Brauche Hilfe beim Auswerten von HiJackThis Logfile

Nevon · 29.03.2008, 19:12

Hi, ich habe mir warscheinlich irgendwelche Viren eingefangen.Wenn ich IE 7 Starte kommt oben eine Nachricht das Viren oder so hätte und soll auf die angezeigte Seite gehen. Leider kenne ich mich nicht gut aus mit sowas habe mal so ein Logfile erstellt.Bitte um überprüfung.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:40, on 29.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ProgramData\onerungj\exgfsfif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\ico.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Mail\WindowsMailGadget.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4071103
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: GNX Bingo - {72C7F75B-B10B-4477-A687-EF10300DE5DD} - C:\Windows\kdftlboerfg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKLM\..\Policies\Explorer\Run: [lMklRKFGIf] C:\ProgramData\onerungj\exgfsfif.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: DrvDrv - {aec5f294-fe38-4a70-89bf-77dfc597d821} - C:\Windows\Installer\{aec5f294-fe38-4a70-89bf-77dfc597d821}\DrvDrv.dll
O21 - SSODL: vbgtorfd - {9C599004-FF8A-4820-94A5-1B3428090920} - C:\Windows\vbgtorfd.dll
O21 - SSODL: dwnrpofk - {98CBB664-F7CD-4BC0-AD0A-1511034A370A} - C:\Windows\dwnrpofk.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10993 bytes

**Sunny** · 29.03.2008, 19:52

Hallo Nevon und

Dateien Online überprüfen lassen:

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

(lass auch die versteckten Dateien anzeigen!)

Zitat:

C:\Windows\kdftlboerfg.dll
C:\Program Files\Windows Mail\WindowsMailGadget.exe
C:\ProgramData\onerungj\exgfsfif.exe
C:\Windows\vbgtorfd.dll

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

(Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!)

Malwarebytes' Anti-Malware

Lies dir die Entfernungsanleitung durch und lass alles entfernen was gefunden wurde:

Download von Malwarebytes' Anti-Malware

Nevon · 30.03.2008, 11:29

Erstmal vielen Dank für die Hilfe!

So hier sind die 4 Ergebnisse von den Virustotal:
1.
AhnLab-V3 - - -
AntiVir - - TR/BHO.Agent.221184
Authentium - - -
AVG - - Downloader.Zlob.AAQ
BitDefender - - -
CAT-QuickHeal - - AdWare.Vapsup.cue (Not a Virus)
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - Win32/Pripecs!generic
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - Trojan.BHO.Agent.221184
Kaspersky - - -
McAfee - - -
Microsoft - - Trojan:Win32/Zlob.ZWY
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Downloader.Drev.A
Rising - - Trojan.Clicker.Win32.Agent.ypq
Sophos - - Mal/Emogen-AC
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - suspected of Downloader.Zlob.8
VirusBuster - - -
Webwasher-Gateway - - Trojan.BHO.Agent.221184

weitere Informationen
MD5: b4b5077332df453ff8150283f527c6d0
SHA1: 588f2862c7eb3328310227219c26c505bc8b835c
SHA256: 8a8db287f55b0fcad1d0949d97f153653c49da49510592a468a132bd7b210b03
SHA512: 51e6ff8ac9d71e00e05101f329124ae766534719500fa10e3b15dbedfbd7f8e5 159f7313b2c1f5c36342c522edd19fb1ebc1018114d557c48fc08dd3e82c20a9

