Home » Spyware & Browser Hijacker Support Forum » Virus "Warning Spyware detected on your computer!" auf Desktop, wie entfernen? » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2 3 4 5 Letzte Seite

Antworten

Virus "Warning Spyware detected on your computer!" auf Desktop, wie entfernen?

Thema ist geschlossen!

20.07.2008, 22:49

Swisstreasure

Moderator

Beiträge: 5694

#16 Besteht das Problem noch weiterhin?
Hast du den Scan mit Bitdefneder noch gemacht?

Gruss Swiss

23.07.2008, 13:08

Argus

Ehrenmitglied

Beiträge: 6028

#17 @tim_kde
Was hast du denn bei "WinUtilities"runter geladen?

Verborgene Dateien sichtbar machen
Arbeitsplatz öffnen >Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren
Und >Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren.

Prüfe mal diese Datei(en) bei http://www.virustotal.com/de

C:\WINNT\system32\09wutili.sys

Note:Wenn bei ViruTotal die Meldung kommt ” Die Datei wurde bereits analysiert “waehle „Analisiere die Datei“
__________
MfG Argus

27.07.2008, 18:51

Lulatsch

Member

Beiträge: 14

#18 Habe das gleiche Problem!!!

ComboFix 08-07-26.1 - Ilir 2008-07-27 17:41:52.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1013 [GMT 2:00]
ausgeführt von:: C:\Users\Ilir\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\rhc16vj0e1fl
C:\Program Files\RichVideoCodec
C:\Program Files\RichVideoCodec\InstallRegerLib.dll
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk
C:\Users\Ilir\AppData\Local\ioqowki.dat
c:\users\ilir\appdata\local\ioqowki.exe
C:\Users\Ilir\AppData\Local\ioqowki_nav.dat
c:\Users\Ilir\AppData\Local\ioqowki_navps.dat
C:\Users\Ilir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spyware-Secure
C:\Users\Ilir\AppData\Roaming\rhc16vj0e1fl
C:\Users\Ilir\Desktop\Spyware-Secure trial.lnk
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\blphc56vj0e1fl.scr
C:\Windows\system32\lphc56vj0e1fl.exe
C:\Windows\system32\nvs2.inf
C:\Windows\system32\phc56vj0e1fl.bmp
C:\Windows\system32\pphc56vj0e1fl.exe
C:\Windows\system32\richvideocodec.dll

----- BITS: Eventuell infizierte Webseiten -----

evecocoon.blogspot

(edit)

.
((((((((((((((((((((((( Dateien erstellt von 2008-06-27 bis 2008-07-27 ))))))))))))))))))))))))))))))
.

