Windowssystem blockiert Hilfe

BergF01 · 26.03.2012, 22:53

Hallo, habe auch nen Laptop der diese Problem hat hier wäre der Log von OTL
Danke für eure Hilfe

OTL logfile created on: 26.03.2012 23:48:06 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Bösl\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,96 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 74,55% Memory free
5,92 Gb Paging File | 5,20 Gb Available in Paging File | 87,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 211,89 Gb Total Space | 174,00 Gb Free Space | 82,12% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 14,59 Gb Free Space | 74,70% Space Free | Partition Type: NTFS

Computer Name: BÖSL-PC | User Name: Bösl | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.03.26 23:20:18 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Bösl\Desktop\OTL.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:21 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Programme\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.08.07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.06.12 11:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.04.29 05:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009.04.29 04:23:18 | 000,060,928 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\AzBusMon.exe -- (AzBusFixService)
SRV - [2008.08.08 12:13:12 | 000,053,325 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2008.03.14 03:08:38 | 000,054,560 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)
SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
DRV - [2010.03.05 12:21:30 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009.11.25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 01:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.20 12:12:52 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06000000}_0)
DRV - [2009.09.14 20:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.13 20:30:22 | 001,168,880 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009.07.10 00:44:50 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009.07.09 14:45:36 | 000,116,064 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009.06.23 10:27:14 | 000,487,936 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.05.14 02:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.04.29 05:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 34 6E D6 D6 BB CA 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {CB2779A8-A34C-45D4-B931-C9EA2F2628C1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKCU\..\SearchScopes\{917BE334-E281-4C70-BC11-659342E5676A}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{CB2779A8-A34C-45D4-B931-C9EA2F2628C1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO&o=101917&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=EV&apn_dtid=YYYYYYYYDE&apn_uid=CD49A675-2B21-4C2D-A1A8-FCA064010F50&apn_sauid=D4C32411-6A96-4E63-B3AA-0F4F641D8AD7
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Programme\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
O3 - HKLM\..\Toolbar: (Lenovo ThinkVantage Toolbox) - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Programme\PC-Doctor\ATLPcdToolbar544928.dll (PC-Doctor, Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant Systems, Inc.)
O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [{9061DB5E-5251-F873-DB6D-ECF66FE9F503}] C:\Users\Bösl\AppData\Roaming\Adex\xemoe.exe ()
O4 - HKCU..\Run: [SkypePM] C:\Users\Bösl\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Bösl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bösl\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1800C744-1002-4BF1-A4F5-AD43C049F04C}: DhcpNameServer = 192.168.2.10
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Programme\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{39ee832d-719e-11df-9a49-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{39ee832d-719e-11df-9a49-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4944b514-de23-11e0-89d3-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{4944b514-de23-11e0-89d3-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{752c11d7-2272-11e1-8908-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{752c11d7-2272-11e1-8908-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{966c5a2c-642f-11df-86c4-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{966c5a2c-642f-11df-86c4-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{966c5a32-642f-11df-86c4-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{966c5a32-642f-11df-86c4-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{966c5a3e-642f-11df-86c4-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{966c5a3e-642f-11df-86c4-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ad11a415-dd77-11e0-854f-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{ad11a415-dd77-11e0-854f-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ad11a418-dd77-11e0-854f-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{ad11a418-dd77-11e0-854f-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ad11a421-dd77-11e0-854f-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{ad11a421-dd77-11e0-854f-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d18866f3-e3a1-11e0-b301-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{d18866f3-e3a1-11e0-b301-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e33ca35d-3de2-11e0-8cee-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{e33ca35d-3de2-11e0-8cee-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e33ca362-3de2-11e0-8cee-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{e33ca362-3de2-11e0-8cee-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.03.26 23:47:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Bösl\Desktop\OTL.exe
[2012.03.26 23:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.03.15 20:14:54 | 003,957,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.03.15 20:14:48 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.03.14 17:48:07 | 002,341,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.14 17:48:05 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.14 17:48:05 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.03.14 17:48:04 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.03.14 17:48:04 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.03.14 17:48:04 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.03.13 20:49:29 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.03.13 20:49:29 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.03.13 20:49:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.03.13 20:46:51 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.03.06 22:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.03.06 22:04:44 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.03.26 23:44:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.26 23:44:37 | 2384,904,192 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.26 23:43:27 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.26 23:34:20 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.26 23:34:20 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.26 23:34:20 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.26 23:34:20 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.26 23:20:18 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Bösl\Desktop\OTL.exe
[2012.03.26 23:09:21 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.26 23:09:21 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 19:42:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.22 22:02:55 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.03.17 19:39:30 | 000,318,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.12 21:13:56 | 000,002,664 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012.03.06 22:04:44 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.03.12 21:13:56 | 000,002,664 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010.12.25 13:55:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.12.25 13:55:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.12.25 13:55:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.12.25 13:55:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.12.25 13:55:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.12.25 13:55:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.12.25 13:55:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.12.25 13:55:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.12.25 13:55:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.12.25 13:55:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.12.25 13:55:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.12.25 13:55:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.12.25 13:55:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.12.25 13:55:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.12.25 13:55:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.12.25 13:55:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.12.25 13:55:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.12.25 13:55:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.12.25 13:55:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.12.13 19:23:04 | 000,003,584 | ---- | C] () -- C:\Users\Bösl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.04.01 20:19:04 | 000,001,259 | ---- | C] () -- C:\Windows\eReg.dat