2.
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.29.0 2008.03.29 -
AntiVir 7.6.0.78 2008.03.28 -
Authentium 4.93.8 2008.03.30 -
Avast 4.7.1098.0 2008.03.29 -
AVG 7.5.0.516 2008.03.29 -
BitDefender 7.2 2008.03.30 -
CAT-QuickHeal 9.50 2008.03.28 -
ClamAV 0.92.1 2008.03.30 -
DrWeb 4.44.0.09170 2008.03.30 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5653 2008.03.29 -
Ewido 4.0 2008.03.29 -
F-Prot 4.4.2.54 2008.03.30 -
F-Secure 6.70.13260.0 2008.03.29 -
FileAdvisor 1 2008.03.30 -
Fortinet 3.14.0.0 2008.03.30 -
Ikarus T3.1.1.20 2008.03.30 -
Kaspersky 7.0.0.125 2008.03.30 -
McAfee 5262 2008.03.28 -
Microsoft 1.3301 2008.03.28 -
NOD32v2 2984 2008.03.29 -
Norman 5.80.02 2008.03.28 -
Panda 9.0.0.4 2008.03.29 -
Prevx1 V2 2008.03.30 -
Rising 20.37.60.00 2008.03.30 -
Sophos 4.28.0 2008.03.30 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.30 -
TheHacker 6.2.92.258 2008.03.29 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.29 -
Webwasher-Gateway 6.6.2 2008.03.30 -

weitere Informationen
File size: 168960 bytes
MD5: bb07a5e61b32aaff2568d373b45a8c31
SHA1: 0ff4168d5f280b1452bf3294caf7425eeabf0933
PEiD: -

3.
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.29.0 2008.03.29 -
AntiVir 7.6.0.78 2008.03.28 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.03.29 -
Avast 4.7.1098.0 2008.03.29 -
AVG 7.5.0.516 2008.03.28 -
BitDefender 7.2 2008.03.29 -
CAT-QuickHeal 9.50 2008.03.28 Win32.Trojan.Obfuscated.gx.3
ClamAV 0.92.1 2008.03.29 -
DrWeb 4.44.0.09170 2008.03.29 -
eSafe 7.0.15.0 2008.03.18 suspicious Trojan/Worm
eTrust-Vet 31.3.5653 2008.03.29 -
Ewido 4.0 2008.03.29 -
FileAdvisor 1 2008.03.29 -
Fortinet 3.14.0.0 2008.03.29 -
F-Prot 4.4.2.54 2008.03.28 -
F-Secure 6.70.13260.0 2008.03.29 -
Ikarus T3.1.1.20 2008.03.29 -
Kaspersky 7.0.0.125 2008.03.29 -
McAfee 5262 2008.03.28 -
Microsoft 1.3301 2008.03.28 Trojan:Win32/Vundo.BH
NOD32v2 2984 2008.03.29 -
Norman 5.80.02 2008.03.28 -
Panda 9.0.0.4 2008.03.29 Suspicious file
Prevx1 V2 2008.03.29 -
Rising 20.37.51.00 2008.03.29 -
Sophos 4.28.0 2008.03.29 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.29 -
TheHacker 6.2.92.258 2008.03.29 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.29 -
Webwasher-Gateway 6.6.2 2008.03.29 Trojan.Crypt.XPACK.Gen

weitere Informationen
File size: 43520 bytes
MD5: 46aa115c6c9a13bf5ec9be210a0d93fd
SHA1: edbbde8b29bb104f32ad3590343db77518e0ce87
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
packers: UPX
packers: UPX

4.
AhnLab-V3 - - -
AntiVir - - ADSPY/Agent.PB
Authentium - - Possibly a new variant of W32/Adware-Vapsup!Maximus
Avast - - Win32:Agent-LTS
AVG - - Downloader.Zlob.ACS
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - Win32/Pripecs!generic
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - Virus.Win32.Agent.LTS
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - Trojan.Clicker.Win32.Agent.ypr
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - suspected of Downloader.Zlob.5
VirusBuster - - -
Webwasher-Gateway - - Ad-Spyware.Agent.PB

weitere Informationen
MD5: 2f150e05e85173d2fc614cc82ef9b751
SHA1: 8fcd8e350324bee2cbc04dca509e359d72f67a04
SHA256: 0c4f6e1118585313dc0e2dc64f0c369fa921a5740f11539efc430c019e3d8e48
SHA512: 5be613c8f65ed825ef23dd69a8bf51864a6ba6f88a17f4b3fdfb283cc752c9d2 c15562116878977b6424a008c3148c64fa034b73b3ac8681283dd6034cb8a247

