Hallo,
Ich habe ein Problem.
Vorhin als ich mir ein Video anschauen wollte, habe ich mir dummerweise eine Datei runtergeladen wo ein Virus drauf war.
Ich habe auch schonmal zu dem Problem etwas gegooglet und habe herausgefunden, dass ich das Programm "Anti Spy Check" auf meinem PC habe.
Nach kurzer Zeit habe ich dann das Programm SpyHunter installiert um den Virus loszuwerden. Also habe ich erstmal alles durchsucht und auch Viren gefunden.
Dann habe ich aber, meiner Meinung nach einen entscheidenen Fehler gemacht:
1.Ich habe den Scan von SpyHunter gestoppt, obwohl dieser noch nicht fertig war.
2.Dann habe ich die Dateien, die gefunden wurden, mit Häckchen versehen.
3.Zu guter letzt habe ich mit dem recht Klick, irgendtwas gemacht was aber nicht gut gewesen sein kann.
Eigentlich dachte ich damit lösche ich die Dateien indem ich rechtklick und dann auf die Anweisung klicke. Dies scheint aber nicht der Fall gewesen zu sein, denn AntiSpyCheck ist immernoch auf meinem PC.
Wenn ich jetzt aber mit SpyHunter alles durchsuche finde ich keine Viren mehr, was nun?
Danke für alle Bemühungen.

Gruß Dorian

PS: Ich hoffe, ich habe mich nicht zu unverständlich ausgedrückt.

Hi,

Welches Betriebssystem nutzt du denn?

lg myrtille

Windows XP.

Gruß Dorian

Hi,

lade dir bitte mal Malwarebytes herunter und führe es aus. Lass alle Funde löschen und poste das Log hier.

Erstelll bitte auch ein Log mit HijackThis und poste es ebenfalls hier.

