Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundespolizei-Virus: mich hat es auch erwischt! (https://www.trojaner-board.de/104858-bundespolizei-virus-mich-hat-erwischt.html)

PirateAndy 06.11.2011 20:27
Bundespolizei-Virus: mich hat es auch erwischt!
 
Hallo liebe Helfer,

mich hat's heute auch erwischt, Habe hier schon einiges über obigen Virus gelesen, komme aber nicht selber weiter. Wie bei allen anderen Hilfesuchenden auch, erscheint diese 100Euro-Bundespolizei-Meldung auf meiner Win2K-Partition (welche ich hauptschächlich nutze) nach dem Start.
Mein System: Win2000 SP4 auf einer Partition und Ubuntu 10.04 TS auf der anderen, mit letzterer arbeite ich nur im Notfall, wie zur Zeit.
Wie bekomme ich nun mein Windows mit all den Daten und Apps wieder zum Laufen? Auch vor Kleinarbeit scheue ich mich nicht zurück, Leider läuft ComboFix nicht mehr unter Win2000, deshalb hilft mir ein älterer Thread nicht mehr weiter.
Danke für eine mögliche Hilfe! Ich warte dann mal geduldig ab...
P.A.

PirateAndy 07.11.2011 20:31
So, habe jetzt OLTPE wie in einem anderen thread per boot-cd gestartet. Folgender Output:
Bitte um Hilfe wie es weitergehen könnte!

PirateAndy 08.11.2011 10:30
So, hier nochmal zur besseren Ansicht die OTL.txt in den Text eingebaut.

Ich sehe da einen Eintrag unter "Last files/folders created":
[2011/11/06 10:47:11 | 000,186,880 | ---- | C] (Foundstone Inc.) -- C:\Documents and Settings\Administrator\Application Data\mahmud.exe
Dies ist exakt der Zeitpunkt der Infektion.


Wie gehts weiter? Hilfe! Here we go:

Code:
OTL logfile created on: 11/7/2011 8:04:57 PM - Run

OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE

Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195) - Type = SYSTEM

Internet Explorer (Version = 6.0.2800.1106)

Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

477.00 Mb Total Physical Memory | 294.00 Mb Available Physical Memory | 62.00% Memory free

381.00 Mb Paging File | 298.00 Mb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 27.95 Gb Total Space | 1.79 Gb Free Space | 6.39% Space Free | Partition Type: NTFS

Drive D: | 22.34 Gb Total Space | 0.72 Gb Free Space | 3.23% Space Free | Partition Type: FAT32

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto] --  -- (Schedule)

SRV - File not found [On_Demand] --  -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - File not found [Unavailable] --  -- (IAS)

SRV - [2011/09/27 13:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2010/05/08 06:48:36 | 000,229,376 | ---- | M] () [Auto] -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe -- (DCService.exe)

SRV - [2006/11/06 08:21:10 | 000,210,432 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2003/06/20 05:00:00 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\wbem\winmgmt.exe -- (WinMgmt)

SRV - [2003/06/20 05:00:00 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)

SRV - [2003/06/20 05:00:00 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\faxsvc.exe -- (Fax)

SRV - [2003/06/20 05:00:00 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)

SRV - [2003/06/20 05:00:00 | 000,061,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\stisvc.exe -- (StiSvc)

SRV - [2003/06/20 05:00:00 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\utilman.exe -- (UtilMan)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | System] --  -- (tga)

DRV - File not found [Kernel | Auto] --  -- (SSPORT)

DRV - File not found [Kernel | System] --  -- (sglfb)

DRV - File not found [Kernel | System] --  -- (PCIDump)

DRV - File not found [Kernel | System] --  -- (lbrtfdc)

DRV - File not found [Kernel | System] --  -- (Changer)

DRV - [2010/04/09 09:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2010/03/25 04:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2010/03/20 05:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2010/03/20 04:28:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2009/06/08 21:18:24 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- C:\WINNT\system32\drivers\DGIVECP.SYS -- (DgiVecp)

DRV - [2007/04/13 04:54:56 | 000,017,792 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2007/04/13 04:54:55 | 000,317,952 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2007/04/13 04:54:46 | 000,032,768 | R--- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\sisnic2k.sys -- (SISNIC2K)

DRV - [2007/01/25 12:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\npf.sys -- (NPF)

DRV - [2006/10/10 02:54:34 | 000,138,240 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)

DRV - [2006/10/10 02:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)