Hier ist noch der Bericht von Anti-Malware (Nach dem entfernen von den Viren stand bei Anti-Malware das nur wenige Viren nicht entfernt werden konnten.):

Malwarebytes' Anti-Malware 1.09
Datenbank Version: 568

Scan Art: Komplett Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objekte gescannt: 156881
Scan Dauer: 24 minute(s), 29 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 1
Infizierte Registrierungsschlüssel: 36
Infizierte Registrierungswerte: 4
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 5
Infizierte Dateien: 17

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
C:\Windows\kdftlboerfg.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{aec5f294-fe38-4a70-89bf-77dfc597d821} (Trojan.Alphabet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98cbb664-f7cd-4bc0-ad0a-1511034a370a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{72c7f75b-b10b-4477-a687-ef10300de5dd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72c7f75b-b10b-4477-a687-ef10300de5dd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9c599004-ff8a-4820-94a5-1b3428090920} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\qvdntlmw.bkra (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\qvdntlmw.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MSVPS.MSVPSApp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\DrvDrv (Trojan.Alphabet) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dwnrpofk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vbgtorfd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
C:\Windows\Installer\{aec5f294-fe38-4a70-89bf-77dfc597d821} (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Windows\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\Installer\{aec5f294-fe38-4a70-89bf-77dfc597d821}\DrvDrv.dll (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Windows\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\dwnrpofk.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\kdftlboerfg.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Windows\norlatmx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\vbgtorfd.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

**Sunny** · 30.03.2008, 11:45

CCleaner

Temporäre Dateien mit CCleaner bereinigen
Download CCleaner und installiere ihn, (klicke die Toolbar weg!).

Danach CCleaner starten und => unter options settings => german einstellen.

Gehe auf den Button links oben "Cleaner"

Setze Häkchen unter Reiter "Windows"

(alle außer "Eingabefeld Verlauf" und bei "Erweitert" nur ein Häkchen bei "Alte Prefetchdaten" und "Benutzerdefinierte Dateien und Ordner").

Wechsel zum Reiter "Anwendungen", dort alle Häkchen setzen außer bei Firefox/Mozilla (falls vorhanden) "Gespeicherte Formulardaten".

Starte nun den CCleaner, indem Du unten auf den Button "Analysieren" klickst. Wenn die Analyse fertig ist, klicke auf den Button "Starte CCleaner".

ComboFix

Lade dir das Tool hier herunter -> KLICK

Sieh dir folgende Seite genau an, und wende das Combofix so an wie es dort eingestellt ist:

Anleitung Combofix

Nevon · 30.03.2008, 12:04

Habe alles soweit verstanden, außer einer Sache: Bei Reiter Windows unter WINDOWS EXPLORER und SYSTEM: soll ich da auch alles angekreuzt lassen?

**Sunny** · 30.03.2008, 12:08

Zitat:

Zitat von Nevon

Habe alles soweit verstanden, außer einer Sache: Bei Reiter Windows unter WINDOWS EXPLORER und SYSTEM: soll ich da auch alles angekreuzt lassen?

Ansonsten alles angekreuzt lassen wie es ist..

Nevon · 30.03.2008, 13:01

So habe combofix durchgeführt, hier der Bericht:

ComboFix 08-03-30.1 - Nevon 2008-03-30 13:48:11.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1900 [GMT 2:00]
ausgeführt von:: C:\Users\Nevon\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
TimedOut: progfile.dat

