Beiträge von Armani31

    Hallo Mopao,


    Es sieht alles bestens aus. Vielen Dank für Deine Hilfe, die ich ja ganz schön in Anspruch genommen habe.
    Ich hoffe allerdings, dass ich Sie in Zukunft nicht mehr benötige :lol:


    Ich wünsche noch einen schönes rest Wochenende.


    Viele Grüße aus Hamburg,
    Armani31

    Moin Moin,


    hier kommt der aktuellste HiJack Log....


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10:14:27, on 22.04.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal





    Viele Grüße,
    Armani31

    Hi,


    habe die gewünschten Dateien hochgeladen.


    Hier nun die Logs.


    FixVundo Log:


    Symantec Trojan.Vundo Removal Tool 1.5.0
    The process "IEXPLORE.EXE" might be affected by the threat. It has been suspended.
    The process "IEXPLORE.EXE" might be affected by the threat. It has been terminated.


    C:\System Volume Information: (not scanned)
    D:\System Volume Information: (not scanned)
    E:\System Volume Information: (not scanned)


    Trojan.Vundo has been successfully removed from your computer!


    Here is the report:


    The total number of the scanned files: 40176
    The number of deleted files: 0
    The number of viral processes terminated: 1
    The number of viral processes suspended: 1
    The number of viral threads terminated: 0
    The number of registry entries fixed: 0



    VundoFix Log:



