Hallo alle zusammen,
sitze schon den zweiten Tag am PC und versuche, hier was für die Beseitugung meinses Problems zu finden. Aber, es ist so, dass ich überhaupt keine Ahnung mit den Vieren usw. habe, und gar nicht mit deren Entfernung.
Also, wenn mir jemand helfen könnte.....bitte, bitte, da ich nicht mehr weiß, wie es weiter gehen soll.
Das Problem ist folgendes, an meinem Rechner ist seit 2 Tagen ein Virus, Namens, NetWorm-i.virus@fp. Jede fünf Sekunden kommt aus dem gelben Dreieck die Warnung: Security A.
Ich hab schon das Forum tausend mal gechekt (weiß auch, dass das gegen die Regeln ist, wieder zu diesem Thema Fragen zu stellen, deswegen bitte jetzt schon um Verzeihung), aber verstehe trotzdem nicht, was ich persönlich machen soll und ich hab vor allem Angst, dass ich was noch schlimmer machen kann.

Also, hier ist der HiJackLog:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:19, on 09.09.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Applications\wcs.exe
C:\Programme\Applications\iebtm.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Applications\wcm.exe
C:\Programme\Steganos Safe Home\SteganosHotKeyService.exe
C:\Programme\Fighters\spywarefighter\SpywarefighterUser.exe
C:\Programme\Applications\iebtmm.exe
C:\Programme\Microsoft Money\System\reminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\VoipCheapCom\VoipCheapCom.exe
C:\PROGRA~1\ICQ6\ICQ.exe
C:\Programme\Hiro-Media\HiroClient\HiroClient.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Fighters\configservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Fighters\licenseservice.exe
C:\Programme\Fighters\updateservice.exe
C:\Programme\Fighters\ScannerService.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
c:\programme\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\WINDOWS\explorer.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\DOKUME~1\DAVIDU~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für avenger.zip\avenger.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {0BD44AB1-76A7-4E05-92F4-4B065FE72BD6} - C:\Programme\Applications\iebt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: VirtualNetwork module - {6C517674-DE1C-4493-977C-34A1BFAB35BA} - C:\Programme\VirtualNetwork\VirtualNetwork.dll
O2 - BHO: BitAccelerator module - {92860A02-4D69-48c1-82D7-EF6B2C609502} - C:\Programme\BitAccelerator\BitAccelerator.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TBSB03223 - {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} - C:\Programme\WebMoney Advisor\wmadvisor.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Rambler-Àññèñòåíò - {468CD8A9-7C25-45FA-969E-3D925C689DC4} - C:\Programme\Rambler Assistant\ramblertoolbarU0.dll
O3 - Toolbar: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Programme\WebMoney Advisor\wmadvisor.dll
O3 - Toolbar: Internet Service - {94A5C93F-BD18-4C46-B777-C94C145C3CAB} - C:\Programme\Applications\iebr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SAFEHOME HotKeys] "C:\Programme\Steganos Safe Home\SteganosHotKeyService.exe"
O4 - HKLM\..\Run: [Antivirus] C:\Programme\AAV\aav.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programme\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Reminder] C:\Programme\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Programme\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Antivirus] C:\Programme\AAV\aav.exe
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Programme\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programme\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SmartSurfer_0.lnk = C:\Programme\WEBDE\SmartSurfer\SmartSurfer.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Hiro-Media Client.lnk = C:\Programme\Hiro-Media\HiroClient\HiroClient.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Programme\WebMoney Advisor\wmadvisor.dll
O9 - Extra 'Tools' menuitem: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Programme\WebMoney Advisor\wmadvisor.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieextend.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieextend.com/redirect.php (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.de
O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: hiro - {50BA1131-168F-4C08-A69B-4012273F222E} - C:\Programme\Hiro-Media\HiroClient\HiroProtocolHandler.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: babblement - {d3b82107-f8fa-4ef3-8066-136e22872d4e} - C:\WINDOWS\system32\sjrggq.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PTK License-FIGHTERS-18668899 - SPAMfighter - C:\Programme\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-18668899 - SPAMfighter - C:\Programme\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-18668899 - SPAMfighter - C:\Programme\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-18668899 - SPAMfighter - C:\Programme\Fighters\configservice.exe

--
End of file - 9794 bytes


Ich wäre euch,soooooo dankbar, wenn ihr mr sagen könnt, was ich weiter machen soll!!!
P.S.: und ich hätte noch eine Bitte: wenn ihr könnt, schreibt bitte, bitte einfach, weil ich bin ein Ausländer und hab Probleme diese ganze PC-Begriffe(wie gebootet oder gepostet usw.) zu verstehen. Wenn ich so könnt, wäre ich euch wirklich sehr dankbar.

Halli hallo kaikka2003

Dateien Online überprüfen lassen:


* Lasse dir auch die versteckten Dateien anzeigen!

* Suche die Seite Virtustotal auf. Kopiere folgenden Dateipfad per copy and paste in das Eingabefeld neben dem "Durchsuchen"-Button. Klicke danach auf "Senden der Datei"!

* Alternativ kannst du dir die Datei natürlich auch über den "Durchsuchen"-Button selbst heraussuchen.

Zitat:

C:\Programme\Hiro-Media\HiroClient\HiroProtocolHandler.dll
C:\Programme\Hiro-Media\HiroClient\HiroClient.exe
C:\Programme\Applications\iebtm.exe
C:\Programme\Applications\wcs.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
* Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
(Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!)

