| |
| |||||||
Log-Analyse und Auswertung: Trojaner: Achtung aus sicherheitsgründen wurde Ihr System blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
14.05.2012, 14:10
| #1 |
| |  Trojaner: Achtung aus sicherheitsgründen wurde Ihr System blockiert Hallo, seit heute mittag ist der Rechner blockiert. Nach dem Booten kommt statt dem Desktop eine schwarz rot goldene Einblendung mit der im Betreff genannten Meldung. Hier der OTL Scan: Code:
ATTFilter OTL logfile created on: 5/14/2012 2:02:20 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 7.45 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive F: | 596.07 Gb Total Space | 551.92 Gb Free Space | 92.59% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/08/31 15:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/01/28 05:54:04 | 002,790,400 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto] -- F:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2012/05/04 04:01:47 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/12/07 08:50:05 | 002,013,992 | ---- | M] (TeamViewer GmbH) [Auto] -- F:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/05/14 07:28:44 | 000,176,128 | ---- | M] (OLYMPUS IMAGING CORP.) [On_Demand] -- F:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe -- (Olympus DVR Service)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/16 08:48:40 | 000,055,808 | ---- | M] (DATEV eG) [Auto] -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe -- (DATEV ViwasClientService)
SRV - [2009/12/02 21:44:00 | 000,147,040 | ---- | M] (DATEV eG) [Auto] -- F:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2009/09/22 11:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/08/31 15:07:00 | 000,178,920 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
SRV - [2009/08/31 15:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2009/08/31 15:07:00 | 000,019,720 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/23 21:00:00 | 000,077,312 | ---- | M] (DATEV eG) [Auto] -- F:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2008/09/22 03:47:14 | 000,176,128 | ---- | M] (DATEV eG) [Auto] -- F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe -- (Dcmanag)
SRV - [2006/12/14 04:00:00 | 001,372,432 | ---- | M] (Danware Data A/S) [Auto] -- F:\DATEV\PROGRAMM\A0000008\NHOSTSVC.EXE -- (NetOp Host for NT Service) NetOp Helper ver. 9.00 (2006348)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/08/31 15:07:00 | 000,469,144 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- F:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/08/31 15:07:00 | 000,119,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/08/31 15:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2009/08/31 15:07:00 | 000,083,784 | ---- | M] (McAfee, Inc.) [Kernel | System] -- F:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2009/08/31 15:07:00 | 000,077,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:36:03 | 000,899,328 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- F:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE)
DRV:64bit: - [2009/06/10 16:36:02 | 000,079,872 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- F:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/01 18:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/02/02 22:10:26 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- F:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV:64bit: - [2009/01/08 05:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- F:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2008/02/11 10:57:10 | 000,070,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- F:\Windows\System32\drivers\aksdf.sys -- (aksdf)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@datev.de/DATEV_BestellManager,version=1.7: F:\DATEV\PROGRAMM\A0000015\npdvbm.dll ( DATEV eG)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/04 04:01:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/29 02:06:09 | 000,000,000 | ---D | M]
