sehr gut
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

Okay, der Logfile:


Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5504

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11.01.2011 17:08:25
mbam-log-2011-01-11 (17-08-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 227809
Laufzeit: 28 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 58

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> Value: bk -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Adobe\plugs\kb13044677.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Adobe\plugs\kb13053119.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\csderv.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\0.09595622729837516.exe.vir (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP260\A0158227.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP262\A0159321.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP262\A0161382.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP262\A0161410.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP263\A0162411.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP263\A0163450.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP264\A0164521.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP264\A0164522.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP267\A0167881.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP267\A0167882.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP267\A0167883.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP267\A0167884.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP267\A0167885.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP267\A0167886.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP267\A0167887.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP267\A0167888.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP268\A0167889.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP268\A0169870.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP271\A0179978.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP271\A0179980.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP271\A0179985.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP271\A0179986.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP271\A0180106.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP271\A0180107.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP271\A0180118.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP271\A0180119.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182254.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182255.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182256.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182257.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182258.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182259.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182260.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182261.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182262.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182906.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182907.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182999.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP273\A0189162.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP273\A0189276.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP273\A0189295.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP273\A0191713.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP273\A0191714.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP273\A0192913.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP273\A0192914.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP273\A0192915.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sshnas21.dll (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\01102011_171655\c_dokumente und einstellungen\default user\startmenü\programme\autostart\diwua.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\01102011_171655\c_dokumente und einstellungen\default user\startmenü\programme\autostart\haoxan.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\01102011_171655\c_dokumente und einstellungen\default user\startmenü\programme\autostart\rediox.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\01102011_171655\c_dokumente und einstellungen\default user\startmenü\programme\autostart\tazu.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\01102011_171655\c_dokumente und einstellungen\ich\anwendungsdaten\Ruafu\erbae.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.

wie läuft der rechner jetzt?

Hmm, eben im normalen Modus hat sich keine Verbesserung gezeigt :/

dein pc ist ja auch mit den verschiedensten trojanern verseucht, wo man sich die alle her hohlt...
evtl. sollten wir kurzen prozess machen, daten sichern, neu aufsetzen und ihn gleich vernünftig absichern. da es probleme geben kann so starke systeme wieder vernünftig zum laufen zu bringen.

ja, okay vielleicht ist das besser.

ok dann fang mit der daten sicherung an und meld dich, wenn du fertig bist.

Alles klar, meine Daten sind gesichert.

http://www.trojaner-board.de/96344-a...-rechners.html

Alles klar, danke. Ich werde jetzt mit der Formatierung und der Neuinstallation beginnen. Ich musste erstmal diese CD finden.

ok, meld dich dann bitte ob alles geklappt hatt, oder bei problemen

Es hat alles wunderbar funkitioniert. Werde jetzt damit anfangen den Rest durchzuführen der oben steht.

sehr gut :-) kannst ja berichten...

Anscheinend hab ich doch irgendwas falsch gemacht. Ich hab die CD eingelegt und alles befolgt, Windows wurde auch komplett neu installiert, usw.
Eigentlich hatte ich auch formatiert..
Aber es wurde irgendwie nur Windows installiert, denn die ganzen Programme sind noch in den Ordnern bei Arbeitsplatz, Festplatte C.
Aber auf dem Desktop ist nichts. Auch rechts unten auf der Taskleiste nicht und wenn man bei Start - Alle Programme guckt auch nicht. Funkitioniert auch alles bisher.
Soll ich es trotzdem nochmal machen?

Na, ich werd es noch mal machen, das ist mir alles zu unsicher. :/