Danke viel mals, dass du mir so schnell geanwortest hast
Wenn ich es richtig gemacht habe, dann ist es das hier:
Datei iebtm.exe empfangen 2008.09.09 12:47:42 (CET)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.9.6.0 2008.09.09 -
AntiVir 7.8.1.28 2008.09.09 -
Authentium 5.1.0.4 2008.09.09 -
Avast 4.8.1195.0 2008.09.08 -
AVG 8.0.0.161 2008.09.09 -
BitDefender 7.2 2008.09.09 Dropped:Trojan.Zlob.2.Gen
CAT-QuickHeal 9.50 2008.09.06 -
ClamAV 0.93.1 2008.09.09 -
DrWeb 4.44.0.09170 2008.09.09 -
eSafe 7.0.17.0 2008.09.07 Suspicious File
eTrust-Vet 31.6.6078 2008.09.09 Win32/Puper!generic
Ewido 4.0 2008.09.08 -
F-Prot 4.4.4.56 2008.09.08 -
F-Secure 8.0.14332.0 2008.09.09 -
Fortinet 3.112.0.0 2008.09.09 -
GData 19 2008.09.09 -
Ikarus T3.1.1.34.0 2008.09.09 -
K7AntiVirus 7.10.446 2008.09.08 -
Kaspersky 7.0.0.125 2008.09.09 -
McAfee 5379 2008.09.08 -
Microsoft 1.3903 2008.09.09 TrojanDownloader:Win32/Zlob
NOD32v2 3427 2008.09.09 -
Norman 5.80.02 2008.09.08 -
Panda 9.0.0.4 2008.09.08 -
PCTools 4.4.2.0 2008.09.09 Trojan.Popuper
Prevx1 V2 2008.09.09 Malware Dropper
Rising 20.61.12.00 2008.09.09 Trojan.Win32.Small.zza
Sophos 4.33.0 2008.09.09 Troj/Zlob-ALO
Sunbelt 3.1.1616.1 2008.09.09 -
Symantec 10 2008.09.09 -
TheHacker 6.3.0.8.075 2008.09.06 -
TrendMicro 8.700.0.1004 2008.09.09 PAK_Generic.001
VBA32 3.12.8.5 2008.09.08 -
ViRobot 2008.9.9.1369 2008.09.09 -
VirusBuster 4.5.11.0 2008.09.08 -
Webwasher-Gateway 6.6.2 2008.09.09 -
weitere Informationen
File size: 28672 bytes
MD5...: 5fd28a916ba5cf84345a46e40fcd2dd8
SHA1..: 4d3ceb997f7833d8117113b184f3a18515b2f158
SHA256: 0b9c76415c7e6b2ccf6241134c76d66165fc0728da637b9398b56c103441bc98
SHA512: e759de8a1b10a7f74002723eae920aa65b347da4085e44b5fdce4eb8be10e165<br>7c7072d50977558bdaba6e5aa8ea7605d0e2f54bf46a8ecdcf5fcec255c3f1d6
PEiD..: -
TrID..: File type identification<br>UPX compressed Win32 Executable (43.8%)<br>Win32 EXE Yoda's Crypter (38.1%)<br>Win32 Executable Generic (12.2%)<br>Generic Win/DOS Executable (2.8%)<br>DOS Executable Generic (2.8%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x401034<br>timedatestamp.....: 0x48c35eab (Sun Sep 07 04:55:07 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x227e 0x2400 5.84 b0205cac9e78be67b1cd47586764e347<br>.rdata 0x4000 0xd84 0xe00 5.44 0e90aa2a4ace6de175ee134ba29a0733<br>.data 0x5000 0x47c 0x200 1.13 ffc248ff8da9d2cd94f11c0bf938b31a<br>.rsrc 0x6000 0x36c0 0x3800 6.54 ab75a2143064326558cfa31d2cf7b10e<br><br>( 5 imports ) <br>&gt; KERNEL32.dll: LoadLibraryExA, GetProcAddress, GetModuleHandleA, GetLastError, CreateEventA, FreeLibrary, CreateFileA, WaitForSingleObject, LoadResource, FindResourceA, Sleep, CloseHandle, GetFileAttributesA, DeleteFileA, ExitThread, GetModuleFileNameA, lstrcpyA, lstrcatA, WideCharToMultiByte, ExitProcess, Process32First, LoadLibraryA, CreateToolhelp32Snapshot, CompareStringA, lstrcmpA, lstrlenA, SetEvent, LoadLibraryW, ResetEvent, WaitForMultipleObjects, CreateThread, WriteFile<br>&gt; USER32.dll: TranslateMessage, FindWindowA, wsprintfA, DispatchMessageA, SetThreadDesktop, PeekMessageA, CreateWindowExA, BeginPaint, CreateDesktopA, MsgWaitForMultipleObjects, DestroyWindow, ShowWindow<br>&gt; ADVAPI32.dll: RegEnumKeyA, RegLoadKeyW, RegOpenKeyA, RegQueryValueExA, RegSaveKeyA, RegOpenKeyExA, RegCloseKey, RegDeleteKeyA, RegCreateKeyExA, RegNotifyChangeKeyValue<br>&gt; ole32.dll: CoUninitialize, CoInitialize<br>&gt; SHELL32.dll: SHGetFolderPathA<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=8335A818004A07B070C700210B2D300069E1A3CB
packers (F-Prot): UPX