Keine neuen Dateien erstellt in diesem Zeitraum

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 15:50 --------- d-----w C:\Users\Ilir\AppData\Roaming\skypePM
2008-07-27 15:50 --------- d-----w C:\Users\Ilir\AppData\Roaming\Skype
2008-07-27 15:49 --------- d---a-w C:\ProgramData\TEMP
2008-07-27 15:37 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-27 15:29 --------- d-----w C:\Program Files\CCleaner
2008-07-27 15:12 --------- d-----w C:\Program Files\CleanUp!
2008-07-27 15:07 --------- d-----w C:\Program Files\SPYWAREfighter
2008-07-27 15:04 --------- d-----w C:\Program Files\Common Files\Application
2008-07-27 15:00 --------- d-----w C:\Program Files\Spyware-Secure
2008-07-27 14:49 --------- d-----w C:\Program Files\ICQToolbar
2008-07-27 14:00 --------- d-----w C:\ProgramData\Avira
2008-07-27 14:00 --------- d-----w C:\Program Files\Avira
2008-07-27 13:58 --------- d-----w C:\Program Files\a-squared Free
2008-07-27 13:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-27 13:49 --------- d-----w C:\ProgramData\Lavasoft
2008-07-27 13:48 --------- d-----w C:\Program Files\Lavasoft
2008-07-27 13:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-27 13:16 94,208 ----a-w C:\Windows\System32\D6A3.tmp
2008-07-26 23:36 --------- d-----w C:\Program Files\DivX
2008-07-26 23:36 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-07-26 17:11 --------- d-----w C:\ProgramData\Google Updater
2008-07-26 08:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-25 13:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-25 09:22 --------- d-----w C:\Program Files\Spyware Doctor
2008-07-23 19:31 --------- d-----w C:\Program Files\Monopoly Deluxe
2008-07-23 11:52 --------- d-----w C:\Users\Ilir\AppData\Roaming\gtk-2.0
2008-07-21 13:28 --------- d-----w C:\Program Files\PokerRoom.com
2008-07-21 13:24 --------- d-----w C:\Program Files\PokerStars.NET
2008-07-21 13:05 --------- d-----w C:\Program Files\Super Monopoly
2008-07-21 13:04 74,752 ----a-w C:\Windows\ST6UNST.EXE
2008-07-21 13:04 290,816 ------w C:\Windows\Setup1.exe
2008-07-21 12:54 --------- d-----w C:\Program Files\Uwisoft
2008-07-20 18:26 --------- d-----w C:\Program Files\HoldemPoker
2008-07-18 14:59 --------- d-----w C:\Users\Ilir\AppData\Roaming\ICQ
2008-07-18 13:12 --------- d-----w C:\Users\Ilir\AppData\Roaming\OpenOffice.org2
2008-07-18 13:02 --------- d-----w C:\ProgramData\Symantec
2008-07-17 14:53 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-07-17 14:53 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-07-17 14:52 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-17 12:23 --------- d-----w C:\ProgramData\Trymedia
2008-07-17 11:46 --------- d-----w C:\Program Files\Absolutist_Games
2008-07-16 17:09 --------- d-----w C:\Users\Ilir\AppData\Roaming\SpinTop
2008-07-16 15:48 --------- d-----w C:\Users\Ilir\AppData\Roaming\Zylom
2008-07-15 21:43 --------- d-----w C:\Users\Ilir\AppData\Roaming\dvdcss
2008-07-11 21:40 --------- d-----w C:\Users\Ilir\AppData\Roaming\vlc
2008-07-11 19:41 --------- d-----w C:\Program Files\VideoLAN
2008-07-11 18:57 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-09 11:22 174 --sha-w C:\Program Files\desktop.ini
2008-07-09 11:10 --------- d-----w C:\Program Files\Windows Mail
2008-07-04 10:43 --------- d-----w C:\Program Files\Lavalys
2008-07-01 10:19 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-07-01 10:18 --------- d-----w C:\Program Files\Synaptics
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-24 22:18 --------- d-----w C:\ProgramData\HPSSUPPLY
2008-06-18 17:52 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-06-11 00:07 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-06-09 19:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-06 18:46 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-06-06 18:45 --------- d-----w C:\Program Files\QIP
2008-06-06 18:45 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-06-06 18:44 --------- d-----w C:\Program Files\DVDVideoSoft
2008-06-06 18:42 --------- d-----w C:\Program Files\Game Boy Advance - Emulator
2008-06-06 18:41 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-06-06 18:40 --------- d-----w C:\Program Files\HP
2008-06-06 18:40 --------- d-----w C:\Program Files\GIMP-2.0
2008-05-26 08:23 119,746,270 ----a-w C:\Program Files\OOo_2.4.0_Win32Intel_install_de.exe
2008-05-24 14:51 134,509,028 ----a-w C:\Program Files\OOo_2.4.0_Win32Intel_install_wJRE_de.exe
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-03 09:44 2,079 ----a-w C:\Windows\System32\h61225.dll
2008-05-01 17:02 2,150,648 ----a-w C:\Program Files\vbrun600.exe
2008-04-29 03:50 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-03-26 18:59 127,213,758 ----a-w C:\Program Files\OOo_2.3.1_Win32Intel_install_wJRE_de.exe
2008-03-22 12:37 1,491,592 ----a-w C:\Program Files\install_flash_player.exe
2008-03-21 18:21 2,056 ----a-w C:\Program Files\Nero - BurnSupportDisc.lnk
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 16:33 1391640]

[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
2007-07-31 16:33 1391640 --a------ C:\Program Files\Absolutist_Games\tbAbso.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 16:33 1391640]

[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{631AC2D4-57B3-42B0-A148-DA33B462C1A3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 16:33 1391640]