DRV - [2006/10/10 02:54:32 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)

DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINNT\System32\drivers\cdr4_2K.sys -- (Cdr4_2K)

DRV - [2006/07/29 06:11:23 | 000,030,601 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINNT\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2004/07/08 19:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)

DRV - [2003/06/20 05:00:00 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)

DRV - [2003/06/20 05:00:00 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot] -- C:\WINNT\system32\drivers\dmio.sys -- (dmio)

DRV - [2003/06/20 05:00:00 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)

DRV - [2003/06/20 05:00:00 | 000,037,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\nmnt.sys -- (nm)

DRV - [2003/06/20 05:00:00 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINNT\System32\drivers\efs.sys -- (EFS)

DRV - [2003/06/20 05:00:00 | 000,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci)

DRV - [2003/06/20 05:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)

DRV - [2003/06/20 05:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)

DRV - [2003/06/20 05:00:00 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf)

DRV - [2003/06/20 05:00:00 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot] -- C:\WINNT\system32\drivers\dmload.sys -- (dmload)

DRV - [2003/06/19 07:05:04 | 000,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)

DRV - [1999/09/24 14:17:18 | 000,018,704 | ---- | M] (Realtek Semiconductor Corporation                                                ) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\RTL8139.sys -- (rtl8139)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.smeet.com/

IE - HKU\Administrator_ON_C\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\D201GLY1_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKU\D201GLY1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 07:21:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/30 07:21:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/09/30 08:07:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2010/09/15 03:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/09/15 03:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011/11/03 14:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\18volkcb.reparatur2\extensions

[2011/05/10 02:56:35 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\18volkcb.reparatur2\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

[2010/09/15 03:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9uofj95t.reparatur\extensions

[2011/11/03 14:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/01/03 11:44:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011/06/13 15:56:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/05/03 21:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/03/17 14:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2010/08/24 19:44:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010/08/24 19:44:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010/08/24 19:44:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010/08/24 19:44:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010/08/24 19:44:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2003/06/20 05:00:00 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1      localhost

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINNT\Samsung\PanelMgr\SSMMgr.exe ()

O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [SiSPower] C:\WINNT\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\D201GLY1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\D201GLY1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()

O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\rnr20.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} file://C:\TempEI4\EI40_\msxml4.cab (XML DOM Document 4.0)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()

O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Administrator\Application Data\mahmud.exe) - C:\Documents and Settings\Administrator\Application Data\mahmud.exe (Foundstone Inc.)

O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/09/14 15:16:39 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/11/06 13:18:53 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT

[2011/11/06 13:18:35 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/11/06 10:47:11 | 000,186,880 | ---- | C] (Foundstone Inc.) -- C:\Documents and Settings\Administrator\Application Data\mahmud.exe

[2011/11/03 11:11:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Phone Browser

[2011/11/03 11:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2011/11/03 11:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nokia

[2011/11/03 11:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX

[2011/11/03 11:08:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia PC Suite

[2011/11/03 11:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite

[2011/11/03 11:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia

[2011/11/03 11:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Suite

[2011/11/03 11:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution

[2011/11/03 11:08:20 | 000,012,800 | ---- | C] (Nokia) -- C:\WINNT\System32\drivers\nmwcdcm.sys

[2011/11/03 11:08:19 | 000,009,216 | ---- | C] (Nokia) -- C:\WINNT\System32\drivers\nmwcdc.sys

[2011/11/03 11:08:18 | 000,138,240 | ---- | C] (Nokia) -- C:\WINNT\System32\drivers\nmwcd.sys

[2011/11/03 11:08:18 | 000,050,688 | ---- | C] (Nokia) -- C:\WINNT\System32\nmwcdcls.dll

[2011/11/03 11:08:18 | 000,030,720 | ---- | C] (Nokia) -- C:\WINNT\System32\nmwcdcocls.dll

[2011/11/03 11:08:18 | 000,004,608 | ---- | C] (Nokia) -- C:\WINNT\System32\nmwcdlog.dll

[2011/11/03 11:08:18 | 000,000,000 | ---D | C] -- C:\WINNT\System32\DRVSTORE

[2011/11/03 11:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia

[2011/11/03 10:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations

[2011/10/26 07:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop

[2011/10/21 14:01:16 | 000,000,000 | -H-D | C] -- C:\WINNT\PIF

[2011/10/20 11:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites\Desktop\Linus