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\a.bat
C:\Windows\base64.tmp
C:\Windows\bdn.com
C:\Windows\FVProtect.exe
C:\Windows\iTunesMusic.exe
C:\Windows\mssecu.exe
C:\Windows\system32akttzn.exe
C:\Windows\system32anticipator.dll
C:\Windows\system32awtoolb.dll
C:\Windows\system32bdn.com
C:\Windows\system32bsva-egihsg52.exe
C:\Windows\system32dpcproxy.exe
C:\Windows\system32emesx.dll
C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32hoproxy.dll
C:\Windows\system32hxiwlgpm.dat
C:\Windows\system32hxiwlgpm.exe
C:\Windows\system32medup012.dll
C:\Windows\system32medup020.dll
C:\Windows\system32msgp.exe
C:\Windows\system32msnbho.dll
C:\Windows\system32mssecu.exe
C:\Windows\system32msvchost.exe
C:\Windows\system32mtr2.exe
C:\Windows\system32mwin32.exe
C:\Windows\system32netode.exe
C:\Windows\system32newsd32.exe
C:\Windows\system32ps1.exe
C:\Windows\system32psof1.exe
C:\Windows\system32psoft1.exe
C:\Windows\system32regc64.dll
C:\Windows\system32regm64.dll
C:\Windows\system32Rundl1.exe
C:\Windows\system32sncntr.exe
C:\Windows\system32ssurf022.dll
C:\Windows\system32ssvchost.com
C:\Windows\system32ssvchost.exe
C:\Windows\system32sysreq.exe
C:\Windows\system32taack.dat
C:\Windows\system32taack.exe
C:\Windows\system32temp#01.exe
C:\Windows\system32thun.dll
C:\Windows\system32thun32.dll
C:\Windows\system32VBIEWER.OCX
C:\Windows\system32vbsys2.dll
C:\Windows\system32vcatchpi.dll
C:\Windows\system32winlogonpc.exe
C:\Windows\system32winsystem.exe
C:\Windows\system32WINWGPX.EXE
C:\Windows\userconfig9x.dll
C:\Windows\winsystem.exe
C:\Windows\zip1.tmp
C:\Windows\zip2.tmp
C:\Windows\zip3.tmp
C:\Windows\zipped.tmp

.
((((((((((((((((((((((( Dateien erstellt von 2008-02-28 bis 2008-03-30 ))))))))))))))))))))))))))))))
.

2008-03-30 12:51 . 2008-03-30 12:51 <DIR> d-------- C:\Program Files\CCleaner
2008-03-30 11:49 . 2008-03-30 11:49 <DIR> d-------- C:\Users\Nevon\AppData\Roaming\Malwarebytes
2008-03-30 11:49 . 2008-03-30 11:49 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-03-30 11:49 . 2008-03-30 11:49 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-03-30 11:49 . 2008-03-30 11:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-29 17:38 . 2008-03-29 17:38 <DIR> d-------- C:\Users\Nevon\AppData\Roaming\Symantec
2008-03-29 16:46 . 2008-03-06 22:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-03-29 16:46 . 2008-03-06 22:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-03-29 16:46 . 2008-03-06 22:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-03-29 16:15 . 2008-03-29 16:42 <DIR> d-------- C:\Program Files\Norton 360
2008-03-29 16:15 . 2008-03-29 16:40 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-03-29 16:15 . 2008-03-29 16:40 10,740 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-03-29 16:15 . 2008-03-29 16:40 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-03-29 16:14 . 2008-03-29 16:40 <DIR> d-------- C:\Program Files\Symantec
2008-03-28 18:09 . 2008-03-28 18:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-27 19:23 . 2008-03-27 19:23 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-25 11:58 . 2008-03-25 11:58 <DIR> d-------- C:\Users\All Users\onerungj
2008-03-25 11:58 . 2008-03-25 11:58 <DIR> d-------- C:\ProgramData\onerungj
2008-03-19 15:05 . 2008-03-19 15:05 1,080 --a------ C:\Windows\System32\settingsbkup.sfm
2008-03-19 15:05 . 2008-03-19 15:05 1,080 --a------ C:\Windows\System32\settings.sfm
2008-03-19 15:02 . 2008-03-19 15:02 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-12 14:06 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 14:06 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-09 10:43 . 2008-03-09 11:05 <DIR> d-------- C:\Program Files\Windows SideShow
2008-03-02 14:55 . 2008-03-07 16:44 <DIR> d-------- C:\Program Files\Bus-Simulator 2008 Demo
2008-03-01 19:30 . 2008-03-01 19:30 <DIR> d-------- C:\Users\Nevon\AppData\Roaming\flightgear.org
2008-03-01 17:56 . 2008-03-01 17:56 <DIR> d-------- C:\Users\All Users\Trymedia
2008-03-01 17:56 . 2008-03-01 17:56 <DIR> d-------- C:\ProgramData\Trymedia
2008-02-21 13:06 . 2008-02-21 13:06 <DIR> d-------- C:\Users\All Users\Media Center Programs
2008-02-21 13:06 . 2008-02-21 13:06 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-02-16 14:40 . 2008-01-10 07:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-13 16:52 . 2008-02-13 16:52 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 16:52 . 2008-02-13 16:52 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-13 16:52 . 2008-02-13 16:52 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-02-13 16:52 . 2008-02-13 16:52 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-13 16:51 . 2008-02-13 16:51 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 16:51 . 2008-02-13 16:51 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 16:51 . 2008-02-13 16:51 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-13 16:51 . 2008-02-13 16:51 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-13 16:51 . 2008-02-13 16:51 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-13 16:51 . 2008-02-13 16:51 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-13 16:51 . 2008-02-13 16:51 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-02 11:55 . 2008-02-02 11:55 <DIR> d-------- C:\Programs

