Hallo Allerseits!
Ich habe leider Probleme mit meinem PC. Ich hoffe, dass Ihr mir weiterhelfen könnt.

1.) Ich benutze Mozilla Firefox, aber es kommen andauernd CiD pop ups (und Werbung beginnend mit „Ad-“) im Internet Explorer auf meinem Bildschirm. Und manchmal öffnet sich ein Fenster, in dem mein PC für infiziert erklärt wird und ein automatischer Scan startet (immer wenn dies kommt, kann ich z.B. auf Google nicht suchen.)
Wie kann ich diese störende Werbung und diese Seite, die ich als gefährlich empfinde, blockieren?

2.) Da gibt’s noch dieses „NDIS User […] hat ein Broadcast-Paket vom Remote-Rechner […] empfangen. Möchten Sie diesem Programm den Zugriff auf das Netzwerk erlauben?“ oder „RAS PPPoE […] versucht ein Paket zu senden. Möchten Sie diesem Protokolltreiber den Zugriff auf das Netzwerk erlauben?“ oder „Firefox (firefox.exe) versucht eine Verbindung herzustellen. www.google.de […] nutzt den Remote-Port […]. Möchten Sie diesem Programm den Zugriff auf das Netzwerk erlauben?“, worauf ich meistens mit „Ja“ antworte, weil ansonsten das Internet nicht verbunden wird („RAS PPPoE…“) oder Firefox nicht ausführt („Firefox…“) und eine leere Seite zu sehen ist. Das, was ich mache, ist doch sicherlich falsch, oder? Was wäre denn richtig?

3.) Zwischendurch wird das Verwaltungsprogramm („Butler“) meines Internetanbieters sichtbar, dass noch eine Seite im Internet Explorer öffnet. Dabei erscheint die Warnung: „Es ist kein Internet Explorer mehr aktiv! Möchten Sie die aktuelle Verbindung trennen?“

4.) Beim Start ist der PC auch sehr lahm. Ich habe herausgefunden, dass ich mit „Start > Ausführen > msconfig“ startende Programme deaktivieren kann und habe es auch versucht, doch dann stürzte der PC innerhalb von 5 bis 10 Minuten immer wieder ab (musste danach eine Systemwiederherstellung durchführen). Kann ich beliebige Programme deaktivieren oder gibt’s da was Bestimmtes?

Hier ist die HijackThis-logfile von meinem PC (vor dem MalwareBytes’ Scan):