[2011/10/18 04:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Search Settings

[2011/10/18 04:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar

[2011/10/18 04:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater

[2011/10/09 08:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites\Desktop\Armbrust bau

[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/11/06 10:47:11 | 000,186,880 | ---- | M] (Foundstone Inc.) -- C:\Documents and Settings\Administrator\Application Data\mahmud.exe

[2011/11/06 10:45:49 | 000,000,143 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Rack.properties

[2011/11/06 08:20:59 | 000,201,766 | R--- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Bericht FASC 2011.pdf

[2011/11/06 08:04:10 | 000,002,212 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Skype.lnk

[2011/11/06 05:00:40 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Login.properties

[2011/11/06 05:00:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Farmipreis.properties

[2011/11/03 11:08:39 | 000,001,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk

[2011/11/03 11:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia PC Suite

[2011/10/29 11:01:48 | 000,001,481 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/10/29 07:25:49 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2bc.dat

[2011/10/22 10:13:58 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2c8.dat

[2011/10/21 16:43:36 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Quest.properties

[2011/10/20 11:42:44 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel

[2011/10/20 11:21:38 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns

[2011/10/20 11:21:38 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns

[2011/10/17 15:28:34 | 000,056,946 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\AKW-Linden.jpg

[2011/10/17 07:06:01 | 000,631,480 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Tür.jpg

[2011/10/11 10:58:43 | 000,058,445 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Bewerbung_Andreas_2.odt

[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/11/06 08:38:03 | 000,201,766 | R--- | C] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Bericht FASC 2011.pdf

[2011/11/03 11:08:39 | 000,001,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk

[2011/10/29 07:25:49 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2bc.dat

[2011/10/22 10:13:58 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c8.dat

[2011/10/20 15:13:18 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Quest.properties

[2011/10/20 11:42:44 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel

[2011/10/17 15:28:34 | 000,056,946 | ---- | C] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\AKW-Linden.jpg

[2011/10/17 12:13:08 | 001,494,497 | ---- | C] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\DSC04855.JPG

[2011/10/17 07:05:54 | 000,631,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Tür.jpg

[2011/10/11 10:58:39 | 000,058,445 | ---- | C] () -- C:\Documents and Settings\Administrator\Favorites\Desktop\Bewerbung_Andreas_2.odt

[2011/05/05 14:02:56 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_30c.dat

[2011/05/01 10:08:10 | 000,005,082 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojobkspa.ako

[2011/04/27 05:05:12 | 000,000,000 | ---- | C] () -- C:\WINNT\cdplayer.ini

[2011/04/26 02:59:11 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2e0.dat

[2011/02/19 12:16:56 | 000,000,024 | ---- | C] () -- C:\WINNT\magix.ini

[2011/02/19 12:16:55 | 000,001,104 | ---- | C] () -- C:\WINNT\mgxoschk.ini

[2011/01/09 04:25:14 | 000,015,748 | -H-- | C] () -- C:\WINNT\System32\mlfcache.dat

[2011/01/03 10:11:12 | 000,000,754 | ---- | C] () -- C:\WINNT\WORDPAD.INI

[2011/01/02 08:54:02 | 000,000,028 | ---- | C] () -- C:\WINNT\tsitra922.exe

[2011/01/01 06:52:13 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_288.dat

[2010/11/21 14:48:30 | 000,000,046 | ---- | C] () -- C:\WINNT\System32\DonationCoder_urlsnooper_InstallInfo.dat

[2010/10/31 10:00:22 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2010/10/30 07:28:04 | 000,000,159 | ---- | C] () -- C:\WINNT\TSDataEx.ini

[2010/10/13 11:55:32 | 000,000,109 | ---- | C] () -- C:\WINNT\GMouse.ini

[2010/10/12 14:18:13 | 001,970,176 | ---- | C] () -- C:\WINNT\System32\d3dx9.dll

[2010/09/29 09:35:33 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/22 13:38:52 | 000,116,224 | ---- | C] () -- C:\WINNT\System32\pdfcmnnt.dll

[2010/09/20 11:01:22 | 000,479,232 | ---- | C] () -- C:\WINNT\ssndii.exe

[2010/09/20 11:01:08 | 000,022,723 | ---- | C] () -- C:\WINNT\System32\ssp2ml3.dll

