSB \Device\00000080                                                                                             bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000082                                                                                             bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f68b                                                 
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313cb584d                                                 
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f68b (not active ControlSet)                             
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313cb584d (not active ControlSet)                             

---- Files - GMER 1.0.15 ----

File            C:\Windows\Microsoft.NET\ngenservice_pri3_lock.dat                                                                          0 bytes

---- EOF - GMER 1.0.15 ----
         
--- --- ---



Und aswMBR.exe hat leider auch nicht geklappt. Anbei ein Screenshot von der Meldung. Dies ist 3 Mal so passiert.
__________________
Angehängte Grafiken
Dateityp: png avast.png (167,2 KB, 124x aufgerufen)

Geändert von Morgensonne (25.02.2012 um 13:39 Uhr)

Alt 26.02.2012, 15:05   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. - Standard

Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.



Mach mal den Scan mit aswMBR neu. Stell sicher, dass du unten nicht QuickScan ausgewählt hast, sondern (none) und dann nochmal aus den Button Scan klickst.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.02.2012, 00:49   #20
Morgensonne
 
Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. - Standard

Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.



Ok, das hat geholfen:
Code:
ATTFilter
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-27 00:43:32
-----------------------------
00:43:32.224    OS Version: Windows 6.1.7601 Service Pack 1
00:43:32.224    Number of processors: 2 586 0x170A
00:43:32.224    ComputerName: NB-LANGENBERG  UserName: 
00:43:50.743    Initialize success
00:43:57.856    AVAST engine defs: 12022604
00:44:10.976    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:44:10.976    Disk 0 Vendor: ST925031 0020 Size: 238475MB BusType: 3
00:44:11.007    Disk 0 MBR read successfully
00:44:11.023    Disk 0 MBR scan
00:44:11.038    Disk 0 unknown MBR code
00:44:11.038    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         1200 MB offset 2048
00:44:11.054    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       227272 MB offset 2459648
00:44:11.101    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        10000 MB offset 467914752
00:44:11.101    Disk 0 scanning sectors +488394752
00:44:11.272    Disk 0 scanning C:\Windows\system32\drivers
00:44:42.382    Service scanning
00:45:24.486    Modules scanning
00:45:52.878    Disk 0 trace - called modules:
00:45:53.424    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 
00:45:53.440    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86527218]
00:45:53.440    3 CLASSPNP.SYS[88c0459e] -> nt!IofCallDriver -> [0x85b32350]
00:45:53.456    5 ACPI.sys[88aa73d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x856f4028]
00:45:53.471    Scan finished successfully
00:46:14.952    Disk 0 MBR has been saved successfully to "C:\Users\sandra.langenberg\Desktop\MBR.dat"
00:46:14.968    The log file has been saved successfully to "C:\Users\sandra.langenberg\Desktop\aswMBR.txt"
         


Alt 27.02.2012, 10:25   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. - Standard

Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.



Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast


Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
--> Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.

Antwort

Themen zu Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.
anbei, anleitungen, gemerkt, hilfe!, hilfe!!, scan, scanne, scannen, versuch, versucht, windowssystem, wurde ihr




Ähnliche Themen: Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.


  1. Hier auch: "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (11)
  2. Aus Sicherheitsgruenden wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (20)
  3. Auch bei mir: "Achtung. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (2)
  4. Windowssystem wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (7)
  5. "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" - Virus, nun auch bei mir!
    Log-Analyse und Auswertung - 13.02.2012 (22)
  6. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Log-Analyse und Auswertung - 13.02.2012 (1)
  7. Auch bei mir: Ihr Windowssystem wurde aus Sicherheitsgr....
    Log-Analyse und Auswertung - 08.02.2012 (19)
  8. Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert!
    Log-Analyse und Auswertung - 08.02.2012 (1)
  9. Windowssystem wurde blockiert
    Alles rund um Windows - 05.02.2012 (1)
  10. Auch bei mir Windowssystem blockiert...
    Log-Analyse und Auswertung - 05.02.2012 (4)
  11. bei mir auch: Windowssystem wurde blockiert...
    Plagegeister aller Art und deren Bekämpfung - 26.01.2012 (5)
  12. Auch betroffen: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.
    Log-Analyse und Auswertung - 18.01.2012 (19)
  13. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...
    Log-Analyse und Auswertung - 09.01.2012 (19)
  14. Windowssystem wurde blockiert -> 50 €
    Log-Analyse und Auswertung - 29.12.2011 (6)
  15. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 23.12.2011 (1)
  16. Leider auch: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (28)
  17. Warnung erhalten: Auch Ashampoo wurde leider Ziel eines Hacker-Angriffs
    Diskussionsforum - 20.04.2011 (0)

Zum Thema Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. - Ich hatte nur Angst irgendwas falsch zu machen.. Für mich ist das alles Altägyptisch! So hier der Log: [code] Combofix Logfile: Code: Alles auswählen Aufklappen ATTFilter ComboFix 12-02-22.01 - sandra.langenberg - Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir....
Archiv
Du betrachtest: Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.