Code: Alles auswählenAufklappen

ATTFilter

 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:06, on 25.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Programme\Sygate\SPF\smc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\drivers\CDAC11BA.EXE
E:\Programme\Windows Live\Family Safety\fsssvc.exe
E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Programme\Spyware Doctor\pctsAuxs.exe
E:\Programme\Spyware Doctor\pctsSvc.exe
E:\WINDOWS\System32\alg.exe
E:\Programme\Spyware Doctor\pctsTray.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
E:\WINDOWS\system32\rundll32.exe
E:\Programme\QuickTime\qttask.exe
E:\Programme\iTunes\iTunesHelper.exe
E:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
E:\Programme\iPod\bin\iPodService.exe
E:\Programme\Java\jre1.6.0_05\bin\jusched.exe
E:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
E:\Programme\Windows Live\Family Safety\fssui.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\Programme\Windows Live\Messenger\MsnMsgr.Exe
E:\Programme\Internet Explorer\iexplore.exe
E:\Programme\DAEMON Tools Lite\daemon.exe
E:\Programme\Electronic Arts\EADM\Core.exe
E:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe
E:\Programme\Google\Google Updater\GoogleUpdater.exe
E:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
E:\Programme\ArcorOnline\AOButler.exe
E:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
E:\WINDOWS\system32\svchost.exe
E:\Programme\Java\jre1.6.0_05\bin\jucheck.exe
E:\Programme\Mozilla Firefox\firefox.exe
E:\PROGRA~1\FREEDO~1\fdm.exe
E:\KGT\Programlar\HijackThis\test.com
E:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - E:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: (no name) - {4285296C-E6B7-4AA1-8989-4BDB20CD8417} - E:\WINDOWS\system32\xxyyxWqP.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {979a87c9-c6c3-1e3a-5a64-e7568320700a} - {a0070238-657e-46a5-a3e1-3c6c9c78a979} - E:\WINDOWS\system32\fbjros.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B237C305-472A-45EA-90CB-0C02689EBFA4} - E:\WINDOWS\system32\xxyxXRij.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Programme\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programme\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Google Desktop Search] "E:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "E:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "E:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "E:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [CAMP SHIM EXIT HECK] E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\That Face Camp Shim\Anti 32.exe
O4 - HKLM\..\Run: [fssui] "E:\Programme\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] E:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "E:\Programme\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "E:\Programme\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [LocksAtom] E:\DOKUME~1\ADMINI~1\ANWEND~1\WEBABO~1\INFO UPLOAD ACE.exe
O4 - HKCU\..\Run: [Pop up Blocker] "E:\Programme\Pop up Blocker\pd.exe" Minimize
O4 - HKCU\..\Run: [augek] e:\dokumente und einstellungen\administrator\lokale einstellungen\anwendungsdaten\augek.exe augek
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DATA BECKER - Pop-Up und Banner Blocker.lnk = E:\Programme\DATA BECKER\Pop-Up & Banner Blocker\dbad.exe
O4 - Global Startup: DATA BECKER - Werbebannerblocker.lnk = E:\Programme\DATA BECKER\Pop-Up & Banner Blocker\adblock.exe
O4 - Global Startup: Google Updater.lnk = E:\Programme\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: RoJ   ferheng.lnk = C:\Roj ferheng\RoJ ferheng.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://E:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites – h**p://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Alle Bilder von gleichem Server filtern - e:\programme\avant browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Alles mit FDM herunterladen - file://E:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://E:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://E:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Hervorheben - e:\programme\avant browser\Highlight.htm
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://E:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?3462b34d3ac14a849348f1b35c0daae4
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://E:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?3462b34d3ac14a849348f1b35c0daae4
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Suchen - e:\programme\avant browser\Search.htm
O8 - Extra context menu item: Videos mit FDM herunterladen - file://E:\Programme\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Zur Werbebanner-Filterliste hinzufügen - e:\programme\avant browser\AddToADBlackList.htm
O8 - Extra context menu item: Öffne alle Links auf dieser Seite... - e:\programme\avant browser\OpenAllLinks.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PD - {34EF9ABE-70B4-4149-9BDB-23731755FBD8} - E:\Programme\Pop up Blocker\pd.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - E:\Programme\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - E:\Programme\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - h**p://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD610BBF-CDF6-4125-B2A8-8592A747B93B}: NameServer = 195.50.140.178 195.50.140.114
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: xxyxXRij - E:\WINDOWS\SYSTEM32\xxyxXRij.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - E:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - E:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - E:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - E:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - E:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Programme\Sygate\SPF\smc.exe

--
End of file - 13296 bytes
         

Könnt Ihr mir da weiterhelfen? Und könnt Ihr mir auch nennen, um was für eine Art von Datei bzw. Ordner es sich handelt, falls ich welche im logfile löschen muss? Was ist Euer Rat, einen PC gegen Viren, Malware, Adware, Trojaner usw. zu schützen?

Ich bedanke mich herzlich für Eure Hilfe schon im Voraus.

mfg,
ttunc

Hier ist die Malwarebytes’ Scan, nach dem HijackThis scan:
(Tut mir Leid wegen dem Doppelpost, passte nicht in das obige...)