[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-21 19:09 1232896]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 10:14 202024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-23 17:50 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-27 20:51 1836544]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 13:55 1103240]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 18:12 1029416]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-27 20:50:39 124400]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{346F2FBE-B29C-47C7-8886-5478ABA4002A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1835C423-FCA3-422C-A223-893699D2552A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{77E59CD8-0775-4B1D-AAAD-0A296814719D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DC2CF12E-F1BC-46F6-AD31-762FA8D0BE10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3B8CDB9A-B2FC-40DD-9594-D78357291188}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9F468686-98C2-4939-96B5-47E6DA1AEE4F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{71B4944C-0C7B-4334-8911-BE7569E445CE}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{5707B779-0049-42EE-B149-E029BA9F5AF7}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{AFFA5AE4-07B8-4561-8D30-C51DC9E9F0F9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{24575F83-1A74-4DAA-AA11-AAFC0D0727F3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2989003E-8944-46AC-84DF-5BCC8124E9B6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3CB4A16F-8569-4BB2-843D-C186C47B4D31}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{920ABFA6-8887-4535-9C0F-17294314A3FD}C:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{D2C7D364-5AB2-48F3-A192-61BADC2EEFB2}C:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"TCP Query User{DC056D24-E4D0-47E5-9AB0-4E92E4E212CB}C:\\program files\\littlefighter2\\lf2_v1.9c\\lf2.exe"= UDP:C:\program files\littlefighter2\lf2_v1.9c\lf2.exe:lf2
"UDP Query User{E016A12B-2F65-4B42-AE80-27510EF7D648}C:\\program files\\littlefighter2\\lf2_v1.9c\\lf2.exe"= TCP:C:\program files\littlefighter2\lf2_v1.9c\lf2.exe:lf2
"{EBDA9677-390D-4A2C-856E-FF0CB92D8E32}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;C:\Windows\system32\DRIVERS\usbgene.sys [2007-06-26 14:44]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28.sys [2007-11-21 12:17]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
R3 SPYWAREfighterRP;SPYWAREfighterRP;C:\Program Files\SPYWAREfighter\spfprc.exe [2008-02-21 15:37]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-06-29 02:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - SSMDRV
.
Inhalt des "geplante Tasks" Ordners
2008-07-25 C:\Windows\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe [2007-09-19 00:42]
2008-07-27 C:\Windows\Tasks\User_Feed_Synchronization-{B0221787-6EE5-496C-AAE9-5D289952A01C}.job - C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - Entfernte verwaiste Registrierungseintr„ge - - - -

HKCU-Run-{FEAF1C05-540E-49E0-F2CB-22B2C693F0CC} - C:\Users\Ilir\AppData\Roaming:iexploree.exe
HKCU-Run-blaaa - C:\Users\Ilir\AppData\Roaming:iexploree.exe
HKLM-Run-lphc56vj0e1fl - C:\Windows\system32\lphc56vj0e1fl.exe
HKLM-Run-SMrhc16vj0e1fl - C:\Program Files\rhc16vj0e1fl\rhc16vj0e1fl.exe

.
------- Zus„tzlicher Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://de.yahoo.com
R0 -: HKLM-Main,Start Page = hxxp://de.yahoo.com
O9 -: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
C:\Windows\Downloaded Program Files\stg_drm.ocx
C:\Windows\Downloaded Program Files\CONFLICT.1\stg_drm.ocx

O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
C:\Windows\Downloaded Program Files\armhelper.ocx

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 17:49:20
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Weitere, laufende Prozesse ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\ehome\mcupdate.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-07-27 17:54:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2008-07-27 15:54:05

Pre-Run: Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden.
Post-Run: 16 Verzeichnis(se), 166,449,045,504 Bytes frei

292 --- E O F --- 2008-07-25 10:50:44

____________

Brauche schnell Hilfe!!!!

27.07.2008, 19:54

Argus

Ehrenmitglied

Beiträge: 6028

#19 CombiFix entfernen
Start > Ausführen>Kopiere rein ComboFix /U OK

Malwarebytes Anti-Malware fuer Windows 2000,XP und Vista
Download MBAM
Doppelklick mbam-setup und waehle Deutsch ,das Program wird jetzt ge-updatet
Waehle bei Reiter “Scanner”> "Schnell Scan durchfuehren" .
Waehle alle Laufwerke>Scan laufen lassen
Wenn am Ende infizierungen gefunden werden,anhaacken und entfernen lassen
Unter Scanberichte stet das log (mbam-log-XX-XX-XXXX.txt)
Poste dessen inhalt hier ins Forum
Note:
Wenn MBAM Schwierigkeiten damit hat Daten zu entfernen wird es gemeldet und klicke OK
Danach wird gefragt den Rechner neu zu starten,lass es zu
Nehme als Update Spiegel >>It-mate.co.uk
Malwarebytes Anti-Malware kann man nachher behalten !
__________
MfG Argus

27.07.2008, 20:01

Sabina

Ehrenmitglied

Beiträge: 29434

#20 Hallo, Lulatsch

nach dem Malwarebytes:

1.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere in das weisse Feld:

Zitat

Folders to delete:
C:\Program Files\Spyware-Secure

schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)
Klicke: Execute
bestätige, dass der Rechner neu gestartet wird - klicke "yes"

2.
sdfix
http://virus-protect.org/artikel/tools/sdfix.html
unter C:\ findet man nun den SDFix-Ordner
boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet)
gehe in den Ordner C:\SDFix
RunThis.bat doppelt klicken
folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten
kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag,
__________
MfG Sabina

rund um die PC-Sicherheit

28.07.2008, 14:44

Lulatsch

Member

Beiträge: 14

#21 -Arnold: Habe aus Versehen den Scan einmal unterbrochen und deshalb habe ich hier 2 Berichte:

1. Malwarebytes' Anti-Malware 1.23
Datenbank Version: 1000
Windows 6.0.6000

14:36:38 2008-07-28
mbam-log-7-28-2008 (14-36-38).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 15368
Laufzeit: 2 minute(s), 11 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

________________

2. Malwarebytes' Anti-Malware 1.23
Datenbank Version: 1000
Windows 6.0.6000

14:42:42 2008-07-28
mbam-log-7-28-2008 (14-42-42).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 35226
Laufzeit: 4 minute(s), 18 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 8
Infizierte Dateien: 57

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc16vj0e1fl (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc16vj0e1fl (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\images (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\images\EN (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\rubs (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\D6A3.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\config.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Gfx_de.bin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\language (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\quarantine.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\skin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Spyware-Secure.url (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sqlite3.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sws_translations.xml (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\uninst.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\unrar.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE.zip (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\explo_intro.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\explo_menu.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\file.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\fleche.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\folder_f.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\folder_o.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\index.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\menu3.js (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\spy.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\trait_coud.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\trait_droit.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\trait_vert.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\images\fleche.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\images\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\images\key.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\images\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\images\support.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\images\title-hepfile.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\images\EN\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\images\EN\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\images\EN\scstep2.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\rubs\3differentscan.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\rubs\contactus.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\rubs\found-objects.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\rubs\lexic.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\rubs\navigtabs.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\rubs\quarantine.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_DE\rubs\register.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\cookies_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dic (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesExt_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesMulti_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesSimple_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\malwaresDB_1-12 (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\register_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Users\Ilir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

_________

Danke!

28.07.2008, 14:53

Sabina

Ehrenmitglied

Beiträge: 29434

#22 Hallo, Lulatsch

sdfix
http://virus-protect.org/artikel/tools/sdfix.html
unter C:\ findet man nun den SDFix-Ordner
boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet)
gehe in den Ordner C:\SDFix
RunThis.bat doppelt klicken
folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten
kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag,
__________
MfG Sabina

rund um die PC-Sicherheit

28.07.2008, 16:07

Lulatsch

Member

Beiträge: 14

#23 Hallo, Sabina.

Wenn ich meinen PC im abgesicherten Modus starte, dann kann ich SDfix nicht öffnen...es geht kurz auf, schließt sich aber gleich wieder.

Dazu noch in sehr schlechter Auflösung.

28.07.2008, 17:03

Sabina

Ehrenmitglied

Beiträge: 29434

#24 lade sdfix noch mal aufs Desktop und verschiebe dann den Ordner in C:\

im abgesicherten Modus dann RunThis.bat doppelt klicken
__________
MfG Sabina

rund um die PC-Sicherheit

28.07.2008, 17:54

Lulatsch

Member

Beiträge: 14

#25 Es funktioniert immer noch nicht

Gibt es keine andere Möglichkeit ? Und warum ist die Auflösung nur 800*600, obwohl mein Bildschirm 1400*900 zulassen würde ? Ist das normal ? (Also im abgesicherten Modus)

Warum kommt jetzt eigentlich keine Meldung mehr, dass Spyware entdeckt wurde ?

Ich bitte um Hilfe.

28.07.2008, 18:09

Sabina

Ehrenmitglied

Beiträge: 29434

#26 sdifx
im Normalmodus
RunThis.bat doppelt klicken

schreib rein: 1

1 : es wird a-squared geladen

dann wähle : 3

1. update
2. full scan
3. full scan (heuristic/riskware scanning enabled)
4. save quarantine list

scanne und poste den report
__________
MfG Sabina

rund um die PC-Sicherheit

28.07.2008, 18:23

Lulatsch

Member

Beiträge: 14

#27 ... Es geht doch, ich habe die ganze Zeit aus Versehen "Als Administrator öffnen" gedrückt anstatt einfach mit Doppelklick die Datei zu öffnen