[2010/09/16 13:37:54 | 000,000,585 | ---- | C] () -- C:\WINNT\videoimp.ini

[2010/09/16 13:37:44 | 000,000,021 | ---- | C] () -- C:\WINNT\VI_setup.ini

[2010/09/16 12:58:08 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll

[2010/09/16 09:12:54 | 000,000,029 | ---- | C] () -- C:\WINNT\DEBUGSM.INI

[2010/09/16 06:20:55 | 000,096,768 | ---- | C] () -- C:\WINNT\SlantAdj.dll

[2010/09/16 06:20:55 | 000,003,136 | ---- | C] () -- C:\WINNT\Ade001.bin

[2010/09/16 06:20:55 | 000,001,571 | ---- | C] () -- C:\WINNT\Faxcpp1.ini

[2010/09/16 06:20:55 | 000,000,422 | ---- | C] () -- C:\WINNT\Faxcpp.ini

[2010/09/16 06:20:55 | 000,000,072 | ---- | C] () -- C:\WINNT\System32\epDPE.ini

[2010/09/15 02:35:19 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat

[2010/09/15 01:52:37 | 000,014,878 | ---- | C] () -- C:\WINNT\System32\VGAunistlog.ini

[2010/09/15 01:52:36 | 000,092,202 | R--- | C] () -- C:\WINNT\VGAsetup.ini

[2010/09/15 01:52:34 | 000,049,152 | R--- | C] () -- C:\WINNT\InstFunc.exe

[2010/09/15 01:52:28 | 000,065,536 | R--- | C] () -- C:\WINNT\System32\sis760.bin

[2010/09/15 01:52:28 | 000,065,536 | R--- | C] () -- C:\WINNT\System32\sis741.bin

[2010/09/15 01:52:28 | 000,049,152 | R--- | C] () -- C:\WINNT\System32\sis660.bin

[2010/09/14 18:01:48 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI

[2010/09/14 18:01:19 | 000,100,640 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT

[2010/09/14 15:16:06 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt

[2010/09/14 15:15:29 | 000,015,012 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat

[2009/06/07 06:27:20 | 000,073,728 | ---- | C] () -- C:\WINNT\System32\vbzlib1.dll

[2009/03/11 18:02:49 | 000,001,168 | ---- | C] () -- C:\WINNT\System32\ASPRTMM0.DLL

[2007/01/25 12:31:36 | 000,053,299 | ---- | C] () -- C:\WINNT\System32\pthreadVC.dll

[2005/12/07 05:31:00 | 000,202,752 | R--- | C] () -- C:\WINNT\System32\CddbCdda.dll

[2005/11/06 18:01:19 | 000,121,562 | ---- | C] () -- C:\WINNT\System32\PicFormat32.dll

[2004/11/22 06:48:08 | 000,040,960 | ---- | C] () -- C:\WINNT\98Setup.exe

[2003/07/12 22:40:28 | 000,217,088 | ---- | C] () -- C:\WINNT\System32\SAWZipNG.dll

[2003/06/20 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat

[2003/06/20 05:00:00 | 000,300,378 | ---- | C] () -- C:\WINNT\System32\perfh009.dat

[2003/06/20 05:00:00 | 000,272,492 | ---- | C] () -- C:\WINNT\System32\perfi009.dat

[2003/06/20 05:00:00 | 000,217,359 | ---- | C] () -- C:\WINNT\System32\dssec.dat

[2003/06/20 05:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll

[2003/06/20 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin

[2003/06/20 05:00:00 | 000,038,036 | ---- | C] () -- C:\WINNT\System32\perfc009.dat

[2003/06/20 05:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll

[2003/06/20 05:00:00 | 000,028,270 | ---- | C] () -- C:\WINNT\System32\perfd009.dat

[2003/06/20 05:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini

[2003/06/20 05:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini

[2003/06/20 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat

[2003/06/20 05:00:00 | 000,000,105 | ---- | C] () -- C:\WINNT\System32\Oeminfo.ini

[2003/06/20 05:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini

[2002/03/13 00:46:00 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\zlib.dll

[1999/09/25 05:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys

[1999/09/25 05:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys

 

========== LOP Check ==========

 

[2011/03/16 11:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft

[2011/11/06 09:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla

[2010/11/18 16:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software

[2011/04/29 07:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\fretsonfire

[2011/10/20 11:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0

[2010/10/28 12:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn

[2010/10/31 12:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mkvtoolnix

[2011/05/01 10:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MOVAVI

[2011/11/03 11:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia

[2011/01/03 11:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org

[2010/11/20 10:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera

[2011/11/03 11:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite

[2010/09/23 11:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pdfforge

[2011/10/18 04:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Search Settings