und weiter

atei wcs.exe empfangen 2008.09.09 15:46:17 (CET)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 - - -
AntiVir - - -
Authentium - - W32/FakeAlert.O.gen!Eldorado
Avast - - -
AVG - - Downloader.Zlob.ABUN
BitDefender - - Trojan.Downloader.Zlob.ABRP
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - Win32/Moiling!generic
Ewido - - -
F-Prot - - W32/FakeAlert.O.gen!Eldorado
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - Trojan-Downloader.Zlob.ABRP
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - Trojan:Win32/Zlob.KM
NOD32v2 - - -
Norman - - W32/Zlob.gen115
Panda - - Suspicious file
PCTools - - -
Prevx1 - - Malware Dropper
Rising - - Trojan.Win32.Small.zza
Sophos - - Troj/Zlob-ALO
Sunbelt - - Trojan-Downloader.Zlob.Media-Codec
TheHacker - - -
TrendMicro - - PAK_Generic.001
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Webwasher-Gateway - - -
weitere Informationen
MD5: 706665924ef786a5a22ea4ff9c26c8a4
SHA1: d457402868bb39186cdc897cbe79ac978920d34d
SHA256: 3e020ec7fe10763b914f8fc93746e510482b2ed421062d093ba0ecc63cbb99db
SHA512: 8c01f18cf3de91ee8b385876c412ca519ff51e1caf74cc5f9afe4587a5c87e1d1e2594084b1ab4b20d0e35cf0e28b9014ca9de5d80fc15cdaaa1f09b346f9fcd




die ersten zwei Dateien ( C:\Programme\Hiro-Media\HiroClient\HiroProtocolHandler.dll
C:\Programme\Hiro-Media\HiroClient\HiroClient.exe) waren laut Virustotal in Ordnung, ist wurden keine Funde gefunden.

Danke noch mal, dass du bereit bist, mir zu helfen!!!!!

Hallo noch mal,
also, ich hab wie immer etwas falsch gemacht, ich hab erst die Datei bei Virustotal geprüft und dann erst mir die versteckten Dateien anzeigen lassen.
Ich hab aber noch mal diese Prozedure, wie du mir gesagt hast richtig gemacht, und das sind die Ergebnisse:

Die beiden zwei Datei sind nach wie vor sauber (C:\Programme\Hiro-Media\HiroClient\HiroProtocolHandler.dll
C:\Programme\Hiro-Media\HiroClient\HiroClient.exe)

Und die andere sehen so aus:

Datei iebtm.exe empfangen 2008.09.09 22:01:46 (CET)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.9.6.0 2008.09.09 -
AntiVir 7.8.1.28 2008.09.09 DR/Zlob.2.Gen.10
Authentium 5.1.0.4 2008.09.09 -
Avast 4.8.1195.0 2008.09.08 -
AVG 8.0.0.161 2008.09.09 -
BitDefender 7.2 2008.09.09 Dropped:Trojan.Zlob.2.Gen
CAT-QuickHeal 9.50 2008.09.06 -
ClamAV 0.93.1 2008.09.09 -
DrWeb 4.44.0.09170 2008.09.09 -
eSafe 7.0.17.0 2008.09.09 Suspicious File
eTrust-Vet 31.6.6080 2008.09.09 Win32/Puper!generic
Ewido 4.0 2008.09.09 -
F-Prot 4.4.4.56 2008.09.09 -
F-Secure 8.0.14332.0 2008.09.09 -
Fortinet 3.112.0.0 2008.09.09 -
GData 19 2008.09.09 -
Ikarus T3.1.1.34.0 2008.09.09 -
K7AntiVirus 7.10.448 2008.09.09 -
Kaspersky 7.0.0.125 2008.09.09 -
McAfee 5380 2008.09.09 -
Microsoft 1.3903 2008.09.09 TrojanDownloader:Win32/Zlob
NOD32v2 3429 2008.09.09 -
Norman 5.80.02 2008.09.08 -
Panda 9.0.0.4 2008.09.09 -
PCTools 4.4.2.0 2008.09.09 Trojan.Popuper
Prevx1 V2 2008.09.09 Malware Dropper
Rising 20.61.12.00 2008.09.09 Trojan.Win32.Small.zza
Sophos 4.33.0 2008.09.09 Troj/Zlob-ALO
Sunbelt 3.1.1616.1 2008.09.09 -
Symantec 10 2008.09.09 Trojan.Zlob
TheHacker 6.3.0.8.075 2008.09.06 -
TrendMicro 8.700.0.1004 2008.09.09 PAK_Generic.001
VBA32 3.12.8.5 2008.09.09 -
ViRobot 2008.9.9.1369 2008.09.09 -
VirusBuster 4.5.11.0 2008.09.09 -
Webwasher-Gateway 6.6.2 2008.09.09 Trojan.Dropper.Zlob.2.Gen.10
weitere Informationen
File size: 28672 bytes
MD5...: 5fd28a916ba5cf84345a46e40fcd2dd8
SHA1..: 4d3ceb997f7833d8117113b184f3a18515b2f158
SHA256: 0b9c76415c7e6b2ccf6241134c76d66165fc0728da637b9398b56c103441bc98
SHA512: e759de8a1b10a7f74002723eae920aa65b347da4085e44b5fdce4eb8be10e165<br>7c7072d50977558bdaba6e5aa8ea7605d0e2f54bf46a8ecdcf5fcec255c3f1d6
PEiD..: -
TrID..: File type identification<br>UPX compressed Win32 Executable (43.8%)<br>Win32 EXE Yoda's Crypter (38.1%)<br>Win32 Executable Generic (12.2%)<br>Generic Win/DOS Executable (2.8%)<br>DOS Executable Generic (2.8%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x401034<br>timedatestamp.....: 0x48c35eab (Sun Sep 07 04:55:07 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x227e 0x2400 5.84 b0205cac9e78be67b1cd47586764e347<br>.rdata 0x4000 0xd84 0xe00 5.44 0e90aa2a4ace6de175ee134ba29a0733<br>.data 0x5000 0x47c 0x200 1.13 ffc248ff8da9d2cd94f11c0bf938b31a<br>.rsrc 0x6000 0x36c0 0x3800 6.54 ab75a2143064326558cfa31d2cf7b10e<br><br>( 5 imports ) <br>&gt; KERNEL32.dll: LoadLibraryExA, GetProcAddress, GetModuleHandleA, GetLastError, CreateEventA, FreeLibrary, CreateFileA, WaitForSingleObject, LoadResource, FindResourceA, Sleep, CloseHandle, GetFileAttributesA, DeleteFileA, ExitThread, GetModuleFileNameA, lstrcpyA, lstrcatA, WideCharToMultiByte, ExitProcess, Process32First, LoadLibraryA, CreateToolhelp32Snapshot, CompareStringA, lstrcmpA, lstrlenA, SetEvent, LoadLibraryW, ResetEvent, WaitForMultipleObjects, CreateThread, WriteFile<br>&gt; USER32.dll: TranslateMessage, FindWindowA, wsprintfA, DispatchMessageA, SetThreadDesktop, PeekMessageA, CreateWindowExA, BeginPaint, CreateDesktopA, MsgWaitForMultipleObjects, DestroyWindow, ShowWindow<br>&gt; ADVAPI32.dll: RegEnumKeyA, RegLoadKeyW, RegOpenKeyA, RegQueryValueExA, RegSaveKeyA, RegOpenKeyExA, RegCloseKey, RegDeleteKeyA, RegCreateKeyExA, RegNotifyChangeKeyValue<br>&gt; ole32.dll: CoUninitialize, CoInitialize<br>&gt; SHELL32.dll: SHGetFolderPathA<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=8335A818004A07B070C700210B2D300069E1A3CB
packers (F-Prot): UPX