lg myrtille

Mit Hijackthis

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:19:09, on 22.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\T-DSL SpeedManager\SpeedMgr.exe
D:\Java\jre1.6.0_03\bin\jusched.exe
D:\BitDefender\BitDefender 2008\bdagent.exe
D:\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
D:\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Labtec\Desktop\6.0\KbdAp32A.exe
D:\Labtec\Desktop\6.0\MOffice.exe
C:\WINDOWS\system32\ctfmon.exe
D:\ICQ6\ICQ.exe
D:\Labtec\Desktop\6.0\Mouse32V.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
D:\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
D:\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
D:\T-DSL SpeedManager\tsmsvc.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.com]Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157]MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157]MSN.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\ICQTOO~1\toolbaru.dll
O1 - Hosts: 80.239.151.231 db1.rapidshare.com
O1 - Hosts: 80.239.151.232 db2.rapidshare.com
O1 - Hosts: 80.239.151.233 db3.rapidshare.com
O1 - Hosts: 80.239.151.234 db4.rapidshare.com
O1 - Hosts: 80.239.151.235 db5.rapidshare.com
O1 - Hosts: 80.239.151.253 games.rapidshare.com
O1 - Hosts: 80.239.151.251 images.rapidshare.com
O1 - Hosts: 80.239.151.240 images2.rapidshare.com
O1 - Hosts: 82.129.39.245 kvm1.rapidshare.com
O1 - Hosts: 82.129.39.246 kvm2.rapidshare.com
O1 - Hosts: 82.129.39.247 kvm3.rapidshare.com
O1 - Hosts: 82.129.39.248 kvm4.rapidshare.com
O1 - Hosts: 82.129.39.249 kvm5.rapidshare.com
O1 - Hosts: 80.239.151.250 mail.rapidshare.com
O1 - Hosts: 80.239.151.250 ns1.rapidshare.com
O1 - Hosts: 80.239.151.234 ns2.rapidshare.com
O1 - Hosts: 80.239.151.250 pay.rapidshare.com
O1 - Hosts: 80.239.151.240 rem1.rapidshare.com
O1 - Hosts: 82.129.39.2 rs0cg.rapidshare.com
O1 - Hosts: 82.129.39.3 rs0cg.rapidshare.com
O1 - Hosts: 82.129.39.4 rs0cg.rapidshare.com
O1 - Hosts: 82.129.39.5 rs0cg.rapidshare.com
O1 - Hosts: 82.129.39.6 rs0cg.rapidshare.com
O1 - Hosts: 82.129.39.7 rs0cg.rapidshare.com
O1 - Hosts: 82.129.39.8 rs0cg.rapidshare.com
O1 - Hosts: 82.129.39.9 rs0cg.rapidshare.com
O1 - Hosts: 82.129.39.10 rs0cg.rapidshare.com
O1 - Hosts: 82.129.39.11 rs0cg.rapidshare.com
O1 - Hosts: 82.129.39.12 rs0cg.rapidshare.com
O1 - Hosts: 82.129.39.13 rs0cg.rapidshare.com
O1 - Hosts: 82.129.39.14 rs0cg.rapidshare.com
O1 - Hosts: 82.129.39.15 rs0cg.rapidshare.com
O1 - Hosts: 82.129.35.2 rs0cg2.rapidshare.com
O1 - Hosts: 82.129.35.3 rs0cg2.rapidshare.com
O1 - Hosts: 82.129.35.4 rs0cg2.rapidshare.com
O1 - Hosts: 82.129.35.5 rs0cg2.rapidshare.com
O1 - Hosts: 82.129.35.6 rs0cg2.rapidshare.com
O1 - Hosts: 82.129.35.7 rs0cg2.rapidshare.com
O1 - Hosts: 82.129.35.8 rs0cg2.rapidshare.com
O1 - Hosts: 82.129.35.9 rs0cg2.rapidshare.com
O1 - Hosts: 82.129.35.10 rs0cg2.rapidshare.com
O1 - Hosts: 82.129.35.11 rs0cg2.rapidshare.com
O1 - Hosts: 82.129.35.12 rs0cg2.rapidshare.com
O1 - Hosts: 82.129.35.13 rs0cg2.rapidshare.com
O1 - Hosts: 82.129.35.14 rs0cg2.rapidshare.com
O1 - Hosts: 82.129.35.15 rs0cg2.rapidshare.com
O1 - Hosts: 80.152.62.2 rs0dt.rapidshare.com
O1 - Hosts: 80.152.62.3 rs0dt.rapidshare.com
O1 - Hosts: 80.152.62.4 rs0dt.rapidshare.com
O1 - Hosts: 80.152.62.5 rs0dt.rapidshare.com
O1 - Hosts: 80.152.62.6 rs0dt.rapidshare.com
O1 - Hosts: 80.152.62.7 rs0dt.rapidshare.com
O1 - Hosts: 80.152.62.8 rs0dt.rapidshare.com
O1 - Hosts: 80.152.62.9 rs0dt.rapidshare.com
O1 - Hosts: 80.152.62.10 rs0dt.rapidshare.com
O1 - Hosts: 80.152.62.11 rs0dt.rapidshare.com
O1 - Hosts: 80.152.62.12 rs0dt.rapidshare.com
O1 - Hosts: 80.152.62.13 rs0dt.rapidshare.com
O1 - Hosts: 80.152.62.14 rs0dt.rapidshare.com
O1 - Hosts: 80.152.62.15 rs0dt.rapidshare.com
O1 - Hosts: 64.215.245.2 rs0gc.rapidshare.com
O1 - Hosts: 64.215.245.3 rs0gc.rapidshare.com
O1 - Hosts: 64.215.245.4 rs0gc.rapidshare.com
O1 - Hosts: 64.215.245.5 rs0gc.rapidshare.com
O1 - Hosts: 64.215.245.6 rs0gc.rapidshare.com
O1 - Hosts: 64.215.245.7 rs0gc.rapidshare.com
O1 - Hosts: 64.215.245.8 rs0gc.rapidshare.com
O1 - Hosts: 64.215.245.9 rs0gc.rapidshare.com
O1 - Hosts: 64.215.245.10 rs0gc.rapidshare.com
O1 - Hosts: 64.215.245.11 rs0gc.rapidshare.com
O1 - Hosts: 64.215.245.12 rs0gc.rapidshare.com
O1 - Hosts: 64.215.245.13 rs0gc.rapidshare.com
O1 - Hosts: 64.215.245.14 rs0gc.rapidshare.com
O1 - Hosts: 64.215.245.15 rs0gc.rapidshare.com
O1 - Hosts: 207.138.168.2 rs0gc2.rapidshare.com
O1 - Hosts: 207.138.168.3 rs0gc2.rapidshare.com
O1 - Hosts: 207.138.168.4 rs0gc2.rapidshare.com
O1 - Hosts: 207.138.168.5 rs0gc2.rapidshare.com
O1 - Hosts: 207.138.168.6 rs0gc2.rapidshare.com
O1 - Hosts: 207.138.168.7 rs0gc2.rapidshare.com
O1 - Hosts: 207.138.168.8 rs0gc2.rapidshare.com
O1 - Hosts: 207.138.168.9 rs0gc2.rapidshare.com
O1 - Hosts: 207.138.168.10 rs0gc2.rapidshare.com
O1 - Hosts: 207.138.168.11 rs0gc2.rapidshare.com
O1 - Hosts: 207.138.168.12 rs0gc2.rapidshare.com
O1 - Hosts: 207.138.168.13 rs0gc2.rapidshare.com
O1 - Hosts: 207.138.168.14 rs0gc2.rapidshare.com
O1 - Hosts: 207.138.168.15 rs0gc2.rapidshare.com
O1 - Hosts: 80.239.151.2 rs0l3.rapidshare.com
O1 - Hosts: 80.239.151.3 rs0l3.rapidshare.com
O1 - Hosts: 80.239.151.4 rs0l3.rapidshare.com
O1 - Hosts: 80.239.151.5 rs0l3.rapidshare.com
O1 - Hosts: 80.239.151.6 rs0l3.rapidshare.com
O1 - Hosts: 80.239.151.7 rs0l3.rapidshare.com
O1 - Hosts: 80.239.151.8 rs0l3.rapidshare.com
O1 - Hosts: 80.239.151.9 rs0l3.rapidshare.com
O1 - Hosts: 80.239.151.10 rs0l3.rapidshare.com
O1 - Hosts: 80.239.151.11 rs0l3.rapidshare.com
O1 - Hosts: 80.239.151.12 rs0l3.rapidshare.com
O1 - Hosts: 80.239.151.13 rs0l3.rapidshare.com
O1 - Hosts: 80.239.151.14 rs0l3.rapidshare.com
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - D:\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - D:\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\ICQTOO~1\toolbaru.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "D:\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "D:\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpyHunter Security Suite] D:\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [swg] D:\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "D:\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [LWBKEYBOARD] "D:\Labtec\Desktop\6.0\KbdAp32A.exe"
O4 - HKCU\..\Run: [LWBMOUSE] "D:\Labtec\Desktop\6.0\MOffice.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "D:\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://D:\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://D:\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://D:\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://D:\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190879313125
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - D:\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 12113 bytes
         