[2011/06/18 10:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\streamripper

[2010/09/15 04:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird

[2011/11/05 06:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent

[2011/02/18 15:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService

[2011/11/03 10:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2011/11/03 11:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

 

========== Purity Check ==========

 

 

< End of report >

markusg 08.11.2011 12:17
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Administrator\Application Data\mahmud.exe) - C:\Documents and Settings\Administrator\Application
Data\mahmud.exe (Foundstone Inc.)
:Files
C:\Documents and Settings\Administrator\Application
Data\mahmud.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

PirateAndy 08.11.2011 12:52
Ok, danke für die prima Antwort.
Bevor ich diese gelesen habe, hab ich den Fix schon ne halbe Stunde früher gemacht, so wie du es in einem weiteren thread beschrieben hattest. Läuft soweit wieder :-). Dann habe ich noch einen MalwareByte's scan gemacht.
Zunächst der OTL-Log und dann der Malware-Log:

Code:
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Administrator\Application Data\mahmud.exe deleted successfully.
C:\Documents and Settings\Administrator\Application Data\mahmud.exe moved successfully.
File C:\Documents and Settings\Administrator\Application Data\mahmud.exe not found.
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 11082011_115352
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8112

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

08.11.2011 12:20:58
mbam-log-2011-11-08 (12-20-58).txt

Scan type: Quick scan
Objects scanned: 129169
Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\administrator\local settings\Temp\xrmwsneoca.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\nsxamrweoc.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

markusg 08.11.2011 13:09
bitte mal folgendes:
öffne arbeitsplatz, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

PirateAndy 08.11.2011 14:14
ok, der Bösewicht ist hochgeladen!

markusg 08.11.2011 15:43
kannst du mal malwarebytes updaten und nen komplett scan machen bitte?

PirateAndy 08.11.2011 17:11
So, hier ein aktueller Scan mit MalewareByte's über alle Partitionen incl. USB-Stick. Hat leider noch 4 Dinge gefunden, wobei 2 "automatisch" in Quarantäne verschoben wurden. Bei den 2 restlichen wuste ich nicht, ob ich einen Haken machen soll. Here we go:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8114

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

08.11.2011 16:57:49
mbam-log-2011-11-08 (16-57-49).txt

Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 210897
Time elapsed: 47 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\administrator\application data\Sun\Java\deployment\cache\6.0\6\7a8f5006-765fe971 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\favorites\Desktop\usb_multiboot2\u_content\wintools\othertools\iehv.exe (PUP.HistoryTool) -> Not selected for removal.
c:\documents and settings\administrator\favorites\Desktop\usb_multiboot2\u_content\wintools\othertools\ProduKey.exe (PUP.PSWTool.ProductKey) -> Not selected for removal.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll.5 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

markusg 08.11.2011 17:15
ok sieht gut aus.
die fehlalarme hast ja richtig erkannt und nicht angehakt.

lade den CCleaner standard:
CCleaner Download - CCleaner 3.12.1572
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

PirateAndy 08.11.2011 18:05
na dann, hier mal die Liste. Wo das ganze Windows-Gedöns (automatische updates?) herkommt, weiß ich auch nicht:

Code:
Adobe Acrobat 4.0                notwendig? der FoxitRead geht ja auch       
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        10.1.102.64                notwendig
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        10.2.159.1                notwendig
Adobe Reader 9.3.4 - Deutsch        Adobe Systems Incorporated        9.3.4                notwendig?
Adobe Shockwave Player 11.5        Adobe Systems, Inc.        11.5.9.620                notwendig
Apple Software Update        Apple Computer, Inc.        1.1.0.3                        unnötig
ArcSoft VideoImpression 1.6                unnötig       
aTube Catcher        DsNET Corp        2.3.570        unnötig
Audacity 1.2.6        notwendig       
CCleaner        Piriform        3.12        notwendig
Cheat Engine 5.6.1        Dark Byte        unbekannt
DVD Shrink 3.2        DVD Shrink                notwendig
EPSON Photo Print                notwendig
EPSON Smart Panel                notwendig       
EPSON TWAIN 5                notwendig       
Feurio! CD-Writer                unnötig
FileZilla Client 3.3.4.1                3.3.4.1        notwendig
FM Screen Capture Codec (Remove Only)                unnötig       
Foxit Reader        Foxit Corporation        4.3.0.1110        notwendig
Frets On Fire                1.3.110-win32                unnötig
GIMP 2.6.6                notwendig
Hotfix for MDAC 2.53 (KB927779)        Microsoft Corporation        1        unbekannt
ImgBurn        LIGHTNING UK!        2.5.2.0                notwendig
IrfanView (remove only)        Irfan Skiljan        4.27                notwendig
Java(TM) 6 Update 26        Sun Microsystems, Inc.        6.0.260        notwendig?
MAGIX mp3 maker platinum SE        MAGIX AG        3.0.5.0        unnötig
MAGIX playR jukebox        MAGIX AG        3.6.5.0                unnötig
Malwarebytes' Anti-Malware version 1.51.2.1300        Malwarebytes Corporation        1.51.2.1300
MediaInfo 0.7.44        MediaArea.net        0.7.44                unnötig
Microsoft Train Simulator                                        unnötig
MKVtoolnix 4.3.0        Moritz Bunkus        4.3.0                        notwendig
Mobile Partner        Huawei Technologies Co.,Ltd        11.302.09.04.382                unnötig
Movavi Video Converter 10        MOVAVI        10.04.000        unnötig
Mozilla Firefox (3.6.23)        Mozilla        3.6.23 (de)                notwendig
Mozilla Thunderbird (3.1.15)        Mozilla        3.1.15 (de)                notwendig
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        4.20.9870.0        unbekannt
Nokia Connectivity Cable Driver        Nokia        6.82.4.0        unnötig
Nokia PC Suite        Nokia        6.82.22.0                                unnötig
OpenOffice.org 3.2        OpenOffice.org        3.2.9502        notwendig
Opera 10.63        Opera Software ASA        10.63                        notwendig
PC Connectivity Solution        Nokia        6.43.9.0                unnötig
PDFCreator        Frank Heindörfer, Philip Chinery        1.0.2                notwendig
pdfforge Toolbar v4.7        Spigot, Inc.        4.7                unnötig
Picasa 2        Google, Inc.        2.0                                notwendig
PowerISO                                                                notwendig
QuickTime        Apple Computer, Inc.        7.1.5.120                notwendig
Route_Riter v7.0.85                                                unnötig
Samsung ML-1640 Series        Samsung Electronics CO.,LTD        notwendig
ScanToWeb                                                                unnötig
SiS 900 PCI Fast Ethernet Adapter Driver                        notwendig
SiS Mirage Graphics                                                notwendig
Skype™ 4.0        Skype Technologies S.A.        4.0.226                notwendig
STP DB ICE T 411 V1.0                                        unbekannt
Streamripper (Remove only)                                        notwendig
Trust WB-1200p Mini Webcam        Trust International BV        0.1.3.73        notwendig
Update Rollup 1 for Windows 2000 SP4        Microsoft Corporation        20050809.32623  hm, unbekannt
URL Snooper v2.17.01        DonationCoder.com                      unnötig       
Visual Watermark 2.9.12        VisualWatermark.com                notwendig
VLC media player 1.1.9        VideoLAN        1.1.9                        notwendig
Voxware Audio decoder 1.6                1.6.0                unbekannt
Winamp        Nullsoft, Inc        5.61                                notwendig
Winamp Erkennungs-Plug-in        Nullsoft, Inc        1.0.0.1        notwendig
Windows 2000 Hotfix - KB842773        Microsoft Corporation        alle unbekannt!
Windows 2000 Hotfix - KB893756        Microsoft Corporation        20050702.42421
Windows 2000 Hotfix - KB896358        Microsoft Corporation        20050421.70926
Windows 2000 Hotfix - KB896422        Microsoft Corporation        20050503.23608
Windows 2000 Hotfix - KB896423        Microsoft Corporation        20050713.01536
Windows 2000 Hotfix - KB899587        Microsoft Corporation        20050614.212757
Windows 2000 Hotfix - KB899589        Microsoft Corporation        20050822.21016
Windows 2000 Hotfix - KB900725        Microsoft Corporation        20050923.34708
Windows 2000 Hotfix - KB901017        Microsoft Corporation        20050830.22150
Windows 2000 Hotfix - KB901214        Microsoft Corporation        20050629.02152
Windows 2000 Hotfix - KB905414        Microsoft Corporation        20050816.13004
Windows 2000 Hotfix - KB905495        Microsoft Corporation        20050805.184113
Windows 2000 Hotfix - KB905749        Microsoft Corporation        20050902.21643
Windows 2000 Hotfix - KB908531        Microsoft Corporation        20060421.150136
Windows 2000 Hotfix - KB913580        Microsoft Corporation        20060423.131341
Windows 2000 Hotfix - KB914388        Microsoft Corporation        20060519.144359
Windows 2000 Hotfix - KB917008        Microsoft Corporation        20060725.103752
Windows 2000 Hotfix - KB918118        Microsoft Corporation        20061117.184220