Datei wcs.exe empfangen 2008.09.09 22:04:19 (CET)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.9.6.0 2008.09.09 -
AntiVir 7.8.1.28 2008.09.09 -
Authentium 5.1.0.4 2008.09.09 W32/FakeAlert.O.gen!Eldorado
Avast 4.8.1195.0 2008.09.08 -
AVG 8.0.0.161 2008.09.09 Downloader.Zlob.ABUN
BitDefender 7.2 2008.09.09 Trojan.Downloader.Zlob.ABRP
CAT-QuickHeal 9.50 2008.09.06 -
ClamAV 0.93.1 2008.09.09 -
DrWeb 4.44.0.09170 2008.09.09 -
eSafe 7.0.17.0 2008.09.09 Suspicious File
eTrust-Vet 31.6.6080 2008.09.09 Win32/Moiling!generic
Ewido 4.0 2008.09.09 -
F-Prot 4.4.4.56 2008.09.09 W32/FakeAlert.O.gen!Eldorado
F-Secure 8.0.14332.0 2008.09.09 -
Fortinet 3.112.0.0 2008.09.09 -
GData 19 2008.09.09 -
Ikarus T3.1.1.34.0 2008.09.09 Trojan-Downloader.Zlob.ABRP
K7AntiVirus 7.10.448 2008.09.09 -
Kaspersky 7.0.0.125 2008.09.09 -
McAfee 5380 2008.09.09 -
Microsoft 1.3903 2008.09.09 Trojan:Win32/Zlob.KM
NOD32v2 3429 2008.09.09 -
Norman 5.80.02 2008.09.08 W32/Zlob.gen115
Panda 9.0.0.4 2008.09.09 Suspicious file
PCTools 4.4.2.0 2008.09.09 -
Prevx1 V2 2008.09.09 Malware Dropper
Rising 20.61.12.00 2008.09.09 Trojan.Win32.Small.zza
Sophos 4.33.0 2008.09.09 Troj/Zlob-ALO
Sunbelt 3.1.1616.1 2008.09.09 Trojan-Downloader.Zlob.Media-Codec
Symantec 10 2008.09.09 Trojan.Fakeavalert
TheHacker 6.3.0.8.075 2008.09.06 -
TrendMicro 8.700.0.1004 2008.09.09 PAK_Generic.001
VBA32 3.12.8.5 2008.09.09 -
ViRobot 2008.9.9.1369 2008.09.09 -
VirusBuster 4.5.11.0 2008.09.09 -
Webwasher-Gateway 6.6.2 2008.09.09 -
weitere Informationen
File size: 15872 bytes
MD5...: 706665924ef786a5a22ea4ff9c26c8a4
SHA1..: d457402868bb39186cdc897cbe79ac978920d34d
SHA256: 3e020ec7fe10763b914f8fc93746e510482b2ed421062d093ba0ecc63cbb99db
SHA512: 8c01f18cf3de91ee8b385876c412ca519ff51e1caf74cc5f9afe4587a5c87e1d<br>1e2594084b1ab4b20d0e35cf0e28b9014ca9de5d80fc15cdaaa1f09b346f9fcd
PEiD..: -
TrID..: File type identification<br>UPX compressed Win32 Executable (33.8%)<br>Win32 EXE Yoda's Crypter (29.4%)<br>Windows Screen Saver (14.5%)<br>Win32 Executable Generic (9.4%)<br>Win32 Dynamic Link Library (generic) (8.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40ef80<br>timedatestamp.....: 0x48c35e73 (Sun Sep 07 04:54:11 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0xc000 0x4000 0x3200 7.83 9f709c9c6e82e6b999b1047ae5244135<br>.rsrc 0x10000 0x1000 0x800 2.68 ddd82233fb70a01fc877792bd3385e1d<br><br>( 7 imports ) <br>&gt; KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>&gt; ADVAPI32.dll: RegOpenKeyA<br>&gt; ole32.dll: CoInitialize<br>&gt; OLEAUT32.dll: -<br>&gt; SHELL32.dll: SHGetFolderPathA<br>&gt; USER32.dll: LoadIconA<br>&gt; WININET.dll: HttpQueryInfoA<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=98F89DB700960CF23E92003B23984B00EF0CFA43
packers (Kaspersky): PE_Patch.UPX, UPX



tut mir sehr Leid, das ich so viel Sorgen euch bereite, und tut mir Leid, dass ich so dooof bin, ich bin einfach null, was diese ganze PC Geschichte angeht.
Vielen vielen dank für deine Hilfe, ich hoffe, du schreibst mir, was ich weiter machen soll, bitte, bitte.....