    [04/20/2007, 18:31:16] - VirtumundoBeGone v1.5 ( "C:\Dokumente und Einstellungen\Mike\Startmenü\Desktop\VirtumundoBeGone.exe" )
    [04/20/2007, 18:31:22] - Detected System Information:
    [04/20/2007, 18:31:22] - Windows Version: 5.1.2600, Service Pack 2
    [04/20/2007, 18:31:22] - Current Username: Mike (Admin)
    [04/20/2007, 18:31:22] - Windows is in NORMAL mode.
    [04/20/2007, 18:31:22] - Searching for Browser Helper Objects:
    [04/20/2007, 18:31:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader)
    [04/20/2007, 18:31:22] - BHO 2: {1557B435-8242-4686-9AA3-9265BF7525A4} ()
    [04/20/2007, 18:31:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:22] - Checking for HKLM\...\Winlogon\Notify\wiflusad
    [04/20/2007, 18:31:22] - Key not found: HKLM\...\Winlogon\Notify\wiflusad, continuing.
    [04/20/2007, 18:31:22] - BHO 3: {2617B193-9A60-449D-9F41-12D1FE4AF2E2} ()
    [04/20/2007, 18:31:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:22] - No filename found. Continuing.
    [04/20/2007, 18:31:22] - BHO 4: {336BAFC6-67D7-4E73-B15A-54D4A3456DB0} ()
    [04/20/2007, 18:31:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:22] - Checking for HKLM\...\Winlogon\Notify\xuxxiwot
    [04/20/2007, 18:31:22] - Key not found: HKLM\...\Winlogon\Notify\xuxxiwot, continuing.
    [04/20/2007, 18:31:22] - BHO 5: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
    [04/20/2007, 18:31:22] - BHO 6: {6148028B-D532-4417-8C0B-5A4A0B745393} ()
    [04/20/2007, 18:31:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:22] - Checking for HKLM\...\Winlogon\Notify\ljjkige
    [04/20/2007, 18:31:22] - Found: HKLM\...\Winlogon\Notify\ljjkige - This is probably Virtumundo.
    [04/20/2007, 18:31:22] - Assigning {6148028B-D532-4417-8C0B-5A4A0B745393} MSEvents Object
    [04/20/2007, 18:31:22] - BHO list has been changed! Starting over...
    [04/20/2007, 18:31:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader)
    [04/20/2007, 18:31:22] - BHO 2: {1557B435-8242-4686-9AA3-9265BF7525A4} ()
    [04/20/2007, 18:31:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:22] - Checking for HKLM\...\Winlogon\Notify\wiflusad
    [04/20/2007, 18:31:22] - Key not found: HKLM\...\Winlogon\Notify\wiflusad, continuing.
    [04/20/2007, 18:31:22] - BHO 3: {2617B193-9A60-449D-9F41-12D1FE4AF2E2} ()
    [04/20/2007, 18:31:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:22] - No filename found. Continuing.
    [04/20/2007, 18:31:22] - BHO 4: {336BAFC6-67D7-4E73-B15A-54D4A3456DB0} ()
    [04/20/2007, 18:31:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:22] - Checking for HKLM\...\Winlogon\Notify\xuxxiwot
    [04/20/2007, 18:31:22] - Key not found: HKLM\...\Winlogon\Notify\xuxxiwot, continuing.
    [04/20/2007, 18:31:22] - BHO 5: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
    [04/20/2007, 18:31:22] - BHO 6: {6148028B-D532-4417-8C0B-5A4A0B745393} (MSEvents Object)
    [04/20/2007, 18:31:22] - ALERT: Found MSEvents Object!
    [04/20/2007, 18:31:22] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [04/20/2007, 18:31:22] - BHO 8: {D80F3944-930F-479E-835C-2ECF29A1F45D} ()
    [04/20/2007, 18:31:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:22] - Checking for HKLM\...\Winlogon\Notify\iifeb
    [04/20/2007, 18:31:22] - Found: HKLM\...\Winlogon\Notify\iifeb - This is probably Virtumundo.
    [04/20/2007, 18:31:22] - Assigning {D80F3944-930F-479E-835C-2ECF29A1F45D} MSEvents Object
    [04/20/2007, 18:31:23] - BHO list has been changed! Starting over...
    [04/20/2007, 18:31:23] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader)
    [04/20/2007, 18:31:23] - BHO 2: {1557B435-8242-4686-9AA3-9265BF7525A4} ()
    [04/20/2007, 18:31:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:23] - Checking for HKLM\...\Winlogon\Notify\wiflusad
    [04/20/2007, 18:31:23] - Key not found: HKLM\...\Winlogon\Notify\wiflusad, continuing.
    [04/20/2007, 18:31:23] - BHO 3: {2617B193-9A60-449D-9F41-12D1FE4AF2E2} ()
    [04/20/2007, 18:31:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:23] - No filename found. Continuing.
    [04/20/2007, 18:31:23] - BHO 4: {336BAFC6-67D7-4E73-B15A-54D4A3456DB0} ()
    [04/20/2007, 18:31:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:23] - Checking for HKLM\...\Winlogon\Notify\xuxxiwot
    [04/20/2007, 18:31:23] - Key not found: HKLM\...\Winlogon\Notify\xuxxiwot, continuing.
    [04/20/2007, 18:31:23] - BHO 5: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
    [04/20/2007, 18:31:23] - BHO 6: {6148028B-D532-4417-8C0B-5A4A0B745393} (MSEvents Object)
    [04/20/2007, 18:31:23] - ALERT: Found MSEvents Object!
    [04/20/2007, 18:31:23] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [04/20/2007, 18:31:23] - BHO 8: {D80F3944-930F-479E-835C-2ECF29A1F45D} (MSEvents Object)
    [04/20/2007, 18:31:23] - ALERT: Found MSEvents Object!
    [04/20/2007, 18:31:23] - Finished Searching Browser Helper Objects
    [04/20/2007, 18:31:23] - *** Detected MSEvents Object
    [04/20/2007, 18:31:23] - Trying to remove MSEvents Object...
    [04/20/2007, 18:31:24] - Terminating Process: IEXPLORE.EXE
