Hallo zusammen!

Also ich lade mir immer die Aufnahmen die ich bei OnlineTvRecorder.com(Man kann dort Fernsehsendungen aufnehmen und herunterladen) gemacht habe über einen externen Mirror herunter.Anscheinend habe ich mir da ein paar Schädlinge mitgeladen.
Also dachte ich mir,ich starte einfach Malwarebytes und die Sache ist gegessen.Daraufhin wurden auch einige gelöscht,aber Programme wie "Protection System" kamen einfach immer wieder.
Also versuchte ich es mit verschiedenen anderen Programmen,aber immer kam die Meldung"Einige Dateien konnten nicht entfernt werden".Dann wurde alles noch schlimmer,ich konnte Windows nur noch im abgesicherten Modus starten.Im normalen Modus ist der Bildschirm schwarz und es kam immer die Meldung"An Windows wurde eine nicht autorisierte Änderung vorgenommen".Ich hatte auch schon versucht den Taskmanager mit STRG+ALT+ENTF zu starten,doch es öffnete sich nichts.Eine Systemwiederherstellung konnte ich aufgrund des Abgesicherten Moduses nicht vornehmen,eine Boot/Recovery CD habe ich nicht mehr...

Kann mir jemand helfen?
Danke schonmal.

Hallo und

Zitat:

.Daraufhin wurden auch einige gelöscht,

Log bitte komplett posten.

Ok.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3949

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

03.04.2010 17:14:31
mbam-log-2010-04-03 (17-14-31).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 133255
Laufzeit: 17 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 3
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 10
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 2
Infizierte Dateien: 65

Infizierte Speicherprozesse:
C:\Users\T\AppData\Local\Temp\lsass.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Users\T\AppData\Local\Temp\taskmgr.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\T\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Users\T\AppData\Local\Temp\D40.tmp (Backdoor.Bot) -> Delete on reboot.
C:\Program Files\DosPop Toolbar\tbuCD9F\dospop.dll (Adware.Mostofate) -> Delete on reboot.
C:\Windows\System32\app_dll.dll (Trojan.Agent.Gen) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.dll (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\W32xgl2 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\bifrost (Bifrose.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57f9fef0-6eae-4030-a68a-30fdc38b1b13} (Adware.Mostofate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{57f9fef0-6eae-4030-a68a-30fdc38b1b13} (Adware.Mostofate) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hf8wefhuaihf8ewfydiujhfdsfdf (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsvc32 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\security center (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhenU (Adware.WhenU) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\T\reader_s.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Users\T\AppData\Local\Temp\D40.tmp (Backdoor.Bot) -> Delete on reboot.
C:\Program Files\DosPop Toolbar\tbuCD9F\dospop.dll (Adware.Mostofate) -> Delete on reboot.
C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ihaupd32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\system32\Drivers\uhfysc.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\iexplore .exe (Trojan.Backdoor) -> Delete on reboot.
C:\Users\T\AppData\Local\Temp\VRT2ADA.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\VRT55FE.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\VRTF787.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\lshoavp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\d5d61d3b.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\txpxr_225008389191.b1k (Trojan.Koblu) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\~TMC382.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Deinstallieren.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Live-Support.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhenU\Customer Support.lnk (Adware.WhenU) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhenU\Uninstall Instructions.lnk (Adware.WhenU) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\e0qsot7u.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\app_dll.dll (Trojan.Agent.Gen) -> Delete on reboot.
C:\Users\Tobias\AppData\Local\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\wmpscfgs.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\T\AppData\Roaming\server.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Roaming\svchost.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Roaming\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\murkrow.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\aaa.exe (Password.Stealer) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Temp\wpv931269213751.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\winsvc32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\T\Protection System\sc.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Windows\System32\winsvc32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\acrotray .exe (Trojan.Agent) -> Delete on reboot.
C:\Users\T\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_00355.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_01025.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_01556.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_03455.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_04013.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_12177.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_12188.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_13462.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_14486.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_16327.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_25770.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_30142.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_34112.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_34561.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_37014.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_37112.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_40075.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_46703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_46710.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_51885.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_52188.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_53476.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_55037.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_66285.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_72367.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_72372.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\T\AppData\Local\Temp\eraseme_88170.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Aua, das sieht nach Virut aus! Äußerst heikel, da der Virut ein Fileinfector ist und Backdoors öffnet. Ich würde hier keine Bereinigung empfehlen, komplett plattmachen und Neuinstallation ist die angemessene Methode beim Virut.

Habe jetzt doch mein system wiederherstellen können

Wie hast Du das genau gemacht?