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 14:46 --------- d-----w C:\ProgramData\Symantec
2008-03-29 14:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-26 14:52 --------- d-----w C:\Users\Nevon\AppData\Roaming\Skype
2008-03-26 14:46 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-26 14:46 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-26 11:05 --------- d-----w C:\Users\Nevon\AppData\Roaming\Hamachi
2008-03-25 11:19 --------- d-----w C:\Program Files\Opera
2008-03-19 13:04 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2008-03-19 13:04 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2008-03-12 12:24 --------- d-----w C:\Program Files\Windows Mail
2008-03-11 08:53 --------- d-----w C:\ProgramData\NVIDIA
2008-02-13 14:51 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 14:51 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 14:51 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 14:51 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 14:50 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 14:50 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 14:50 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 14:50 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-19 13:46 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-15 06:07 1,324,056 ----a-w C:\Windows\System32\CTEXFIFX.dll
2008-01-15 06:06 72,728 ----a-w C:\Windows\System32\CTHWIUT.DLL
2008-01-15 06:06 171,032 ----a-w C:\Windows\System32\CT20XUT.DLL
2008-01-15 04:01 86,016 ----a-w C:\Windows\System32\ctcoinst.dll
2008-01-15 04:01 163,840 ----a-w C:\Windows\System32\ctdvinst.dll
2008-01-15 03:59 60,928 ----a-w C:\Windows\System32\a3d.dll
2008-01-15 03:57 48,640 ----a-w C:\Windows\System32\ac3api.dll
2008-01-15 03:55 41,472 ----a-w C:\Windows\System32\CTxfiBtn.dll
2008-01-15 03:55 39,424 ----a-w C:\Windows\System32\CTxfiSpk.dll
2008-01-15 03:55 23,552 ----a-w C:\Windows\System32\Ctxfihlp.exe
2008-01-15 03:50 15,360 ----a-w C:\Windows\System32\Ct20xspi.dll
2008-01-15 03:50 1,023,488 ----a-w C:\Windows\System32\CTxfispi.exe
2008-01-15 03:42 56,509 ----a-w C:\Windows\System32\SET695A.tmp
2008-01-15 03:42 114,688 ----a-w C:\Windows\System32\ctemupia.dll
2008-01-15 03:41 162,816 ----a-w C:\Windows\System32\ct_oal.dll
2008-01-15 03:40 74,240 ----a-w C:\Windows\System32\ctosuser.dll
2008-01-15 03:40 68,608 ----a-w C:\Windows\System32\piaproxy.dll
2008-01-15 03:40 53,248 ----a-w C:\Windows\System32\ctdproxy.dll
2008-01-15 03:40 50,688 ----a-w C:\Windows\System32\ctasio.dll
2008-01-15 03:40 16,384 ----a-w C:\Windows\System32\regplib.exe
2008-01-15 03:40 108,544 ----a-w C:\Windows\System32\sfms32.dll
2008-01-15 03:40 10,240 ----a-w C:\Windows\System32\sfman32.dll
2007-12-12 15:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 15:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 15:06 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-11-15 18:49 22,328 ----a-w C:\Users\Nevon\AppData\Roaming\PnkBstrK.sys
2007-11-08 17:22 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 15:46 1232896]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 06:40 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-03 05:09 1006264]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 10:40 405504]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-11-02 21:26 77824]
"PMX Daemon"="ICO.EXE" [2006-11-08 17:01 49152 C:\Windows\System32\ico.exe]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 20:10 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 03:00 90112]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-26 21:03 178712]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 21:40 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 12:14 439512]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 12:18 215256]