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.23
Datenbank Version: 990
Windows 5.1.2600 Service Pack 2

17:20:56 25.07.2008
mbam-log-7-25-2008 (17-20-56).txt

Scan-Methode: Vollständiger Scan (A:\|C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 133157
Laufzeit: 40 minute(s), 7 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 3
Infizierte Registrierungsschlüssel: 37
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 21
Infizierte Dateien: 99

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
E:\WINDOWS\system32\xxyyxWqP.dll (Trojan.Vundo) -> Delete on reboot.
E:\WINDOWS\system32\fbjros.dll (Trojan.Vundo) -> Delete on reboot.
E:\WINDOWS\system32\xxyxXRij.dll (Trojan.Vundo) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4285296c-e6b7-4aa1-8989-4bdb20cd8417} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4285296c-e6b7-4aa1-8989-4bdb20cd8417} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0070238-657e-46a5-a3e1-3c6c9c78a979} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a0070238-657e-46a5-a3e1-3c6c9c78a979} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b237c305-472a-45ea-90cb-0c02689ebfa4} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b237c305-472a-45ea-90cb-0c02689ebfa4} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webmediaplayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyxxrij (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b237c305-472a-45ea-90cb-0c02689ebfa4} (Trojan.Vundo) -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: e:\windows\system32\xxyyxwqp -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: e:\windows\system32\xxyyxwqp  -> Delete on reboot.

Infizierte Verzeichnisse:
E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
E:\Programme\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
E:\Programme\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
E:\Programme\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
E:\Programme\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
E:\Programme\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
E:\Programme\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
E:\Programme\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\images (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\images\EN (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\rubs (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\resources (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.

Infizierte Dateien:
E:\WINDOWS\system32\xxyyxWqP.dll (Trojan.Vundo) -> Delete on reboot.
E:\WINDOWS\system32\PqWxyyxx.ini (Trojan.Vundo) -> Delete on reboot.
E:\WINDOWS\system32\PqWxyyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\fbjros.dll (Trojan.Vundo) -> Delete on reboot.
E:\WINDOWS\system32\lkonhmxb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\bxmhnokl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\xxyxXRij.dll (Trojan.BHO) -> Delete on reboot.
E:\Programme\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (Adware.Shopping.Report) -> Quarantined and deleted successfully.
E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E4DB76HR\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K9OLEF4X\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0005\0005.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0006\setup3.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0014\RASPPPOE_098B.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0017\setup2.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0018\tl32v20.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0019\setup2.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0020\lizenz.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0024\wincmd.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0032\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0032\XPclean.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0034\tvgkey.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0042\setup2.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0043\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0044\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0045\REGGED.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0045\Templates.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0046\crack.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0051\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0054\CCEMVCDTemplates.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0054\EdCCE 17b.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0054\FITCD_V112.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0054\MATRICES.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0059\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0060\Furz.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0060\ost.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0060\Raubkopie.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Programme\B5APPZ\0060\Toilet.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{E14F6301-2CB9-452D-8492-C25C6C97DD0C}\RP167\A0101737.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{E14F6301-2CB9-452D-8492-C25C6C97DD0C}\RP167\A0101738.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\kfpxadtb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Programme\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
E:\Programme\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
E:\Programme\WebMediaPlayer\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
E:\Programme\WebMediaPlayer\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
E:\Programme\WebMediaPlayer\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
E:\Programme\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
E:\Programme\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\config.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\Gfx_de.bin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\language (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\nbmw (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\quarantine.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\skin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\Spyware-Secure.url (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\sws_translations.xml (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE.zip (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\explo_intro.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\explo_menu.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\file.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\fleche.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\folder_f.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\folder_o.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\index.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\menu3.js (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\spy.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\trait_coud.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\trait_droit.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\trait_vert.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\images\fleche.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\images\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\images\key.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\images\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\images\support.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\images\title-hepfile.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\images\EN\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\images\EN\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\images\EN\scstep2.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\rubs\3differentscan.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\rubs\contactus.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\rubs\found-objects.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\rubs\lexic.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\rubs\navigtabs.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\rubs\quarantine.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\help\help_Trial_DE\rubs\register.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\resources\cookies_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\resources\filesDesc_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\resources\filesDesc_1-12.dic (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\resources\filesExt_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\resources\filesMulti_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\resources\filesSimple_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\resources\malwaresDB_1-12 (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\Programme\Spyware-Secure\resources\register_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
E:\WINDOWS\Hosts (Trojan.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\urqOfcde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\BMa700fd03.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\BMa700fd03.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
         

Ich bitte um Hilfe!..

