Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.
Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Trojaner /Dateien sichern/ Bekämpfung
Code:
ATTFilter
All processes killed
========== OTL ==========
Service d1924acf-676b-4d21-8d72-4918d95eb7b6 stopped successfully!
Service d1924acf-676b-4d21-8d72-4918d95eb7b6 deleted successfully!
File D:\Player\cds300.dll not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
Service 70b153df-6d2f-4015-9cc5-001d3206cc2b stopped successfully!
Service 70b153df-6d2f-4015-9cc5-001d3206cc2b deleted successfully!
File D:\Player\cds300.dll not found.
HKU\S-1-5-21-672109106-2816730104-1952358663-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-672109106-2816730104-1952358663-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-672109106-2816730104-1952358663-1005\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-672109106-2816730104-1952358663-1005\Software\Microsoft\Internet Explorer\SearchScopes\{E9DDD5A2-8D43-4CA1-8B45-74EDE7BBFDD4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9DDD5A2-8D43-4CA1-8B45-74EDE7BBFDD4}\ not found.
Registry key HKEY_USERS\S-1-5-21-672109106-2816730104-1952358663-1005\Software\Microsoft\Internet Explorer\SearchScopes\{F3204948-62E4-4439-AC98-4BD938B0DAC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3204948-62E4-4439-AC98-4BD938B0DAC3}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "hxxp://searchya.com/?chnl=tst-215&s=0&cr=1981885887&cd=2XzutAtN2Y1L1QzutDtDtC0C0B0FzztByE0AtDyEtByB0AtAtAtN0D0TzutBtDtCtBtDyEtDyD" removed from browser.startup.homepage
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=62927c4f-337c-4045-86f6-216b8087f175&apn_ptnrs=^AAA&apn_sauid=ECC67F4B-8BC3-4E9E-B183-3B98CE91F350&apn_dtid=^YYYYYY^YY^DE&&q=" removed from keyword.URL
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\ffxtlbr@searchya.com\content\imgs folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\ffxtlbr@searchya.com\content folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\ffxtlbr@searchya.com folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-28-Dec-2011-17-01-46-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-16-Nov-2011-16-28-58-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-14-Sep-2011-17-05-41-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-08-Feb-2012-13-27-42-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-08-Feb-2012-13-26-35-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-08-Nov-2011-13-40-50-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-06-Sep-2011-17-17-47-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-09-Feb-2012-14-18-21-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-29-May-2011-13-26-31-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-30-Jul-2011-16-26-12-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-10-Mar-2012-13-21-12-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-23-Mar-2012-15-42-47-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\extensions\toolbar@ask.com folder moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\searchplugins\askcom.xml moved successfully.
C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\c6ylfy8q.default\searchplugins\searchya.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-672109106-2816730104-1952358663-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-672109106-2816730104-1952358663-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-672109106-2816730104-1952358663-1005\Software\Microsoft\Windows\CurrentVersion\Run\\SkypePM deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4fac8ee-4cd4-11e0-afa7-001b380d620d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4fac8ee-4cd4-11e0-afa7-001b380d620d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4fac8ee-4cd4-11e0-afa7-001b380d620d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4fac8ee-4cd4-11e0-afa7-001b380d620d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4fac8ee-4cd4-11e0-afa7-001b380d620d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4fac8ee-4cd4-11e0-afa7-001b380d620d}\ not found.
File E:\iStudio.exe not found.
C:\user.js moved successfully.
========== FILES ==========
C:\Programme\Ask.com\Updater folder moved successfully.
C:\Programme\Ask.com\assets\oobe folder moved successfully.
C:\Programme\Ask.com\assets folder moved successfully.
C:\Programme\Ask.com folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65670 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33103 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Tobias
->Temp folder emptied: 536426838 bytes
->Temporary Internet Files folder emptied: 12965571 bytes
->Java cache emptied: 35332235 bytes
->FireFox cache emptied: 88741196 bytes
->Flash cache emptied: 7570237 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148906 bytes
%systemroot%\System32 .tmp files removed: 607111 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30773361 bytes
RecycleBin emptied: 4244741683 bytes
Total Files Cleaned = 4.730,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: Tobias
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 04092012_112338
Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_608.dat moved successfully.
Registry entries deleted on Reboot...
Gerade ist mir aufgefallen, als ich in den Ordner der Downloads wollte um die OTL.exe zu starten (Hätte ich auch eigentlich vom Desktop machen können fällt mir grad so ein ) meldet sich Antivir mit der Meldung : Enthält Erkennungsmuster der Adware ADWARE/InstallCore.551304.1 ! :S
Themen zu Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Trojaner /Dateien sichern/ Bekämpfung
Zum Thema Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Trojaner /Dateien sichern/ Bekämpfung - Code:
Alles auswählen Aufklappen ATTFilter
All processes killed
========== OTL ==========
Service d1924acf-676b-4d21-8d72-4918d95eb7b6 stopped successfully!
Service d1924acf-676b-4d21-8d72-4918d95eb7b6 deleted successfully!
File D:\Player\cds300.dll not found.
Service Changer stopped successfully!
Service Changer deleted - Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Trojaner /Dateien sichern/ Bekämpfung...
Alle Zeitangaben in WEZ +1. Es ist jetzt 01:20 Uhr.
09.04.2012, 10:29
Baum-Darstellung