    [04/20/2007, 18:31:24] - Terminating Process: RUNDLL32.EXE
    [04/20/2007, 18:31:25] - Disabling Automatic Shell Restart
    [04/20/2007, 18:31:25] - Terminating Process: EXPLORER.EXE
    [04/20/2007, 18:31:25] - Suspending the NT Session Manager System Service
    [04/20/2007, 18:31:26] - Terminating Windows NT Logon/Logoff Manager
    [04/20/2007, 18:31:27] - Re-enabling Automatic Shell Restart
    [04/20/2007, 18:31:27] - File to disable: C:\WINDOWS\system32\ljjkige.dll
    [04/20/2007, 18:31:27] - Renaming C:\WINDOWS\system32\ljjkige.dll -> C:\WINDOWS\system32\ljjkige.dll.vir
    [04/20/2007, 18:31:27] - File successfully renamed!
    [04/20/2007, 18:31:27] - Removing HKLM\...\Browser Helper Objects\{6148028B-D532-4417-8C0B-5A4A0B745393}
    [04/20/2007, 18:31:27] - Removing HKCR\CLSID\{6148028B-D532-4417-8C0B-5A4A0B745393}
    [04/20/2007, 18:31:27] - Adding Kill Bit for ActiveX for GUID: {6148028B-D532-4417-8C0B-5A4A0B745393}
    [04/20/2007, 18:31:27] - Deleting ATLEvents/MSEvents Registry entries
    [04/20/2007, 18:31:27] - Removing HKLM\...\Winlogon\Notify\ljjkige
    [04/20/2007, 18:31:27] - Searching for Browser Helper Objects:
    [04/20/2007, 18:31:27] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader)
    [04/20/2007, 18:31:27] - BHO 2: {1557B435-8242-4686-9AA3-9265BF7525A4} ()
    [04/20/2007, 18:31:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:27] - Checking for HKLM\...\Winlogon\Notify\wiflusad
    [04/20/2007, 18:31:27] - Key not found: HKLM\...\Winlogon\Notify\wiflusad, continuing.
    [04/20/2007, 18:31:27] - BHO 3: {2617B193-9A60-449D-9F41-12D1FE4AF2E2} ()
    [04/20/2007, 18:31:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:27] - No filename found. Continuing.
    [04/20/2007, 18:31:27] - BHO 4: {336BAFC6-67D7-4E73-B15A-54D4A3456DB0} ()
    [04/20/2007, 18:31:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:27] - Checking for HKLM\...\Winlogon\Notify\xuxxiwot
    [04/20/2007, 18:31:27] - Key not found: HKLM\...\Winlogon\Notify\xuxxiwot, continuing.
    [04/20/2007, 18:31:27] - BHO 5: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
    [04/20/2007, 18:31:27] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [04/20/2007, 18:31:27] - BHO 7: {D80F3944-930F-479E-835C-2ECF29A1F45D} (MSEvents Object)
    [04/20/2007, 18:31:27] - ALERT: Found MSEvents Object!
    [04/20/2007, 18:31:27] - Finished Searching Browser Helper Objects
    [04/20/2007, 18:31:27] - *** Detected MSEvents Object
    [04/20/2007, 18:31:27] - Trying to remove MSEvents Object...
    [04/20/2007, 18:31:28] - Terminating Process: IEXPLORE.EXE
    [04/20/2007, 18:31:29] - Terminating Process: RUNDLL32.EXE
    [04/20/2007, 18:31:29] - Disabling Automatic Shell Restart
    [04/20/2007, 18:31:29] - Terminating Process: EXPLORER.EXE
    [04/20/2007, 18:31:29] - Suspending the NT Session Manager System Service
    [04/20/2007, 18:31:29] - Terminating Windows NT Logon/Logoff Manager
    [04/20/2007, 18:31:29] - Re-enabling Automatic Shell Restart
    [04/20/2007, 18:31:29] - File to disable: C:\WINDOWS\system32\iifeb.dll
    [04/20/2007, 18:31:29] - Renaming C:\WINDOWS\system32\iifeb.dll -> C:\WINDOWS\system32\iifeb.dll.vir
    [04/20/2007, 18:31:29] - File successfully renamed!
    [04/20/2007, 18:31:29] - Removing HKLM\...\Browser Helper Objects\{D80F3944-930F-479E-835C-2ECF29A1F45D}
    [04/20/2007, 18:31:29] - Removing HKCR\CLSID\{D80F3944-930F-479E-835C-2ECF29A1F45D}
    [04/20/2007, 18:31:29] - Adding Kill Bit for ActiveX for GUID: {D80F3944-930F-479E-835C-2ECF29A1F45D}
    [04/20/2007, 18:31:29] - Deleting ATLEvents/MSEvents Registry entries
    [04/20/2007, 18:31:29] - Removing HKLM\...\Winlogon\Notify\iifeb
    [04/20/2007, 18:31:29] - Searching for Browser Helper Objects:
    [04/20/2007, 18:31:29] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader)
    [04/20/2007, 18:31:29] - BHO 2: {1557B435-8242-4686-9AA3-9265BF7525A4} ()
    [04/20/2007, 18:31:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:29] - Checking for HKLM\...\Winlogon\Notify\wiflusad
    [04/20/2007, 18:31:29] - Key not found: HKLM\...\Winlogon\Notify\wiflusad, continuing.
    [04/20/2007, 18:31:29] - BHO 3: {2617B193-9A60-449D-9F41-12D1FE4AF2E2} ()
    [04/20/2007, 18:31:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:29] - No filename found. Continuing.
    [04/20/2007, 18:31:29] - BHO 4: {336BAFC6-67D7-4E73-B15A-54D4A3456DB0} ()
    [04/20/2007, 18:31:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/20/2007, 18:31:29] - Checking for HKLM\...\Winlogon\Notify\xuxxiwot
    [04/20/2007, 18:31:29] - Key not found: HKLM\...\Winlogon\Notify\xuxxiwot, continuing.
    [04/20/2007, 18:31:29] - BHO 5: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
    [04/20/2007, 18:31:29] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [04/20/2007, 18:31:29] - Finished Searching Browser Helper Objects
    [04/20/2007, 18:31:29] - Finishing up...
    [04/20/2007, 18:31:29] - A restart is needed.
    [04/20/2007, 18:31:29] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
    [04/20/2007, 18:31:43] - Attempting to Restart via STOP error (Blue Screen!)