[2012/05/04 04:01:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- F:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/14 22:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/06 08:02:17 | 000,001,392 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/06 08:02:17 | 000,002,252 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/06 08:02:17 | 000,001,153 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/06 08:02:17 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/06 08:02:17 | 000,001,178 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/06 08:02:17 | 000,001,105 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] F:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] F:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O12 - Plugin for: .IPC - F:\Program Files (x86)\Internet Explorer\Plugins\npideapl.dll (LINK & LINK Software)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/05/11 06:38:17 | 001,544,704 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\DWrite.dll
[2012/05/11 06:38:17 | 001,077,248 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\DWrite.dll
[2012/05/11 06:38:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ntoskrnl.exe
[2012/05/11 06:38:12 | 003,968,368 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/11 06:38:12 | 003,913,072 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ntoskrnl.exe
[2012/05/04 04:01:49 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/04 04:01:49 | 000,000,000 | ---D | C] -- F:\ProgramData\Mozilla
========== Files - Modified Within 30 Days ==========
[2012/05/14 06:45:57 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012/05/14 06:45:50 | 000,008,212 | ---- | M] () -- F:\Windows\mfebcdata
[2012/05/14 06:45:02 | 000,001,108 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 06:44:34 | 2414,485,504 | -HS- | M] () -- F:\hiberfil.sys
[2012/05/14 05:53:48 | 000,664,618 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2012/05/14 05:53:48 | 000,624,800 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2012/05/14 05:53:48 | 000,134,786 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2012/05/14 05:53:48 | 000,110,438 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2012/05/14 05:48:40 | 000,014,624 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 05:48:40 | 000,014,624 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 05:01:00 | 000,001,112 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 01:59:41 | 000,416,392 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/05/14 06:45:50 | 000,008,212 | ---- | C] () -- F:\Windows\mfebcdata
[2011/07/04 02:32:53 | 000,252,928 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2011/06/07 09:13:49 | 000,000,000 | ---- | C] () -- F:\Windows\Dssole.INI
[2011/06/07 09:13:12 | 000,000,628 | ---- | C] () -- F:\Windows\Support.ini
[2010/03/25 06:00:08 | 000,000,000 | ---- | C] () -- F:\Windows\Wkoprog.INI
[2010/01/15 05:31:44 | 000,000,162 | ---- | C] () -- F:\Windows\netop.ini
[2010/01/15 04:36:26 | 000,000,171 | ---- | C] () -- F:\Windows\DEINSTAL.INI
[2010/01/15 04:09:49 | 000,000,236 | ---- | C] () -- F:\Windows\ODBC.INI
[2010/01/15 03:56:36 | 001,526,730 | ---- | C] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/15 03:55:34 | 000,000,021 | ---- | C] () -- F:\Windows\DvInesKurusOleServer003.INI
[2010/01/15 03:55:09 | 000,000,108 | ---- | C] () -- F:\Windows\dvinesinstart001.INI
[2010/01/15 03:55:09 | 000,000,108 | ---- | C] () -- F:\Windows\dvinesinstalllocation001.INI
[2010/01/15 03:55:01 | 000,000,021 | ---- | C] () -- F:\Windows\Startup.INI
[2010/01/08 08:21:43 | 000,000,008 | RHS- | C] () -- F:\ProgramData\ntuser.pol
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
[2003/09/24 06:42:00 | 000,000,093 | ---- | C] () -- F:\Windows\SysWow64\tm.ini
[1999/08/26 09:50:36 | 000,020,480 | ---- | C] () -- F:\Windows\SysWow64\ddma32.dll
[1999/01/19 10:18:30 | 000,110,080 | ---- | C] () -- F:\Windows\SysWow64\LFPNG60N.DLL
[1999/01/19 10:18:30 | 000,046,080 | ---- | C] () -- F:\Windows\SysWow64\LFTIF60N.DLL
[1999/01/19 10:18:30 | 000,043,008 | ---- | C] () -- F:\Windows\SysWow64\LTFIL60N.DLL
[1999/01/19 10:18:30 | 000,020,480 | ---- | C] () -- F:\Windows\SysWow64\LFPSD60N.DLL