Folge dieser Anleitung (Analyse und Bereinigung) und poste den rapport.

Mache danach Scans mit SUPERAntiSpyware und Anti-Malware und poste die logs.

Hallölchen,
also ich hab es alles gemacht, hier sind die logs:

SmitFraudFix v2.348

Scan done at 10:57:19,01, 10.09.2008
Run from C:\PROGRA~1\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Applications\wcs.exe
C:\Programme\Applications\iebtm.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Applications\wcm.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Steganos Safe Home\SteganosHotKeyService.exe
C:\Programme\Fighters\spywarefighter\SpywarefighterUser.exe
C:\Programme\Microsoft Money\System\reminder.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Programme\Applications\iebtmm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\VoipCheapCom\VoipCheapCom.exe
C:\PROGRA~1\ICQ6\ICQ.exe
C:\Programme\Hiro-Media\HiroClient\HiroClient.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Fighters\configservice.exe
C:\Programme\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Fighters\licenseservice.exe
C:\Programme\Fighters\updateservice.exe
C:\Programme\Fighters\ScannerService.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
c:\programme\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\sjrggq.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\*** und Ksenia


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\*** und Ksenia\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOKUME~1\ALLUSE~1\STARTM~1\Antivirus Scan.url FOUND !
C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Spyware Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\DAVIDU~1\FAVORI~1

C:\DOKUME~1\DAVIDU~1\FAVORI~1\Antivirus Scan.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme

C:\Programme\Applications\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d3b82107-f8fa-4ef3-8066-136e22872d4e}"="babblement"

[HKEY_CLASSES_ROOT\CLSID\{d3b82107-f8fa-4ef3-8066-136e22872d4e}\InProcServer32]
@="C:\WINDOWS\system32\sjrggq.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d3b82107-f8fa-4ef3-8066-136e22872d4e}\InProcServer32]
@="C:\WINDOWS\system32\sjrggq.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Paketplaner-Miniport
DNS Server Search Order: 192.168.178.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{40ED9B3C-1621-4FBF-88D2-385FDAEB8D9E}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{40ED9B3C-1621-4FBF-88D2-385FDAEB8D9E}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{40ED9B3C-1621-4FBF-88D2-385FDAEB8D9E}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

und weiter:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/10/2008 at 12:10 PM

Application Version : 4.21.1004

Core Rules Database Version : 3561
Trace Rules Database Version: 1549

Scan type : Complete Scan
Total Scan Time : 00:43:27

Memory items scanned : 376
Memory threats detected : 1
Registry items scanned : 5860
Registry threats detected : 77
File items scanned : 28452
File threats detected : 441

Trojan.FakeAlert-Gen/Variant
C:\WINDOWS\SYSTEM32\SJRGGQ.DLL
C:\WINDOWS\SYSTEM32\SJRGGQ.DLL

Adware.Media-Codec/ZLob
[smile] C:\PROGRAMME\APPLICATIONS\WCS.EXE
C:\PROGRAMME\APPLICATIONS\WCS.EXE
[start] C:\PROGRAMME\APPLICATIONS\IEBTM.EXE
C:\PROGRAMME\APPLICATIONS\IEBTM.EXE
C:\Programme\Applications\IEBTMM.EXE
C:\Programme\Applications\WCM.EXE
C:\Programme\Applications
C:\WINDOWS\Prefetch\IEBTM.EXE-38998049.pf
C:\WINDOWS\Prefetch\IEBTMM.EXE-226C9286.pf
C:\WINDOWS\Prefetch\WCM.EXE-02C83798.pf

Trojan.FakeAlert-IEBT
HKLM\Software\Classes\CLSID\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}
HKCR\CLSID\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}
HKCR\CLSID\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}#www
HKCR\CLSID\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}\InprocServer32
HKCR\CLSID\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}\InprocServer32#ThreadingModel
C:\PROGRAMME\APPLICATIONS\IEBT.DLL
HKLM\Software\Classes\CLSID\{94A5C93F-BD18-4C46-B777-C94C145C3CAB}
HKCR\CLSID\{94A5C93F-BD18-4C46-B777-C94C145C3CAB}
HKCR\CLSID\{94A5C93F-BD18-4C46-B777-C94C145C3CAB}
HKCR\CLSID\{94A5C93F-BD18-4C46-B777-C94C145C3CAB}\Implemented Categories
HKCR\CLSID\{94A5C93F-BD18-4C46-B777-C94C145C3CAB}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{94A5C93F-BD18-4C46-B777-C94C145C3CAB}\InprocServer32
HKCR\CLSID\{94A5C93F-BD18-4C46-B777-C94C145C3CAB}\InprocServer32#ThreadingModel
C:\PROGRAMME\APPLICATIONS\IEBR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{94A5C93F-BD18-4C46-B777-C94C145C3CAB}
HKCR\CLSID\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}

