Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner: Achtung aus sicherheitsgründen wurde Ihr System blockiert (https://www.trojaner-board.de/115119-trojaner-achtung-sicherheitsgruenden-wurde-system-blockiert.html)

Chris1303 14.05.2012 14:10
Trojaner: Achtung aus sicherheitsgründen wurde Ihr System blockiert
 
Hallo,

seit heute mittag ist der Rechner blockiert. Nach dem Booten kommt statt dem Desktop eine schwarz rot goldene Einblendung mit der im Betreff genannten Meldung.

Hier der OTL Scan:
Code:
OTL logfile created on: 5/14/2012 2:02:20 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 7.45 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive F: | 596.07 Gb Total Space | 551.92 Gb Free Space | 92.59% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/08/31 15:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/01/28 05:54:04 | 002,790,400 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto] -- F:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2012/05/04 04:01:47 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/12/07 08:50:05 | 002,013,992 | ---- | M] (TeamViewer GmbH) [Auto] -- F:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/05/14 07:28:44 | 000,176,128 | ---- | M] (OLYMPUS IMAGING CORP.) [On_Demand] -- F:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe -- (Olympus DVR Service)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/16 08:48:40 | 000,055,808 | ---- | M] (DATEV eG) [Auto] -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe -- (DATEV ViwasClientService)
SRV - [2009/12/02 21:44:00 | 000,147,040 | ---- | M] (DATEV eG) [Auto] -- F:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2009/09/22 11:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/08/31 15:07:00 | 000,178,920 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
SRV - [2009/08/31 15:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2009/08/31 15:07:00 | 000,019,720 | ---- | M] (McAfee, Inc.) [Auto] -- F:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/23 21:00:00 | 000,077,312 | ---- | M] (DATEV eG) [Auto] -- F:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2008/09/22 03:47:14 | 000,176,128 | ---- | M] (DATEV eG) [Auto] -- F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe -- (Dcmanag)
SRV - [2006/12/14 04:00:00 | 001,372,432 | ---- | M] (Danware Data A/S) [Auto] -- F:\DATEV\PROGRAMM\A0000008\NHOSTSVC.EXE -- (NetOp Host for NT Service) NetOp Helper ver. 9.00 (2006348)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/08/31 15:07:00 | 000,469,144 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- F:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/08/31 15:07:00 | 000,119,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/08/31 15:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2009/08/31 15:07:00 | 000,083,784 | ---- | M] (McAfee, Inc.) [Kernel | System] -- F:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2009/08/31 15:07:00 | 000,077,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:36:03 | 000,899,328 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- F:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE)
DRV:64bit: - [2009/06/10 16:36:02 | 000,079,872 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- F:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/01 18:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/02/02 22:10:26 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- F:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV:64bit: - [2009/01/08 05:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- F:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2008/02/11 10:57:10 | 000,070,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- F:\Windows\System32\drivers\aksdf.sys -- (aksdf)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@datev.de/DATEV_BestellManager,version=1.7: F:\DATEV\PROGRAMM\A0000015\npdvbm.dll ( DATEV eG)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/04 04:01:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/29 02:06:09 | 000,000,000 | ---D | M]
 