    Hijack This Log:


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 18:50:26, on 20.04.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Schöne Grüße,Armani31

    Hi Mopao,


    konnte leider nicht eher Deine Tipps ausführen.
    Habe aber grad alles so gemacht wie Du es aufgelistet hast.


    PopUps kommen noch immer und auch diese blöden Meldungen....


    Hier nun der aktuellste HijackThis:



    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 17:17:14, on 20.04.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal





    Vielen Dank auch noch mal für Deine stätige Hilfe.


    Gruß
    Armani31


    P.S Kann ich mit dem ganzen mist auf meinem PC eigentlich ohne Probleme bzw. Angst haben zu müssen meine Bankgeschichten abwickeln?
    Hab bis jetzt von diesem Rechner davon abgesehen - was weiß ich was das Teil noch so im Hintergrund drauf hat????

    Hi Mopao,


    habe Deinen Tipp ausgeführt.
    Hier nun die Ergebnisse:


    Windows Registry Editor Version 5.00


    ; Registry Search 2.0 by Bobbi Flekman © 2005
    ; Version: 2.0.2.0


    ; Results at 17.04.2007 11:58:42 for strings:
    ; 'jkkhe.dll'
    ; Strings excluded from search:
    ; (None)
    ; Search in:
    ; Registry Keys Registry Values Registry Data
    ; HKEY_LOCAL_MACHINE HKEY_USERS



    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F04754D5-63CB-42D5-A700-61D82645032C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\jkkhe.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkhe]
    "DllName"="C:\\WINDOWS\\system32\\jkkhe.dll"


    ; End Of The Log...




    Windows Registry Editor Version 5.00


    ; Registry Search 2.0 by Bobbi Flekman © 2005
    ; Version: 2.0.2.0


    ; Results at 17.04.2007 12:04:38 for strings:
    ; 'ljjkige.dll '
    ; Strings excluded from search:
    ; (None)
    ; Search in:
    ; Registry Keys Registry Values Registry Data
    ; HKEY_LOCAL_MACHINE HKEY_USERS



    ; End Of The Log...


    Habe immer noch diese Popups (drivecleaner etc) und Meldungen das meine "Sexseitenbesuche" gespeichert werden.


    Meinst Du wir kriegen das hin?


    Bin Dir auf jeden Fall sehr dankbar für Deine Hilfe.


    Gruß,
    Armani31

    Hallo,


    Habe mir grad TomTom6 auf meinen Pocket PC geladen und irgendwie klappt etwas mit den beiden Stimmen nicht so ganz.


    Weiß vielleicht jemand, wo ich neue Stimmen bekommen kann, oder hat vielleicht sogar jemand welche für mich.