Mit MalwareBytes

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.25
Datenbank Version: 1077
Windows 5.1.2600 Service Pack 2

23:06:52 22.08.2008
mbam-log-08-22-2008 (23-06-52).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 115606
Laufzeit: 2 hour(s), 3 minute(s), 27 second(s)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 27
Infizierte Registrierungswerte: 22
Infizierte Dateiobjekte der Registrierung: 14
Infizierte Verzeichnisse: 1
Infizierte Dateien: 21

Infizierte Speicherprozesse:
C:\WINDOWS\system32\ubpr01.exe (Trojan.Zlob) -> Unloaded process successfully.
D:\Applications\iebtm.exe (Trojan.Zlob) -> Unloaded process successfully.
D:\Applications\iebtmm.exe (Trojan.Zlob) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\WINDOWS\system32\kcekz.dll (Trojan.Zlob) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{8dc71747-ace0-40c1-8947-54f107d0639b} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spywarning.warningbho (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spywarning.warningbho.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7b7a5443-2586-4118-804c-cb4a90a00524} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b7a5443-2586-4118-804c-cb4a90a00524} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\x123.x123mgr (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\x123.x123mgr.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3bebf2fe-7248-40e2-9752-8163eb6c4038} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0bd44ab1-76a7-4e05-92f4-4b065fe72bd6} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0bd44ab1-76a7-4e05-92f4-4b065fe72bd6} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{8dc71747-ace0-40c1-8947-54f107d0639b} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3bebf2fe-7248-40e2-9752-8163eb6c4038} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3bebf2fe-7248-40e2-9752-8163eb6c4038} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
D:\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\kcekz.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\system32\276177\276177.dll (Trojan.BHO) -> Quarantined and deleted successfully.
D:\ASpyC\ASpyC.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{4B833A91-69EF-43F6-B636-40BCB2F1E800}\RP243\A0052370.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubpr01.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Applications\iebr.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Applications\iebt.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Applications\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Applications\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Applications\iebu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\tes1.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Favoriten\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
         

Hi,

sieht ganz gut aus. Wie gehts dem Rechner?

Erstelle bitte noch ein filelisting mit diesem script:
- Script abspeichern per Rechtsklick, speichern unter auf dem Desktop
- Doppelklick auf listing7.cmd auf dem Desktop
- nach kurzer Zeit erscheint eine listing.txt auf dem Desktop

Diese listing.txt z.B. bei file-upload.net hochladen und hier verlinken, da dieses Logfile zu groß fürs Board ist.

lg myrtille

Hi,
Ersteinmal vielen Dank für die Hilfe, Klasse
Auf dem Rechner scheint nichts mehr zu sein, das Programm ist zumindest nicht mehr da

Hier die die listing.txt

Gruß Dorian

Hi,

hast du noch woanders um Hilfe gebeten? Wofür hast du Avenger gebraucht?

Poste bitte den Inhalt von C:\avenger.txt


lg myrtille

Hi,
Eigentlich, hab ich nur wie oben geschriben SpyHunter noch benutzt.
Avenger? Ich hab das noch nie gehört... .