Trojan.Unclassified/VirtualNetwork
HKLM\Software\Classes\CLSID\{6C517674-DE1C-4493-977C-34A1BFAB35BA}
HKCR\CLSID\{6C517674-DE1C-4493-977C-34A1BFAB35BA}
HKCR\CLSID\{6C517674-DE1C-4493-977C-34A1BFAB35BA}
HKCR\CLSID\{6C517674-DE1C-4493-977C-34A1BFAB35BA}#Install
HKCR\CLSID\{6C517674-DE1C-4493-977C-34A1BFAB35BA}\InprocServer32
HKCR\CLSID\{6C517674-DE1C-4493-977C-34A1BFAB35BA}\InprocServer32#ThreadingModel
HKCR\CLSID\{6C517674-DE1C-4493-977C-34A1BFAB35BA}\ProgID
HKCR\CLSID\{6C517674-DE1C-4493-977C-34A1BFAB35BA}\Programmable
HKCR\CLSID\{6C517674-DE1C-4493-977C-34A1BFAB35BA}\TypeLib
HKCR\CLSID\{6C517674-DE1C-4493-977C-34A1BFAB35BA}\VersionIndependentProgID
HKCR\VirtualNetwork.VirtualNetwork.1
HKCR\VirtualNetwork.VirtualNetwork.1\CLSID
HKCR\VirtualNetwork.VirtualNetwork
HKCR\VirtualNetwork.VirtualNetwork\CLSID
HKCR\VirtualNetwork.VirtualNetwork\CurVer
HKCR\TypeLib\{E6A76A01-A0D3-4050-974F-0644EB82438B}
HKCR\TypeLib\{E6A76A01-A0D3-4050-974F-0644EB82438B}\1.0
HKCR\TypeLib\{E6A76A01-A0D3-4050-974F-0644EB82438B}\1.0\0
HKCR\TypeLib\{E6A76A01-A0D3-4050-974F-0644EB82438B}\1.0\0\win32
C:\PROGRAMME\VIRTUALNETWORK\VIRTUALNETWORK.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C517674-DE1C-4493-977C-34A1BFAB35BA}

Adware.HBHelper
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
HKCR\URLSearchHook.ToolbarURLSearchHook.1
HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID
HKCR\URLSearchHook.ToolbarURLSearchHook
HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
C:\PROGRAMME\WEBMONEY ADVISOR\TBHELPER.DLL

Trojan.Smitfraud Variant
HKLM\Software\Classes\CLSID\{d3b82107-f8fa-4ef3-8066-136e22872d4e}
HKCR\CLSID\{D3B82107-F8FA-4EF3-8066-136E22872D4E}
HKCR\CLSID\{D3B82107-F8FA-4EF3-8066-136E22872D4E}\InProcServer32
HKCR\CLSID\{D3B82107-F8FA-4EF3-8066-136E22872D4E}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{d3b82107-f8fa-4ef3-8066-136e22872d4e}

Trojan.Smitfraud Variant/IE Anti-Spyware
HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@overture[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@tracking-nvag-ew.diacc[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@questionmarket[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@www3.234.media.lbn[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@dealtime[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@hitbox[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@krombacher[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@action[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@stat.onestat[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@www.zanox-affiliate[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@ad.adnet[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ad.text-ent.tbn[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@statse.webtrendslive[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@count.rbc[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@468.rbcmedia[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@adopt.euroclick[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@mediaplex[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ads.addynamix[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ad.triplemind[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@rotabanner.dni[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ehg-idg.hitbox[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@www.comixxx[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@nissan-de[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@rotabanner.rian[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@603[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@adfarm1.adition[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@adviva[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ads.germany[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@www.etracker[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@hotlog[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@mbb[3].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ad.ural-banners.bb[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@atdmt[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@best-porncollection[4].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@euros4click[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@nissan[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@rambler[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@2o7[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@komtrack[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@casalemedia[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@ads.adfox[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@engine.adnet[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@198[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@www.bluecounter[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@715[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@adserver.archaeologie-online[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@rotabanner234.utro[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@qksrv[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@ad.slutload[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ads.adsag[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@e-2dj6wfmiqnazwfo.stats.esomniture[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@serving-sys[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@estat[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@e-2dj6wjl4sjc5ibo.stats.esomniture[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@ehg-tiscover.hitbox[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@as-eu.falkag[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@hmt.connexpromotions[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@list[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@bfast[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@bluestreak[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ads1.moonchildmedia[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@advertising[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@www.free-hit-counter[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@specificclick[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@bannerbank[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@exchange.adservant[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@adtech[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@bs.serving-sys[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@adserver.71i[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ads.pointroll[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@tns-counter[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@partners.webmasterplan[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ads.planetactive[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ads.wanadooregie[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@altastat[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@hk[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@a2.adserver01[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@webstats.motigo[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@yadro[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@ads.heias[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@doubleclick[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@tradedoubler[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@as1.falkag[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@valueclick[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@rb2.rotabanner[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@spylog[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@rotabanner.izvestia[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ad.600.tbn[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@clx[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@ad.zanox[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@adbrite[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@apmebf[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@mediavantage[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@tracking.quisma[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@www.finde-dein-auto[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@vacanceselect[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@statcounter[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@4stats[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ad.100.tbn[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@muenchen-de[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ehg-yvesrocher.hitbox[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@weborama[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@spain-info[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@234.media.lbn[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@www.counter[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@autoscout24.112.2o7[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@myaccount.voipcheap[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@aboutporno[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@newmediadriver[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@sexotop[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@counter.hitslink[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@tizer.mediarotator[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ehg-oneinternet.hitbox[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@pornostudiya[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@teaser.media.lbn[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@stat.dealtime[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@inno.porneed[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ads.us.e-planning[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@data.coremetrics[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@seafight.rambler[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@ad.yieldmanager[3].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@cgi-bin[4].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@bigsexshok[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@nissaneurope.112.2o7[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@640676078248210[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ads.skyme[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@bertelsmann.112.2o7[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@ad.100-gen.tbn[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ad.ent.tbn[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@sexsuka[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@xxx4u[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@rotabanner100.utro[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@banner.kiev[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@planeta.rambler[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@metacafe.122.2o7[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@sex.forced-porn[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@zoomporno[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@rotabanner.auto[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@www.tns-counter[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ads.rb[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@euroclick[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@richmedia.yahoo[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ad.webmtext.tbn[2].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@www.one-tracker[1].txt
C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david und ksenia@ad.bannerbank[1].txt

also, hatte Probleme mit dem Hochladen der Logs von AntiMalware, ist zu groß, aber hier ist als Anhang die vollständige Version von SuperAntiSpyware.