Windows 2000 Hotfix - KB920213        Microsoft Corporation        20060824.133346
Windows 2000 Hotfix - KB920670        Microsoft Corporation        20060721.203510
Windows 2000 Hotfix - KB920683        Microsoft Corporation        20060706.171055
Windows 2000 Hotfix - KB921398        Microsoft Corporation        20060713.123515
Windows 2000 Hotfix - KB923191        Microsoft Corporation        20060828.162944
Windows 2000 Hotfix - KB923561        Microsoft Corporation        20090330.154706
Windows 2000 Hotfix - KB923810        Microsoft Corporation        20070817.121332
Windows 2000 Hotfix - KB923980        Microsoft Corporation        20060901.111504
Windows 2000 Hotfix - KB924270        Microsoft Corporation        20060817.184033
Windows 2000 Hotfix - KB924667        Microsoft Corporation        20061102.225742
Windows 2000 Hotfix - KB925902        Microsoft Corporation        20070306.164258
Windows 2000 Hotfix - KB926122        Microsoft Corporation        20070423.114823
Windows 2000 Hotfix - KB926436        Microsoft Corporation        20061019.132845
Windows 2000 Hotfix - KB927891        Microsoft Corporation        20070405.124354
Windows 2000 Hotfix - KB928843        Microsoft Corporation        20070124.95405
Windows 2000 Hotfix - KB935839        Microsoft Corporation        20070416.180959
Windows 2000 Hotfix - KB937894        Microsoft Corporation        20071017.124014
Windows 2000 Hotfix - KB938827        Microsoft Corporation        20070625.115213
Windows 2000 Hotfix - KB943055        Microsoft Corporation        20071205.160626
Windows 2000 Hotfix - KB943485        Microsoft Corporation        20071016.192509
Windows 2000 Hotfix - KB944338        Microsoft Corporation        20080303.105828
Windows 2000 Hotfix - KB950749        Microsoft Corporation        20080327.181336
Windows 2000 Hotfix - KB950760        Microsoft Corporation        20080424.101813
Windows 2000 Hotfix - KB950974        Microsoft Corporation        20080710.152703
Windows 2000 Hotfix - KB951748-V2        Microsoft Corporation        20091013.164223
Windows 2000 Hotfix - KB952004        Microsoft Corporation        20080625.175533
Windows 2000 Hotfix - KB952954        Microsoft Corporation        20080625.181749
Windows 2000 Hotfix - KB955069        Microsoft Corporation        20080910.124853
Windows 2000 Hotfix - KB955759        Microsoft Corporation        20091120.121554
Windows 2000 Hotfix - KB956802        Microsoft Corporation        20081023.105413
Windows 2000 Hotfix - KB956844        Microsoft Corporation        20090803.144859
Windows 2000 Hotfix - KB957097        Microsoft Corporation        20080905.163635
Windows 2000 Hotfix - KB958470        Microsoft Corporation        20090630.130855
Windows 2000 Hotfix - KB958644        Microsoft Corporation        20081017.230754
Windows 2000 Hotfix - KB958869        Microsoft Corporation        20090818.120000
Windows 2000 Hotfix - KB959426        Microsoft Corporation        20090401.214327
Windows 2000 Hotfix - KB960225        Microsoft Corporation        20081205.130806
Windows 2000 Hotfix - KB960803        Microsoft Corporation        20081231.145808
Windows 2000 Hotfix - KB960859        Microsoft Corporation        20090128.191252
Windows 2000 Hotfix - KB961501        Microsoft Corporation        20090507.120638
Windows 2000 Hotfix - KB967715        Microsoft Corporation        20090210.171645
Windows 2000 Hotfix - KB969059        Microsoft Corporation        20090811.212730
Windows 2000 Hotfix - KB970238        Microsoft Corporation        20090422.190356
Windows 2000 Hotfix - KB971468        Microsoft Corporation        20091210.222252
Windows 2000 Hotfix - KB971961        Microsoft Corporation        20090624.232729
Windows 2000 Hotfix - KB972270        Microsoft Corporation        20091015.141840
Windows 2000 Hotfix - KB973507        Microsoft Corporation        20090805.103012
Windows 2000 Hotfix - KB973869        Microsoft Corporation        20090727.165246
Windows 2000 Hotfix - KB973904        Microsoft Corporation        20091125.143200
Windows 2000 Hotfix - KB974318        Microsoft Corporation        20091009.114544
Windows 2000 Hotfix - KB974392        Microsoft Corporation        20091008.192013
Windows 2000 Hotfix - KB974571        Microsoft Corporation        20090905.120157
Windows 2000 Hotfix - KB975560        Microsoft Corporation        20091124.114903
Windows 2000 Hotfix - KB977914        Microsoft Corporation        20091124.115001
Windows 2000 Hotfix - KB978037        Microsoft Corporation        20091214.123444
Windows 2000 Hotfix - KB978542        Microsoft Corporation        20100202.120000
Windows 2000 Hotfix - KB978601        Microsoft Corporation        20100215.181733
Windows 2000 Hotfix - KB978706        Microsoft Corporation        20091228.184506
Windows 2000 Hotfix - KB979309        Microsoft Corporation        20100113.191139
Windows 2000 Hotfix - KB979482        Microsoft Corporation        20100309.145747
Windows 2000 Hotfix - KB979559        Microsoft Corporation        20100503.140750
Windows 2000 Hotfix - KB979683        Microsoft Corporation        20100305.133428
Windows 2000 Hotfix - KB980195        Microsoft Corporation        20100504.235703
Windows 2000 Hotfix - KB980218        Microsoft Corporation        20100412.180829
Windows 2000 Hotfix - KB980232        Microsoft Corporation        20100225.164148
Windows 2000 Hotfix - KB981350        Microsoft Corporation        20100312.143914
Windows 2000 Hotfix - KB982381        Microsoft Corporation        20100414.120000
Windows Driver Package - Nokia Modem  (11/03/2006 6.82.0.1)        Nokia        11/03/2006 6.82.0.1  unnötig       
Windows Installer 3.1 (KB893803)        Microsoft Corporation        3.1        unnötig?
Windows Media Player Hotfix [See Q828026 for more information]        Microsoft Corporation  notwendig       
Windows Media Player system update (9 Series)                notwendig
WinPcap 4.0        CACE Technologies        4.0.0.755                        unnötig
WinRAR                                notwendig
µTorrent                2.2.0                notwendig