[2012/05/04 04:01:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- F:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/14 22:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/06 08:02:17 | 000,001,392 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/06 08:02:17 | 000,002,252 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/06 08:02:17 | 000,001,153 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/06 08:02:17 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/06 08:02:17 | 000,001,178 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/06 08:02:17 | 000,001,105 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] F:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] F:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O12 - Plugin for: .IPC - F:\Program Files (x86)\Internet Explorer\Plugins\npideapl.dll (LINK & LINK Software)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/11 06:38:17 | 001,544,704 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\DWrite.dll
[2012/05/11 06:38:17 | 001,077,248 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\DWrite.dll
[2012/05/11 06:38:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ntoskrnl.exe
[2012/05/11 06:38:12 | 003,968,368 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/11 06:38:12 | 003,913,072 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ntoskrnl.exe
[2012/05/04 04:01:49 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/04 04:01:49 | 000,000,000 | ---D | C] -- F:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/14 06:45:57 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012/05/14 06:45:50 | 000,008,212 | ---- | M] () -- F:\Windows\mfebcdata
[2012/05/14 06:45:02 | 000,001,108 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 06:44:34 | 2414,485,504 | -HS- | M] () -- F:\hiberfil.sys
[2012/05/14 05:53:48 | 000,664,618 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2012/05/14 05:53:48 | 000,624,800 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2012/05/14 05:53:48 | 000,134,786 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2012/05/14 05:53:48 | 000,110,438 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2012/05/14 05:48:40 | 000,014,624 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 05:48:40 | 000,014,624 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 05:01:00 | 000,001,112 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 01:59:41 | 000,416,392 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012/05/14 06:45:50 | 000,008,212 | ---- | C] () -- F:\Windows\mfebcdata
[2011/07/04 02:32:53 | 000,252,928 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2011/06/07 09:13:49 | 000,000,000 | ---- | C] () -- F:\Windows\Dssole.INI
[2011/06/07 09:13:12 | 000,000,628 | ---- | C] () -- F:\Windows\Support.ini
[2010/03/25 06:00:08 | 000,000,000 | ---- | C] () -- F:\Windows\Wkoprog.INI
[2010/01/15 05:31:44 | 000,000,162 | ---- | C] () -- F:\Windows\netop.ini
[2010/01/15 04:36:26 | 000,000,171 | ---- | C] () -- F:\Windows\DEINSTAL.INI
[2010/01/15 04:09:49 | 000,000,236 | ---- | C] () -- F:\Windows\ODBC.INI
[2010/01/15 03:56:36 | 001,526,730 | ---- | C] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/15 03:55:34 | 000,000,021 | ---- | C] () -- F:\Windows\DvInesKurusOleServer003.INI
[2010/01/15 03:55:09 | 000,000,108 | ---- | C] () -- F:\Windows\dvinesinstart001.INI
[2010/01/15 03:55:09 | 000,000,108 | ---- | C] () -- F:\Windows\dvinesinstalllocation001.INI
[2010/01/15 03:55:01 | 000,000,021 | ---- | C] () -- F:\Windows\Startup.INI
[2010/01/08 08:21:43 | 000,000,008 | RHS- | C] () -- F:\ProgramData\ntuser.pol
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
[2003/09/24 06:42:00 | 000,000,093 | ---- | C] () -- F:\Windows\SysWow64\tm.ini
[1999/08/26 09:50:36 | 000,020,480 | ---- | C] () -- F:\Windows\SysWow64\ddma32.dll
[1999/01/19 10:18:30 | 000,110,080 | ---- | C] () -- F:\Windows\SysWow64\LFPNG60N.DLL
[1999/01/19 10:18:30 | 000,046,080 | ---- | C] () -- F:\Windows\SysWow64\LFTIF60N.DLL
[1999/01/19 10:18:30 | 000,043,008 | ---- | C] () -- F:\Windows\SysWow64\LTFIL60N.DLL
[1999/01/19 10:18:30 | 000,020,480 | ---- | C] () -- F:\Windows\SysWow64\LFPSD60N.DLL
[1999/01/19 10:18:30 | 000,019,968 | ---- | C] () -- F:\Windows\SysWow64\LFTGA60N.DLL
[1999/01/19 10:18:30 | 000,019,456 | ---- | C] () -- F:\Windows\SysWow64\LFWPG60N.DLL
[1999/01/19 10:18:30 | 000,019,456 | ---- | C] () -- F:\Windows\SysWow64\LFWMF60N.DLL
[1999/01/19 10:18:28 | 000,176,128 | ---- | C] () -- F:\Windows\SysWow64\LFFAX60N.DLL
[1999/01/19 10:18:28 | 000,141,824 | ---- | C] () -- F:\Windows\SysWow64\LFCMP60N.DLL
[1999/01/19 10:18:28 | 000,023,552 | ---- | C] () -- F:\Windows\SysWow64\LFPCX60N.DLL
[1999/01/19 10:18:28 | 000,022,528 | ---- | C] () -- F:\Windows\SysWow64\LFPCT60N.DLL
[1999/01/19 10:18:28 | 000,022,528 | ---- | C] () -- F:\Windows\SysWow64\LFEPS60N.DLL
[1999/01/19 10:18:28 | 000,022,016 | ---- | C] () -- F:\Windows\SysWow64\LFBMP60N.DLL
[1999/01/19 10:18:28 | 000,018,432 | ---- | C] () -- F:\Windows\SysWow64\LFMSP60N.DLL
[1999/01/19 10:18:28 | 000,017,920 | ---- | C] () -- F:\Windows\SysWow64\LFMAC60N.DLL
[1998/05/07 08:10:16 | 000,069,632 | ---- | C] () -- F:\Windows\SysWow64\ODMA32.DLL
[1995/02/14 19:11:00 | 000,017,920 | ---- | C] () -- F:\Windows\SysWow64\IMPLODE.DLL
 
========== LOP Check ==========
 
[2010/01/08 08:17:36 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2010/01/15 04:13:43 | 000,000,000 | ---D | M] -- F:\ProgramData\DATEV
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/01/08 08:17:36 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2010/01/08 08:17:36 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2010/01/18 03:24:14 | 000,000,000 | ---D | M] -- F:\ProgramData\ISDNWatch
[2011/06/07 09:13:21 | 000,000,000 | ---D | M] -- F:\ProgramData\Olympus
[2010/01/15 12:20:09 | 000,000,000 | ---D | M] -- F:\ProgramData\ProCheckViewer
[2010/01/15 04:05:47 | 000,000,000 | ---D | M] -- F:\ProgramData\SkyCom
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/01/08 08:17:36 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2010/01/08 08:17:36 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2012/05/04 01:50:51 | 000,032,632 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
Es handelt sich um einen Arbeitsplatzrechner in der Firma, den der Chef gestern abend noch genutzt hat.

Bin für jede hilfe dankbar

Chris

cosinus 14.05.2012 14:55
Zitat:
Es handelt sich um einen Arbeitsplatzrechner in der Firma, den der Chef gestern abend noch genutzt hat.
Siehe http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:
Grundsätzlich bereinigen wir keine gewerblich genutzen Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

Chris1303 14.05.2012 15:18
Ja, es handelt sich um eine kleine Firma.
Nein, es sind keine wichtigen oder kundenrelevanten Daten auf dem PC. Es liegt alles auf einem Server.

Die DATEV Daten sind in einer verschlüsselten SQL Datenbank auf einem anderen Rechner und daher vernutlich recht sicher.

Ist nur ein Erfassungssystem, dass aber recht umständlich eingerichtet werden muss.

cosinus 14.05.2012 18:29
Bist du da der Administratotr? Wieso hast du kein Image von diesem Rechner?

Chris1303 15.05.2012 07:04
Ist ein guter Bekannter aus Dortmund, da gibt es keinen eigenen Admin.
Ich sitze knapp 500 km weit entfernt davon (im schönen Harz) und versuche per Fernwartung und Telefonsupport das System wieder her zu stellen. Leider bin ich hier mit meinem Latein an Ende.

cosinus 15.05.2012 09:21
Dann sollte sich dein Bekannter mal überlegen, ob für seine Firma ein "richtiger" Support nicht angemessener wäre
So schön ein Supportforum auch sein mag, wenn du auf die Kiste nicht mehr raufkommen solltest bist du machtlos


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131