Bundespolizei-Virus: mich hat es auch erwischt!

PirateAndy · 07.11.2011, 20:31

So, habe jetzt OLTPE wie in einem anderen thread per boot-cd gestartet. Folgender Output:
Bitte um Hilfe wie es weitergehen könnte!

PirateAndy · 08.11.2011, 10:30

So, hier nochmal zur besseren Ansicht die OTL.txt in den Text eingebaut.

Ich sehe da einen Eintrag unter "Last files/folders created":
[2011/11/06 10:47:11 | 000,186,880 | ---- | C] (Foundstone Inc.) -- C:\Documents and Settings\Administrator\Application Data\mahmud.exe
Dies ist exakt der Zeitpunkt der Infektion.

Wie gehts weiter? Hilfe! Here we go:

Code:

ATTFilter

OTL logfile created on: 11/7/2011 8:04:57 PM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195) - Type = SYSTEM

Internet Explorer (Version = 6.0.2800.1106)

Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

477.00 Mb Total Physical Memory | 294.00 Mb Available Physical Memory | 62.00% Memory free

381.00 Mb Paging File | 298.00 Mb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 27.95 Gb Total Space | 1.79 Gb Free Space | 6.39% Space Free | Partition Type: NTFS

Drive D: | 22.34 Gb Total Space | 0.72 Gb Free Space | 3.23% Space Free | Partition Type: FAT32

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto] --  -- (Schedule)

SRV - File not found [On_Demand] --  -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - File not found [Unavailable] --  -- (IAS)

SRV - [2011/09/27 13:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2010/05/08 06:48:36 | 000,229,376 | ---- | M] () [Auto] -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe -- (DCService.exe)

SRV - [2006/11/06 08:21:10 | 000,210,432 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2003/06/20 05:00:00 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\wbem\winmgmt.exe -- (WinMgmt)

SRV - [2003/06/20 05:00:00 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)

SRV - [2003/06/20 05:00:00 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\faxsvc.exe -- (Fax)

SRV - [2003/06/20 05:00:00 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)

SRV - [2003/06/20 05:00:00 | 000,061,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\stisvc.exe -- (StiSvc)

SRV - [2003/06/20 05:00:00 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\utilman.exe -- (UtilMan)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | System] --  -- (tga)

DRV - File not found [Kernel | Auto] --  -- (SSPORT)

DRV - File not found [Kernel | System] --  -- (sglfb)

DRV - File not found [Kernel | System] --  -- (PCIDump)

DRV - File not found [Kernel | System] --  -- (lbrtfdc)

DRV - File not found [Kernel | System] --  -- (Changer)

DRV - [2010/04/09 09:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2010/03/25 04:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2010/03/20 05:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2010/03/20 04:28:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2009/06/08 21:18:24 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- C:\WINNT\system32\drivers\DGIVECP.SYS -- (DgiVecp)

DRV - [2007/04/13 04:54:56 | 000,017,792 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2007/04/13 04:54:55 | 000,317,952 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2007/04/13 04:54:46 | 000,032,768 | R--- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\sisnic2k.sys -- (SISNIC2K)

DRV - [2007/01/25 12:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\npf.sys -- (NPF)

DRV - [2006/10/10 02:54:34 | 000,138,240 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)

DRV - [2006/10/10 02:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)

DRV - [2006/10/10 02:54:32 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)

DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINNT\System32\drivers\cdr4_2K.sys -- (Cdr4_2K)

DRV - [2006/07/29 06:11:23 | 000,030,601 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINNT\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2004/07/08 19:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)

DRV - [2003/06/20 05:00:00 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)

DRV - [2003/06/20 05:00:00 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot] -- C:\WINNT\system32\drivers\dmio.sys -- (dmio)

DRV - [2003/06/20 05:00:00 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)

DRV - [2003/06/20 05:00:00 | 000,037,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\nmnt.sys -- (nm)

DRV - [2003/06/20 05:00:00 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINNT\System32\drivers\efs.sys -- (EFS)

DRV - [2003/06/20 05:00:00 | 000,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci)

DRV - [2003/06/20 05:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)

DRV - [2003/06/20 05:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)

DRV - [2003/06/20 05:00:00 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf)

DRV - [2003/06/20 05:00:00 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot] -- C:\WINNT\system32\drivers\dmload.sys -- (dmload)

DRV - [2003/06/19 07:05:04 | 000,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)