[1999/01/19 10:18:30 | 000,019,968 | ---- | C] () -- F:\Windows\SysWow64\LFTGA60N.DLL
[1999/01/19 10:18:30 | 000,019,456 | ---- | C] () -- F:\Windows\SysWow64\LFWPG60N.DLL
[1999/01/19 10:18:30 | 000,019,456 | ---- | C] () -- F:\Windows\SysWow64\LFWMF60N.DLL
[1999/01/19 10:18:28 | 000,176,128 | ---- | C] () -- F:\Windows\SysWow64\LFFAX60N.DLL
[1999/01/19 10:18:28 | 000,141,824 | ---- | C] () -- F:\Windows\SysWow64\LFCMP60N.DLL
[1999/01/19 10:18:28 | 000,023,552 | ---- | C] () -- F:\Windows\SysWow64\LFPCX60N.DLL
[1999/01/19 10:18:28 | 000,022,528 | ---- | C] () -- F:\Windows\SysWow64\LFPCT60N.DLL
[1999/01/19 10:18:28 | 000,022,528 | ---- | C] () -- F:\Windows\SysWow64\LFEPS60N.DLL
[1999/01/19 10:18:28 | 000,022,016 | ---- | C] () -- F:\Windows\SysWow64\LFBMP60N.DLL
[1999/01/19 10:18:28 | 000,018,432 | ---- | C] () -- F:\Windows\SysWow64\LFMSP60N.DLL
[1999/01/19 10:18:28 | 000,017,920 | ---- | C] () -- F:\Windows\SysWow64\LFMAC60N.DLL
[1998/05/07 08:10:16 | 000,069,632 | ---- | C] () -- F:\Windows\SysWow64\ODMA32.DLL
[1995/02/14 19:11:00 | 000,017,920 | ---- | C] () -- F:\Windows\SysWow64\IMPLODE.DLL
========== LOP Check ==========
[2010/01/08 08:17:36 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2010/01/15 04:13:43 | 000,000,000 | ---D | M] -- F:\ProgramData\DATEV
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/01/08 08:17:36 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2010/01/08 08:17:36 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2010/01/18 03:24:14 | 000,000,000 | ---D | M] -- F:\ProgramData\ISDNWatch
[2011/06/07 09:13:21 | 000,000,000 | ---D | M] -- F:\ProgramData\Olympus
[2010/01/15 12:20:09 | 000,000,000 | ---D | M] -- F:\ProgramData\ProCheckViewer
[2010/01/15 04:05:47 | 000,000,000 | ---D | M] -- F:\ProgramData\SkyCom
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/01/08 08:17:36 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2010/01/08 08:17:36 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2012/05/04 01:50:51 | 000,032,632 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Bin für jede hilfe dankbar Chris |
|
14.05.2012, 14:55
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner: Achtung aus sicherheitsgründen wurde Ihr System blockiertZitat:
Zitat:
__________________ |
|
14.05.2012, 15:18
| #3 |
| | Trojaner: Achtung aus sicherheitsgründen wurde Ihr System blockiert Ja, es handelt sich um eine kleine Firma.
__________________Nein, es sind keine wichtigen oder kundenrelevanten Daten auf dem PC. Es liegt alles auf einem Server. Die DATEV Daten sind in einer verschlüsselten SQL Datenbank auf einem anderen Rechner und daher vernutlich recht sicher. Ist nur ein Erfassungssystem, dass aber recht umständlich eingerichtet werden muss. |
|
14.05.2012, 18:29
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Achtung aus sicherheitsgründen wurde Ihr System blockiert Bist du da der Administratotr? Wieso hast du kein Image von diesem Rechner?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.05.2012, 07:04
| #5 |
| | Trojaner: Achtung aus sicherheitsgründen wurde Ihr System blockiert Ist ein guter Bekannter aus Dortmund, da gibt es keinen eigenen Admin. Ich sitze knapp 500 km weit entfernt davon (im schönen Harz) und versuche per Fernwartung und Telefonsupport das System wieder her zu stellen. Leider bin ich hier mit meinem Latein an Ende. |
|
15.05.2012, 09:21
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Achtung aus sicherheitsgründen wurde Ihr System blockiert Dann sollte sich dein Bekannter mal überlegen, ob für seine Firma ein "richtiger" Support nicht angemessener wäre So schön ein Supportforum auch sein mag, wenn du auf die Kiste nicht mehr raufkommen solltest bist du machtlos
__________________ --> Trojaner: Achtung aus sicherheitsgründen wurde Ihr System blockiert |
|
| Themen zu Trojaner: Achtung aus sicherheitsgründen wurde Ihr System blockiert |
| autorun, bho, blockiert, booten, defender, desktop, error, explorer, firefox, format, google earth, helper, logfile, microsoft, mozilla, object, olympus, plug-in, programm, realtek, registry, scan, software, system, trojaner, wallpaper, winlogon |
Linear-Darstellung