========== LOP Check ==========

[2011.12.19 16:28:09 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\Adex
[2012.03.24 13:15:51 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\Atah
[2010.03.04 22:42:58 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\Canneverbe Limited
[2010.03.04 22:26:18 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\Downloaded Installations
[2011.09.13 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\DVDVideoSoft
[2011.07.03 15:14:00 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.05 09:32:24 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\InterVideo
[2010.03.13 17:38:59 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\OpenOffice.org
[2012.02.07 22:47:49 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\TuneUp Software
[2010.03.05 11:09:26 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\Ulead Systems
[2010.03.05 12:29:16 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.02.18 20:10:33 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.22 22:02:55 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

< End of report >

Chris4You · 27.03.2012, 06:51

Hi,

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [{9061DB5E-5251-F873-DB6D-ECF66FE9F503}] C:\Users\Bösl\AppData\Roaming\Adex\xemoe.exe ()
O4 - HKCU..\Run: [SkypePM] C:\Users\Bösl\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation)
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{39ee832d-719e-11df-9a49-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{39ee832d-719e-11df-9a49-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4944b514-de23-11e0-89d3-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{4944b514-de23-11e0-89d3-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{752c11d7-2272-11e1-8908-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{752c11d7-2272-11e1-8908-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{966c5a2c-642f-11df-86c4-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{966c5a2c-642f-11df-86c4-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{966c5a32-642f-11df-86c4-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{966c5a32-642f-11df-86c4-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{966c5a3e-642f-11df-86c4-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{966c5a3e-642f-11df-86c4-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ad11a415-dd77-11e0-854f-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{ad11a415-dd77-11e0-854f-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ad11a418-dd77-11e0-854f-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{ad11a418-dd77-11e0-854f-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ad11a421-dd77-11e0-854f-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{ad11a421-dd77-11e0-854f-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d18866f3-e3a1-11e0-b301-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{d18866f3-e3a1-11e0-b301-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e33ca35d-3de2-11e0-8cee-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{e33ca35d-3de2-11e0-8cee-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e33ca362-3de2-11e0-8cee-00235a191967}\Shell - "" = AutoRun
O33 - MountPoints2\{e33ca362-3de2-11e0-8cee-00235a191967}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
[2012.03.24 13:15:51 | 000,000,000 | ---D | M] -- C:\Users\Bösl\AppData\Roaming\A

:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

BergF01 · 27.03.2012, 10:37

Danke hat alles super geklappt

Chris4You · 27.03.2012, 11:06

Hi,

poste bitte noch das Fix-LOG von OTL und das MAM-Log...

chris

Windowssystem blockiert Hilfe

Plagegeister aller Art und deren Bekämpfung: Windowssystem blockiert Hilfe