Es ist dringend! Ich bitte Euch um Hilfe!

Erst mal Systemwiederherstellung deaktivieren (rechte maustaste auf arbeitsplatz-->Eigenschaften-->Systemwiederherstellung-->Auf allen Laufwerken deaktivieren)

Dann CC Cleaner durchlaufen lassen!

Danach holst du dir mal Comboofix (obwohl nach dem Malwarebytes der größte teil erfolgreich gelöscht worden zu sein) und lass diesen durchlaufen, danach
fixe folgende Einträge mit HijackThis:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://home.sweetim.com

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - E:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: (no name) - {4285296C-E6B7-4AA1-8989-4BDB20CD8417} - E:\WINDOWS\system32\xxyyxWqP.dll

O2 - BHO: {979a87c9-c6c3-1e3a-5a64-e7568320700a} - {a0070238-657e-46a5-a3e1-3c6c9c78a979} - E:\WINDOWS\system32\fbjros.dll

O2 - BHO: (no name) - {B237C305-472A-45EA-90CB-0C02689EBFA4} - E:\WINDOWS\system32\xxyxXRij.dll

O4 - HKLM\..\Run: [CAMP SHIM EXIT HECK] E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\That Face Camp Shim\Anti 32.exe

O4 - HKCU\..\Run: [LocksAtom] E:\DOKUME~1\ADMINI~1\ANWEND~1\WEBABO~1\INFO UPLOAD ACE.exe

O4 - HKCU\..\Run: [Pop up Blocker] "E:\Programme\Pop up Blocker\pd.exe" Minimize

O4 - HKCU\..\Run: [augek] e:\dokumente und einstellungen\administrator\lokale einstellungen\anwendungsdaten\augek.exe augek

O4 - Global Startup: RoJ ferheng.lnk = C:\Roj ferheng\RoJ ferheng.exe

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - E:\Programme\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - E:\Programme\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O20 - Winlogon Notify: xxyxXRij - E:\WINDOWS\SYSTEM32\xxyxXRij.dll

Falls irgendwelche dieser Einträge zu einem deiner Programme gehören, welches du als gut identifizieren kannst dann lass den Eintrag bestehen.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
^
|
Fixe auch das hier falls du nicht selbst mit einem antispyware tool deine startseite geschützt hast

Danach einfach nochmal mit Malwarebytes scannen und HijackThis durchlaufen lassen.

Und das neue Logfile von Malwarebytes und HijackThis hier posten

[ICH MÖCHTE HINZUFÜGEN DAS ICH NOCH EIN NEULING BIN; ABER ICH DENKE WENN DU ALLES WIE OBEN BESCHRIEBEN AUSFÜHRST MACHST DU AUF JEDENFALL NICHTS FALSCH^^]

tut mir leid

hier das solltest du auch noch mit Hijack This fixen

E:\Programme\Windows Live\Family Safety\fsssvc.exe

und das hier
O14 - IERESET.INF: START_PAGE_URL=about:blank

Aber nur falls es sich bei diesen Einträgen nicht um die Adresse des PC-Händlers oder des 'Internet-Service-Provider (ISP)' handelt.

Aber wie schon gesagt falls ein Eintrag zu einem Programm welches du kennst dabei ist dann NICHT mit HijackThis fixen!!!

EDIT: Zu Combofix oben-->Bitte lass das erstmal bis ein sich etwas Erfahrenere sich dein logfile angeschaut haben. Aber mit den anderen Sachen machst du auf jeden Fall nichts verkehrt^^

Hallo Menardos!
Ich möchte mich als Erstes für Deine Hilfe bedanken!