DRV - [1999/09/24 14:17:18 | 000,018,704 | ---- | M] (Realtek Semiconductor Corporation                                                ) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\RTL8139.sys -- (rtl8139)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.smeet.com/

IE - HKU\Administrator_ON_C\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\D201GLY1_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKU\D201GLY1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 07:21:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/30 07:21:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/09/30 08:07:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2010/09/15 03:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/09/15 03:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011/11/03 14:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\18volkcb.reparatur2\extensions

[2011/05/10 02:56:35 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\18volkcb.reparatur2\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

[2010/09/15 03:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9uofj95t.reparatur\extensions

[2011/11/03 14:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/01/03 11:44:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011/06/13 15:56:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/05/03 21:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/03/17 14:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2010/08/24 19:44:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010/08/24 19:44:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010/08/24 19:44:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010/08/24 19:44:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010/08/24 19:44:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2003/06/20 05:00:00 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINNT\Samsung\PanelMgr\SSMMgr.exe ()

O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [SiSPower] C:\WINNT\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\D201GLY1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\D201GLY1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()

O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\rnr20.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} file://C:\TempEI4\EI40_\msxml4.cab (XML DOM Document 4.0)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()

O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Administrator\Application Data\mahmud.exe) - C:\Documents and Settings\Administrator\Application Data\mahmud.exe (Foundstone Inc.)

O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/09/14 15:16:39 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/11/06 13:18:53 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT

[2011/11/06 13:18:35 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/11/06 10:47:11 | 000,186,880 | ---- | C] (Foundstone Inc.) -- C:\Documents and Settings\Administrator\Application Data\mahmud.exe

[2011/11/03 11:11:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Phone Browser

[2011/11/03 11:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2011/11/03 11:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nokia

[2011/11/03 11:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX

[2011/11/03 11:08:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia PC Suite

[2011/11/03 11:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite

[2011/11/03 11:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia

[2011/11/03 11:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Suite

[2011/11/03 11:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution

[2011/11/03 11:08:20 | 000,012,800 | ---- | C] (Nokia) -- C:\WINNT\System32\drivers\nmwcdcm.sys

[2011/11/03 11:08:19 | 000,009,216 | ---- | C] (Nokia) -- C:\WINNT\System32\drivers\nmwcdc.sys

[2011/11/03 11:08:18 | 000,138,240 | ---- | C] (Nokia) -- C:\WINNT\System32\drivers\nmwcd.sys

[2011/11/03 11:08:18 | 000,050,688 | ---- | C] (Nokia) -- C:\WINNT\System32\nmwcdcls.dll

[2011/11/03 11:08:18 | 000,030,720 | ---- | C] (Nokia) -- C:\WINNT\System32\nmwcdcocls.dll

[2011/11/03 11:08:18 | 000,004,608 | ---- | C] (Nokia) -- C:\WINNT\System32\nmwcdlog.dll

[2011/11/03 11:08:18 | 000,000,000 | ---D | C] -- C:\WINNT\System32\DRVSTORE

[2011/11/03 11:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia

[2011/11/03 10:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations

[2011/10/26 07:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop

[2011/10/21 14:01:16 | 000,000,000 | -H-D | C] -- C:\WINNT\PIF

[2011/10/20 11:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites\Desktop\Linus

[2011/10/18 04:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Search Settings

[2011/10/18 04:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar

[2011/10/18 04:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater

[2011/10/09 08:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites\Desktop\Armbrust bau

[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/11/06 10:47:11 | 000,186,880 | ---- | M] (Foundstone Inc.) -- C:\Documents and Settings\Administrator\Application Data\mahmud.exe

[2011/11/06 10:45:49 | 000,000,143 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Rack.properties

[2011/11/06 08:20:59 | 000,201,766 | R--- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Bericht FASC 2011.pdf

[2011/11/06 08:04:10 | 000,002,212 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Skype.lnk

[2011/11/06 05:00:40 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Login.properties

[2011/11/06 05:00:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Farmipreis.properties

[2011/11/03 11:08:39 | 000,001,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk

[2011/11/03 11:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia PC Suite

[2011/10/29 11:01:48 | 000,001,481 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/10/29 07:25:49 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2bc.dat

[2011/10/22 10:13:58 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2c8.dat

[2011/10/21 16:43:36 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Quest.properties