und das letzte:

Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1136
Windows 5.1.2600 Service Pack 3

10.09.2008 14:22:32
mbam-log-2008-09-10 (14-22-32).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 148366
Laufzeit: 1 hour(s), 52 minute(s), 57 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 10
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 30
Infizierte Dateien: 317

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\bitaccelerator.bitaccelerator (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{431d251c-b43a-47d7-b4f4-07a101b432d6} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8cb0d898-a6a2-48c3-bbd7-862f85b18d46} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{92860a02-4d69-48c1-82d7-ef6b2c609502} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92860a02-4d69-48c1-82d7-ef6b2c609502} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c1de446a-8770-4621-9378-f1922c74a36c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bitaccelerator.bitaccelerator.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b87b54f6-7cd5-45b2-b873-3f95c558768a} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BitAccelerator (Adware.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.Antivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Casino (Adware.Casino) -> Delete on reboot.
C:\Casino\Casino-Club (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\data (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\data (Adware.Casino) -> Files: 994 -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\help (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\midi (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\modules (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\sfx (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\sfx (Adware.Casino) -> Files: 468 -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch (Adware.Casino) -> Delete on reboot.
C:\Casino\Casino-Club Deutsch\data (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\data (Adware.Casino) -> Files: 777 -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\download (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\download\delta (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\download\gfx (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\download\modules (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\download\sfx (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\download\xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\gfx (Adware.Casino) -> Delete on reboot.
C:\Casino\Casino-Club Deutsch\gfx (Adware.Casino) -> Files: 1239 -> Delete on reboot.
C:\Casino\Casino-Club Deutsch\help (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\logs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\midi (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\modules (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\sfx (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\sfx (Adware.Casino) -> Files: 1161 -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\xrs (Adware.Casino) -> Files: 377 -> Quarantined and deleted successfully.
C:\Programme\BitAccelerator (Adware.BHO) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\BitAccelerator\BitAccelerator.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\4rd.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\5d.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\bay.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\bj.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\bms.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\cam.cas (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\cardlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\cashier.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\casino.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\common.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\countries.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\cp.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\cr.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\db.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\devlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\devlibcomm.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\filemap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\games.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\gp2.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\hnm.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\install.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\INSTALL.LOG (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\jbs.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\jjs.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\ke.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\kzo.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\licens.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\mba.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\mds.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\modstatus.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\mp3dec.asi (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\mss32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\msvcrt.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\mw.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\options.cfg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\pg.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\phist.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\ro.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\sb.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\shfolder.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\singleplayer.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\slotcore.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\srvmap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\super7.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\UNWISE.EXE (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\update.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\vp2.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\webdollar.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xgs.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xml.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\help\funmoneyhelp.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\help\netellerdeposittemplate.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\help\ppdeposittemplate.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\midi\club1.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\midi\club3.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\midi\club4.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\4rd_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\4rd_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\4rd_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\4rd_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\5d_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\5d_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\5d_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\5d_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bay_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bay_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bay_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bj_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bj_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bj_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bj_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bj_onedeck_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bj_onedeck_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bj_onedeck_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bj_ss_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bj_ss_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bj_ss_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bj_ss_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bms2_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bms2_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bms2_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bms_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bms_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bms_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\bms_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\cashier.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\cashier_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\cf_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\cf_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\cf_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\cp_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\cp_jackpotview.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\cp_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\cp_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\cp_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\cr_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\cr_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\cr_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\cr_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\dw_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\dw_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\dw_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ebj_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ebj_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ebj_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ebj_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\euro_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\euro_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\euro_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\euro_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ext_casinosettings.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ext_craps.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ext_game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ext_general_all.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ext_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ext_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ext_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ext_mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ext_misc.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\filemap.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\fro_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\fro_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\fro_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\fro_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\games_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\game_panel_4rd.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\game_panel_5d.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\game_panel_bj.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\game_panel_bms.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\game_panel_cp.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\game_panel_cr.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\game_panel_jbs.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\game_panel_ke.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\game_panel_mba.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\game_panel_mw.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\game_panel_none.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\game_panel_pg.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\game_panel_ro.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\game_panel_sb.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\game_panel_slot.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\gp2_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\gp2_jackpotview.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\gp2_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\gp2_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\gp2_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\hnm_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\hnm_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\hnm_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\install.xrs (Adware.Casino) -> Quarantined and deleted successfully.

Lösche den Ordner C:\Casino


Panda Active Scan

Folgende Seite führt dich durch die Installation: PandaActiveScan2.0 Installation

Drücke auf Jetzt Scannen!

Eine Registrierung ist nicht erforderlich!