markusg 08.11.2011 18:17
deinstaliere
Adobe Acrobat 4.0
adobe reader
Apple Software Update
ArcSoft
aTube
Cheat Engine
Feurio
FM Screen Capture
Frets On Fire
Java
Download der kostenlosen Java-Software
downloade jre
deinstaliere:

MAGIX beide
MediaInfo
Microsoft Train Simulator
Mobile Partner
Movavi
Mozilla Firefox
aktuell:
Webbrowser Firefox auf Deutsch | Schneller, sicherer und anpassbar
Mozilla Thunderbird
aktuell:
Herunterladen

deinstaliere:
Nokia beide.
Opera
aktuell:
Opera Webbrowser | Schneller & Sicherer | Kostenloser Download der neuen Internetbrowser

deinstaliere:
PC Connectivity Solution
pdfforge Toolbar
Route_Riter
ScanToWeb
Skype™
aktuell:
Skype herunterladen - Kostenloser Download
bitte drauf achten skype instaliert ne toolbar, die muss deinstaliert werden, da sicherheitsrisiko

deinstaliere:
URL Snooper
VLC media mal öffnen und updaten
deinstaliere
WinPcap


bereinige mit dem ccleaner.
warum nutzt du kein av programm?

PirateAndy 23.11.2011 18:04
Hallo Markus,

so, jetzt endlich alles erledigt.

Ich habe früher AV-Programme drauf, die hatten aber ziemlich genervt. Dachte nun, da ich Win2000 noch benutze bin ich nicht mehr so stark gefährdet. Mache mir aber jetzt Gedanken was ich installiere...

Danke für den hervorragenden Support!

lg PA


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:02 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129