"AVMWlanClient"="C:\Program Files\avmwlanstick\wlangui.exe" [2006-12-28 02:02 1454080]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2007-11-10 20:34 3144800]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-12 02:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-12 02:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-12 02:06 81920]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 19:38 583048]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-01-15 05:55 23552 C:\Windows\System32\Ctxfihlp.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 19:53 116072]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-03-19 18:31 1183440]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
Microsoft-Indexerstellung.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-10-18 01:00:00 111376]
Office-Start.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-10-18 01:00:00 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"lMklRKFGIf"= C:\ProgramData\onerungj\exgfsfif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 22:52 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BAC28BF2-B78B-4046-A887-FFF8799371E8}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{BA77CEB1-C636-4714-97DB-B675C00C2AB6}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{8B3B0876-1CC4-4DBE-BE08-6F2AFF606A18}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{7C312114-309D-470E-8AC2-EA7639B49B04}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{A60C8B48-799A-4134-B4D7-E4F09014C45F}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{91402C04-D4B2-44FE-B2CF-B2345CDF4636}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{2399B24D-C7E9-4637-B8A1-7FED1BACC999}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{4AA3EB9D-F472-4EEE-8F2C-B465A3637858}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{A235CF88-63B5-48FD-9FCD-F56795789A8E}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{0461C9BF-C3CF-4B3D-B518-5BC840D519B6}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2D69B231-80F3-4585-A953-93A649FDE0A9}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{FB70F91C-9BE8-4AE4-9D46-4B0DDAF4BAA1}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F854F0D0-7A57-4351-A48A-9526770781EE}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{0C7B97F9-093A-44AD-8595-E7F33E690C1F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{2E4D3048-6532-4105-BD65-AD90BB7A18EF}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{F0C94FC6-5359-4EA7-9781-BD6D0DA93046}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{0AAFDA1F-268A-41DC-886C-41A98D38C757}"= Disabled:UDP:C:\Users\Nevon\AppData\Local\Temp\7zS93D6.tmp\setup\HPZnui01.exe:hpznui01.exe
"{335AB846-4552-4890-A2C4-4F50D124AB93}"= Disabled:TCP:C:\Users\Nevon\AppData\Local\Temp\7zS93D6.tmp\setup\HPZnui01.exe:hpznui01.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080325.002\IDSvix86.sys [2008-03-11 23:36]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 13:46]
R2 HPSLPSVC;HP Network Devices Support;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R2 NMSCore;Intel(R) NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 12:14]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 22:34]
R2 QualityManager;Intel(R) Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 12:17]
R3 FWLANUSB;AVM FRITZ!WLAN;C:\Windows\system32\DRIVERS\fwlanusb.sys [2006-12-28 02:02]
R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2008-01-15 08:12]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-11-02 21:37]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-10 02:46]
S3 DHTRACE;Intel(R) DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 12:15]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 13:50:33
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-03-30 13:51:00
ComboFix-quarantined-files.txt 2008-03-30 11:50:58
14 Verzeichnis(se), 487,198,121,984 Bytes frei
20 Verzeichnis(se), 487,162,961,920 Bytes frei
.
2008-03-19 13:04:27 --- E O F ---