Folgende Einträge habe ich nicht gefunden:

Code: Alles auswählenAufklappen

ATTFilter

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://home.sweetim.com

O2 - BHO: (no name) - {4285296C-E6B7-4AA1-8989-4BDB20CD8417} - E:\WINDOWS\system32\xxyyxWqP.dll

O2 - BHO: {979a87c9-c6c3-1e3a-5a64-e7568320700a} - {a0070238-657e-46a5-a3e1-3c6c9c78a979} - E:\WINDOWS\system32\fbjros.dll

O2 - BHO: (no name) - {B237C305-472A-45EA-90CB-0C02689EBFA4} - E:\WINDOWS\system32\xxyxXRij.dll

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - E:\Programme\ShoppingReport\Bin\2.5.0\ShoppingRepo rt.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - E:\Programme\ShoppingReport\Bin\2.5.0\ShoppingRepo rt.dll

O20 - Winlogon Notify: xxyxXRij - E:\WINDOWS\SYSTEM32\xxyxXRij.dll
         

Hier ist das aktuelle MalwareBytes’ scan:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.23
Datenbank Version: 990
Windows 5.1.2600 Service Pack 2

03:21:07 27.07.2008
mbam-log-7-27-2008 (03-21-07).txt

Scan-Methode: Vollständiger Scan (A:\|C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 101850
Laufzeit: 26 minute(s), 22 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
E:\WINDOWS\Hosts (Trojan.Agent) -> Quarantined and deleted successfully.
         

Und hier das aktuelle HijackThis scan:

Code: Alles auswählenAufklappen

ATTFilter

 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:22:25, on 27.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Programme\Sygate\SPF\smc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\drivers\CDAC11BA.EXE
E:\Programme\Windows Live\Family Safety\fsssvc.exe
E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Programme\Spyware Doctor\pctsAuxs.exe
E:\Programme\Spyware Doctor\pctsSvc.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
E:\WINDOWS\system32\rundll32.exe
E:\Programme\QuickTime\qttask.exe
E:\Programme\iTunes\iTunesHelper.exe
E:\Programme\Spyware Doctor\pctsTray.exe
E:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
E:\Programme\Java\jre1.6.0_05\bin\jusched.exe
E:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
E:\Programme\iPod\bin\iPodService.exe
E:\Programme\Windows Live\Family Safety\fssui.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\Programme\DAEMON Tools Lite\daemon.exe
E:\Programme\Electronic Arts\EADM\Core.exe
E:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe
E:\Programme\Google\Google Updater\GoogleUpdater.exe
E:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
E:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
E:\Programme\ArcorOnline\AOButler.exe
E:\Programme\Windows Live\Messenger\usnsvc.exe
E:\Programme\LimeWire\LimeWire.exe
E:\Programme\Java\jre1.6.0_05\bin\jucheck.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Programme\Mozilla Firefox\firefox.exe
E:\Programme\Trend Micro\HijackThis\HijackThis.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.arcor.de
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Programme\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programme\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "E:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "E:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "E:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "E:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [fssui] "E:\Programme\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] E:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "E:\Programme\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "E:\Programme\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DATA BECKER - Pop-Up und Banner Blocker.lnk = E:\Programme\DATA BECKER\Pop-Up & Banner Blocker\dbad.exe
O4 - Global Startup: DATA BECKER - Werbebannerblocker.lnk = E:\Programme\DATA BECKER\Pop-Up & Banner Blocker\adblock.exe
O4 - Global Startup: Google Updater.lnk = E:\Programme\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - h**p://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Alles mit FDM herunterladen - file://E:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://E:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://E:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://E:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?3462b34d3ac14a849348f1b35c0daae4
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://E:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?3462b34d3ac14a849348f1b35c0daae4
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://E:\Programme\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PD - {34EF9ABE-70B4-4149-9BDB-23731755FBD8} - E:\Programme\Pop up Blocker\pd.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - h**p://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD610BBF-CDF6-4125-B2A8-8592A747B93B}: NameServer = 195.50.140.178 195.50.140.114
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - E:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - E:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - E:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - E:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - E:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Programme\Sygate\SPF\smc.exe

--
End of file - 10605 bytes
         

Diesen Eintrag:

Code: Alles auswählenAufklappen

ATTFilter

E:\Programme\Windows Live\Family Safety\fsssvc.exe
         

kann man bei HijackThis nicht fixen, kommt im log-file aber als running process dennoch vor…

mfg,
ttunc