[2011/10/20 11:42:44 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel

[2011/10/20 11:21:38 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns

[2011/10/20 11:21:38 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns

[2011/10/17 15:28:34 | 000,056,946 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\AKW-Linden.jpg

[2011/10/17 07:06:01 | 000,631,480 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Tür.jpg

[2011/10/11 10:58:43 | 000,058,445 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Bewerbung_Andreas_2.odt

[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/11/06 08:38:03 | 000,201,766 | R--- | C] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Bericht FASC 2011.pdf

[2011/11/03 11:08:39 | 000,001,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk

[2011/10/29 07:25:49 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2bc.dat

[2011/10/22 10:13:58 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c8.dat

[2011/10/20 15:13:18 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Quest.properties

[2011/10/20 11:42:44 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel

[2011/10/17 15:28:34 | 000,056,946 | ---- | C] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\AKW-Linden.jpg

[2011/10/17 12:13:08 | 001,494,497 | ---- | C] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\DSC04855.JPG

[2011/10/17 07:05:54 | 000,631,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Tür.jpg

[2011/10/11 10:58:39 | 000,058,445 | ---- | C] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Bewerbung_Andreas_2.odt

[2011/05/05 14:02:56 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_30c.dat

[2011/05/01 10:08:10 | 000,005,082 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojobkspa.ako

[2011/04/27 05:05:12 | 000,000,000 | ---- | C] () -- C:\WINNT\cdplayer.ini

[2011/04/26 02:59:11 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2e0.dat

[2011/02/19 12:16:56 | 000,000,024 | ---- | C] () -- C:\WINNT\magix.ini

[2011/02/19 12:16:55 | 000,001,104 | ---- | C] () -- C:\WINNT\mgxoschk.ini

[2011/01/09 04:25:14 | 000,015,748 | -H-- | C] () -- C:\WINNT\System32\mlfcache.dat

[2011/01/03 10:11:12 | 000,000,754 | ---- | C] () -- C:\WINNT\WORDPAD.INI

[2011/01/02 08:54:02 | 000,000,028 | ---- | C] () -- C:\WINNT\tsitra922.exe

[2011/01/01 06:52:13 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_288.dat

[2010/11/21 14:48:30 | 000,000,046 | ---- | C] () -- C:\WINNT\System32\DonationCoder_urlsnooper_InstallInfo.dat

[2010/10/31 10:00:22 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2010/10/30 07:28:04 | 000,000,159 | ---- | C] () -- C:\WINNT\TSDataEx.ini

[2010/10/13 11:55:32 | 000,000,109 | ---- | C] () -- C:\WINNT\GMouse.ini

[2010/10/12 14:18:13 | 001,970,176 | ---- | C] () -- C:\WINNT\System32\d3dx9.dll

[2010/09/29 09:35:33 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/22 13:38:52 | 000,116,224 | ---- | C] () -- C:\WINNT\System32\pdfcmnnt.dll

[2010/09/20 11:01:22 | 000,479,232 | ---- | C] () -- C:\WINNT\ssndii.exe

[2010/09/20 11:01:08 | 000,022,723 | ---- | C] () -- C:\WINNT\System32\ssp2ml3.dll

[2010/09/16 13:37:54 | 000,000,585 | ---- | C] () -- C:\WINNT\videoimp.ini

[2010/09/16 13:37:44 | 000,000,021 | ---- | C] () -- C:\WINNT\VI_setup.ini

[2010/09/16 12:58:08 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll

[2010/09/16 09:12:54 | 000,000,029 | ---- | C] () -- C:\WINNT\DEBUGSM.INI

[2010/09/16 06:20:55 | 000,096,768 | ---- | C] () -- C:\WINNT\SlantAdj.dll

[2010/09/16 06:20:55 | 000,003,136 | ---- | C] () -- C:\WINNT\Ade001.bin

[2010/09/16 06:20:55 | 000,001,571 | ---- | C] () -- C:\WINNT\Faxcpp1.ini

[2010/09/16 06:20:55 | 000,000,422 | ---- | C] () -- C:\WINNT\Faxcpp.ini

[2010/09/16 06:20:55 | 000,000,072 | ---- | C] () -- C:\WINNT\System32\epDPE.ini

[2010/09/15 02:35:19 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat

[2010/09/15 01:52:37 | 000,014,878 | ---- | C] () -- C:\WINNT\System32\VGAunistlog.ini