Nevon · 30.03.2008, 13:13

Habe nun ein Problem: Alles geht zwar wieder nur der Hintergrund ist noch schwarz und alle Bilder, die ich habe kann ich kann ich nicht als Desktophintergrund verwenden. Habe unter Ausführen combofix / U eingegeben dann ok geklickt. Darauf stand dann das es uninstall wurde. Soll ich jetzt noch die übrigen Ordner löschen oder nochmal neu eingeben?

**Sunny** · 30.03.2008, 13:23

Anleitung SmitfraudFix:

Lade dir dieses Tool -> SmitfraudFix
-Starte es dann und lass das System durchsuchen. (Option 2)
-Poste danach wie in der Anleitung beschrieben, das Ergebnis des Scans

-- Rouge Spyware --

* Downloade RVAXO.exe von hier --> http://home.hetnet.nl/~stefsmeenk/RVAXO.exe
* Speichere es auf dem Desktop.
* starte die RVAXO.exe mit einem Doppelklick
* eventuell öffnet sich ein Uninstaller
* schliesse ihn nicht, lass das Programm laufen
* Starte deinen Rechner danach neu
* nach dem Neustart mach einen Doppelklick auf die RVAXO.exe
* ist sehr wichtig!
* das Logfile findest du hier: C:\RVAXO-results.log

Nevon · 30.03.2008, 13:47

Hier ist erstmal deer Bericht von SmitFraudFix:

SmitFraudFix v2.309

Scan done at 14:44:01,17, 30.03.2008
Run from C:\Users\Nevon\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\onerungj\exgfsfif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\ico.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\avmwlanstick\WlanNetService.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Mail\WindowsMailGadget.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Nevon

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Nevon\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Nevon\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: AVM FRITZ!WLAN USB Stick
DNS Server Search Order: 192.168.178.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D11B1BCF-9010-4C82-BBF3-923C85A852C7}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F6B1A4F1-3219-40F8-B5B2-845BF2300F8B}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D11B1BCF-9010-4C82-BBF3-923C85A852C7}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F6B1A4F1-3219-40F8-B5B2-845BF2300F8B}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D11B1BCF-9010-4C82-BBF3-923C85A852C7}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F6B1A4F1-3219-40F8-B5B2-845BF2300F8B}: DhcpNameServer=192.168.178.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Nevon · 30.03.2008, 14:08

Hi, kann RVAXO nicht richtig ausführen. Ich mache einen Doppelklick drauf dann öffnet sich für für ca. 1 Sekunde ein Fenster und schließt sich wieder, danach erscheint ein neuer Ordner von RVAXO auf den Desktop. Darin sind die Dateien: RunMe
RVAXO
RAVXO1 ...... bis RAVXO7

Nevon · 30.03.2008, 15:37

Habe nochmal Anti_Malware lassen, er hat noch zwei Viren gefunden und beseitigt. Müsste jetzt wohl alles weg sein oder??? Außer das mit dem schwarzen Desktop muss ich jetzt noch hinbekommen.

Nevon · 30.03.2008, 17:13

Sollte ich eigentlich bei SmitfraudFix auch in den abgesicherten Modus gehen und die Viren dort löschen? Hab nämlich nur einmal gescant.

Brauche Hilfe beim Auswerten von HiJackThis Logfile

Log-Analyse und Auswertung: Brauche Hilfe beim Auswerten von HiJackThis Logfile