Code: Alles auswählenAufklappen

ATTFilter

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\kcekz.dll" deleted successfully.

Error:  file "C:\WINDOWS\system32\276177\276177.dll" not found!
Deletion of file "C:\WINDOWS\system32\276177\276177.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "D:\ASpyC\ASpyC.exe"
Deletion of file "D:\ASpyC\ASpyC.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  file "D:\System Volume Information\_restore{4B833A91-69EF-43F6-B636-40BCB2F1E800}\RP243\A0052370.exe" not found!
Deletion of file "D:\System Volume Information\_restore{4B833A91-69EF-43F6-B636-40BCB2F1E800}\RP243\A0052370.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ubpr01.exe" not found!
Deletion of file "C:\WINDOWS\system32\ubpr01.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Dokumente und Einstellungen\All Users\Startmenü\Antivirus Scan.url" not found!
Deletion of file "C:\Dokumente und Einstellungen\All Users\Startmenü\Antivirus Scan.url" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Dokumente und Einstellungen\All Users\Startmenü\Online Spyware Test.url" not found!
Deletion of file "C:\Dokumente und Einstellungen\All Users\Startmenü\Online Spyware Test.url" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\Applications\iebr.dll" not found!
Deletion of file "D:\Applications\iebr.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\Applications\iebt.dll" not found!
Deletion of file "D:\Applications\iebt.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\Applications\iebtm.exe" not found!
Deletion of file "D:\Applications\iebtm.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\Applications\iebtmm.exe" not found!
Deletion of file "D:\Applications\iebtmm.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\Applications\iebtu.exe" not found!
Deletion of file "D:\Applications\iebtu.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\Applications\iebu.exe" not found!
Deletion of file "D:\Applications\iebu.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\Applications\myd.ico" not found!
Deletion of file "D:\Applications\myd.ico" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\Applications\mym.ico" not found!
Deletion of file "D:\Applications\mym.ico" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\Applications\myp.ico" not found!
Deletion of file "D:\Applications\myp.ico" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\Applications\myv.ico" not found!
Deletion of file "D:\Applications\myv.ico" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\Applications\ot.ico" not found!
Deletion of file "D:\Applications\ot.ico" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\Applications\ts.ico" not found!
Deletion of file "D:\Applications\ts.ico" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\tes1.exe" not found!
Deletion of file "C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\tes1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Dokumente und Einstellungen\Besitzer\Favoriten\Antivirus Scan.url" not found!
Deletion of file "C:\Dokumente und Einstellungen\Besitzer\Favoriten\Antivirus Scan.url" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  folder "D:\ASpyC" not found!
Deletion of folder "D:\ASpyC" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.
         

Gruß Dorian

Hi,

Willst du mich verarschen? Das Programm wurde vor anderthalb Stunden verwendet, um 23:09 um genau zu sein.
Kann außer dir noch jemand an den Rechner, warst du zu dem Zeitpunkt an dem Rechner ?
(23:09 war ca 3 Minuten nachdem Malwarebytes fertig durchgelaufen war.)

(wenn du dir anderswo hast helfen lassen, ist das vollkommen ok. Ich wills nur wissen. )

lg myrtille

Hi,
Hmm...komisch.
Eigentlich habe ich nicht weiter gemacht, nachdem das Programm zu Ende war.
Komisch, am PC kann auch niemand gewesen sein, weil ich hier alleine bin.

Kann sich das Programm auch selbstständig öffnen?

Verwirrte Grüße Dorian

Edit: Ne habe mir nicht woanders helfen lassen, wieso auch

Heya,

es gibt immer mal wieder Leute, die sich an 2-3 Foren anmelden, weil sie denken, sie bekämen so schneller Hilfe.
Deswegen kam mir der Gedanke überhaupt erst.

Hast du den Rechner direkt nach Beendigung des Scans neugestartet?

Folgenden Ordner kannst du noch löschen:

Zitat:

C:\WINDOWS\system32\276177

Wie gehts dem Rechner sonst?

Hi,
Ne wiegesagt, habe erst gegoogelt und mich dann hier angemeldet und ja auch sofort eine Antwort bekommen

Ja, ich sollte den Rechner sofort neu starten und das hat er dann auch selbstständig gemacht.

Sonst ist, meiner Meinung nach, bei dem Rechner wieder alles bestens

Gruß Dorian

Hi,

Die Avengersache ist auch nur ein Problem, weil ich so unsäglich neugierig bin und stellt keinerlei Gefahr für deinen Rechner dar.

Wenn du keine Probleme mehr hast, sollte alles in Ordnung sein und ich muss meine Neugier woanders stillen.

lg myrtille