[2010/09/15 01:52:36 | 000,092,202 | R--- | C] () -- C:\WINNT\VGAsetup.ini

[2010/09/15 01:52:34 | 000,049,152 | R--- | C] () -- C:\WINNT\InstFunc.exe

[2010/09/15 01:52:28 | 000,065,536 | R--- | C] () -- C:\WINNT\System32\sis760.bin

[2010/09/15 01:52:28 | 000,065,536 | R--- | C] () -- C:\WINNT\System32\sis741.bin

[2010/09/15 01:52:28 | 000,049,152 | R--- | C] () -- C:\WINNT\System32\sis660.bin

[2010/09/14 18:01:48 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI

[2010/09/14 18:01:19 | 000,100,640 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT

[2010/09/14 15:16:06 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt

[2010/09/14 15:15:29 | 000,015,012 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat

[2009/06/07 06:27:20 | 000,073,728 | ---- | C] () -- C:\WINNT\System32\vbzlib1.dll

[2009/03/11 18:02:49 | 000,001,168 | ---- | C] () -- C:\WINNT\System32\ASPRTMM0.DLL

[2007/01/25 12:31:36 | 000,053,299 | ---- | C] () -- C:\WINNT\System32\pthreadVC.dll

[2005/12/07 05:31:00 | 000,202,752 | R--- | C] () -- C:\WINNT\System32\CddbCdda.dll

[2005/11/06 18:01:19 | 000,121,562 | ---- | C] () -- C:\WINNT\System32\PicFormat32.dll

[2004/11/22 06:48:08 | 000,040,960 | ---- | C] () -- C:\WINNT\98Setup.exe

[2003/07/12 22:40:28 | 000,217,088 | ---- | C] () -- C:\WINNT\System32\SAWZipNG.dll

[2003/06/20 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat

[2003/06/20 05:00:00 | 000,300,378 | ---- | C] () -- C:\WINNT\System32\perfh009.dat

[2003/06/20 05:00:00 | 000,272,492 | ---- | C] () -- C:\WINNT\System32\perfi009.dat

[2003/06/20 05:00:00 | 000,217,359 | ---- | C] () -- C:\WINNT\System32\dssec.dat

[2003/06/20 05:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll

[2003/06/20 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin

[2003/06/20 05:00:00 | 000,038,036 | ---- | C] () -- C:\WINNT\System32\perfc009.dat

[2003/06/20 05:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll

[2003/06/20 05:00:00 | 000,028,270 | ---- | C] () -- C:\WINNT\System32\perfd009.dat

[2003/06/20 05:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini

[2003/06/20 05:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini

[2003/06/20 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat

[2003/06/20 05:00:00 | 000,000,105 | ---- | C] () -- C:\WINNT\System32\Oeminfo.ini

[2003/06/20 05:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini

[2002/03/13 00:46:00 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\zlib.dll

[1999/09/25 05:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys

[1999/09/25 05:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys

 

========== LOP Check ==========

 

[2011/03/16 11:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft

[2011/11/06 09:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla

[2010/11/18 16:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software

[2011/04/29 07:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\fretsonfire

[2011/10/20 11:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0

[2010/10/28 12:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn

[2010/10/31 12:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mkvtoolnix

[2011/05/01 10:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MOVAVI

[2011/11/03 11:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia

[2011/01/03 11:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org

[2010/11/20 10:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera

[2011/11/03 11:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite

[2010/09/23 11:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pdfforge

[2011/10/18 04:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Search Settings

[2011/06/18 10:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\streamripper

[2010/09/15 04:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird

[2011/11/05 06:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent

[2011/02/18 15:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService

[2011/11/03 10:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2011/11/03 11:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

 

========== Purity Check ==========

 

 

< End of report >

Bundespolizei-Virus: mich hat es auch erwischt!

Log-Analyse und Auswertung: Bundespolizei-Virus: mich hat es auch erwischt!

Bundespolizei-Virus: mich hat es auch erwischt!

Bundespolizei-Virus: mich hat es auch erwischt!

Ähnliche Themen: Bundespolizei-Virus: mich hat es auch erwischt!

07.11.2011, 20:31	#1
PirateAndy	Bundespolizei-Virus: mich hat es auch erwischt! So, habe jetzt OLTPE wie in einem anderen thread per boot-cd gestartet. Folgender Output: Bitte um Hilfe wie es weitergehen könnte!