Nachdem der Scan abgeschlossen ist drücke auf das Text-Icon Export und speichere das log auf dem Desktop.
Öffne die Datei ActiveScan.txt die sich nun auf deinem Desktop befindet und poste uns den Inhalt.

das ist der letzte Stück:

C:\Casino\Casino-Club\xrs\jackpotview.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jbs2_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jbs2_jackpotview.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jbs2_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jbs2_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jbs2_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jbs3_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jbs3_jackpotview.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jbs3_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jbs3_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jbs3_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jbs_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jbs_jackpotview.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jbs_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jbs_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jbs_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jjs_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jjs_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jjs_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jpp_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jpp_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\jpp_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ke_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ke_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ke_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\ke_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\kzo_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\kzo_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\kzo_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\mba_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\mba_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\mba_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\mba_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\mds_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\mds_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\mds_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\mw_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\mw_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\mw_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\mw_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\none_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\optdef.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\pg_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\pg_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\pg_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\pg_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\playerhistory.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\rtro_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\rtro_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\rtro_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\rtro_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\sb_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\sb_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\sb_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\sb_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\settings.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\sh_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\sh_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\sh_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\super7_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\super7_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\super7_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\xgs_history.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\xgs_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club\xrs\xgs_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\5d.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\arialn_wglb.ttf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\arial_wgl.ttf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\arial_wgl_b.ttf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\ba.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\bay.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\bj.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\bms.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\bms3.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\browser.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\browser.ini (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\cam.cas (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\cardlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\cashier.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\casino.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\ch.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\clblobby.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\clientcore.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\clientscommon.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\common.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\commondlg.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\connection.log (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\countries.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\cp.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\cr.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\cximagecrt.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\db.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\devlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\devlibcomm.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\download.log (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\fb.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\filemap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\fmx.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\foe.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\game.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\games.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\gamescommon.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\gamestatus.dat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\gp2.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\gui2lobby.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\hnm.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\install.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\INSTALL.LOG (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\installerclient.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\ipwssl6.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\jbs.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\jjs.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\jjs2.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\ke.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\kzo.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\lcs.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\licens.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\license.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\mba.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\mds.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\misc.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\modstatus.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\mp3dec.asi (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\mss32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\msvcp71.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\msvcr71.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\msvcrt.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\mw.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\mw2.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\phist.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\playermessage.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\ro.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\sd.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\shfolder.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\singleplayer.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\slotcore.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\srvmap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\startcasino.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\super7.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\timer.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\unicows.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\UNWISE.EXE (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\UNWISE.INI (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\update.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\vp2.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\war.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\webbrowsercontrol.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\webcashier.ini (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\webdollar.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\webdollar.ini (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\xgs.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\xml.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\help\gfunmoneyhelp.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\help\netellerdeposittemplate.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\help\ppdeposittemplate.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\midi\club1.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\midi\club3.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\midi\club4.mid (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino-Club Deutsch\modules\4ReelsDrive.bos (Adware.Casino) -> Quarantined and deleted successfully.
C:\Programme\BitAccelerator\BitAccelerator.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Programme\BitAccelerator\Uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\David und Ksenia\Favoriten\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.



also, das gelbe Dreieck ist verschwunden, aber ich hätte da noch eine Frage, nach dem Scannen mit SmitfraundFix ist der Bildschirmblau, wie kriege ich ihn wieder normal??
jedenfalls bedanke ich mich bei dir für deine Hilfe recht herzlich,

Hi,
hier sind die Ergebnisse:

;***************************************************************************************************************************************************** ******************************
ANALYSIS: 2008-09-10 17:48:50
PROTECTIONS: 2
MALWARE: 7
SUSPECTS: 0
;***************************************************************************************************************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================== ==============================
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes No
Avira AntiVir PersonalEdition 8.0.1.27 Yes Yes
;===================================================================================================================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================== ==============================
00139535 Application/Processor HackTools No 0 Yes No C:\Programme\Mozilla Firefox\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Dokumente und Einstellungen\David und Ksenia\Desktop\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Dokumente und Einstellungen\David und Ksenia\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00147036 Cookie/Adverserve TrackingCookie No 0 Yes No C:\Dokumente und Einstellungen\David und Ksenia\Cookies\david_und_ksenia@adverserve[2].txt
03477235 Application/SmithFraudFix.A HackTools No 0 Yes No C:\Dokumente und Einstellungen\David und Ksenia\Desktop\SmitfraudFix.exe
03541233 HackTool/Rebooter HackTools No 0 Yes No C:\Dokumente und Einstellungen\David und Ksenia\Desktop\SmitfraudFix\Reboot.exe
03541233 HackTool/Rebooter HackTools No 0 Yes No C:\Dokumente und Einstellungen\David und Ksenia\SmitfraudFix\Reboot.exe
03582346 Generic Malware Virus/Trojan No 0 Yes No C:\Dokumente und Einstellungen\David und Ksenia\Desktop\SmitfraudFix\IEDFix.C.exe
03582346 Generic Malware Virus/Trojan No 0 Yes No C:\Programme\Mozilla Firefox\SmitfraudFix\IEDFix.C.exe
03582346 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\IEDFix.C.exe
03589344 Adware/VistaAntivirus Adware No 0 Yes No C:\System Volume Information\_restore{D359E579-C008-47DC-B78F-FACC278179BF}\RP339\A0118045.cpl
03589344 Adware/VistaAntivirus Adware No 0 Yes No C:\System Volume Information\_restore{D359E579-C008-47DC-B78F-FACC278179BF}\RP339\A0118046.cpl
03601202 Adware/VistaAntivirus Adware No 0 Yes No C:\System Volume Information\_restore{D359E579-C008-47DC-B78F-FACC278179BF}\RP339\A0118044.cpl
;===================================================================================================================================================== ==============================
SUSPECTS
Sent Location |
;===================================================================================================================================================== ==============================
;===================================================================================================================================================== ==============================
VULNERABILITIES
Id Severity Description |
;===================================================================================================================================================== ==============================
;===================================================================================================================================================== ==============================





Was soll weiter machen, oder ist jetzt alles in Ordnung???
Danke noch mal.....

Hast du den Casino Ordner gelöscht? Dann sieht alles sauber aus...

Wollte noch einmal vielen vielen Dank für deine Hilfe sagen, ohne sie hätte ich es nicht hingekriegt!!!!!