    Vielen Dank schon mal. :lol:

    Hallo,


    habe alles genauso ausgeführt wie Du es mir beschrieben hast. Leider besteht das Problem immer noch. Und ich habe eine Meldung bekommen, das ein Backup Trojaner gefunden wurde (nsmhutex.dll). Nur leider ist der im System nicht sichtbar :(


    Hier aber auf jeden Fall der aktuellste HiJack-Report:


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 21:25:33, on 16.04.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal



    Ach und die "Datei" ljjkige.dll lies sich nicht löschen.


    Viele Grüße,
    Armani31

    Hi Mopao!


    Vielen Dank erstmal für Deine schnelle Hilfe.


    Hier nun der Report vom ersten vundofix:



    VundoFix V6.3.19


    Checking Java version...


    Sun Java not detected
    Scan started at 15:56:58 16.04.2007


    Listing files found while scanning....


    C:\WINDOWS\SYSTEM32\facoswaf.dll
    C:\WINDOWS\system32\fffii.bak1
    C:\WINDOWS\system32\fffii.bak2
    C:\WINDOWS\system32\fffii.ini
    C:\WINDOWS\system32\iifff.dll
    C:\WINDOWS\SYSTEM32\migyawpx.dll
    C:\WINDOWS\SYSTEM32\mqpvobse.dll


    Beginning removal...


    Attempting to delete C:\WINDOWS\SYSTEM32\facoswaf.dll
    C:\WINDOWS\SYSTEM32\facoswaf.dll Has been deleted!


    Attempting to delete C:\WINDOWS\system32\fffii.bak1
    C:\WINDOWS\system32\fffii.bak1 Has been deleted!


    Attempting to delete C:\WINDOWS\system32\fffii.bak2
    C:\WINDOWS\system32\fffii.bak2 Has been deleted!


    Attempting to delete C:\WINDOWS\system32\fffii.ini
    C:\WINDOWS\system32\fffii.ini Has been deleted!


    Attempting to delete C:\WINDOWS\system32\iifff.dll
    C:\WINDOWS\system32\iifff.dll Has been deleted!


    Attempting to delete C:\WINDOWS\SYSTEM32\migyawpx.dll
    C:\WINDOWS\SYSTEM32\migyawpx.dll Has been deleted!


    Attempting to delete C:\WINDOWS\SYSTEM32\mqpvobse.dll
    C:\WINDOWS\SYSTEM32\mqpvobse.dll Has been deleted!


    Performing Repairs to the registry.
    Done!


    und hier vom HiJack:


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 16:14:29, on 16.04.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal





    Hier vom Smitfraud:


    SmitFraudFix v2.168


    Scan done at 16:21:16,05, 16.04.2007
    Run from D:\Smit\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode


    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!


    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process



    »»»»»»»»»»»»»»»»»»»»»»»» hosts



    127.0.0.1 localhost


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix


    GenericRenosFix by S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files




    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files



    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""



    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning


    Registry Cleaning done.


    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!


    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll



    »»»»»»»»»»»»»»»»»»»»»»»» End


    Hier nun der zweite Vundofixreport:



    VundoFix V6.3.19


    Checking Java version...


    Sun Java not detected
    Scan started at 16:28:33 16.04.2007


    Listing files found while scanning....


    C:\WINDOWS\system32\lkllm.bak1
    C:\WINDOWS\system32\lkllm.ini
    C:\WINDOWS\system32\mllkl.dll


    Beginning removal...


    Attempting to delete C:\WINDOWS\system32\lkllm.bak1
    C:\WINDOWS\system32\lkllm.bak1 Has been deleted!


    Attempting to delete C:\WINDOWS\system32\lkllm.ini
    C:\WINDOWS\system32\lkllm.ini Has been deleted!


    Attempting to delete C:\WINDOWS\system32\mllkl.dll
    C:\WINDOWS\system32\mllkl.dll Could not be deleted.


    Performing Repairs to the registry.
    Done!


    Beginning removal...


    Attempting to delete C:\WINDOWS\system32\mllkl.dll
    C:\WINDOWS\system32\mllkl.dll Has been deleted!


    Performing Repairs to the registry.
    Done!


    und der zweite Hijack


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 16:45:15, on 16.04.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal





    Und wie geht es jetzt weiter?


    Danke noch mal für Deine Hilfe

    Hallo, ich werde seit einiger zeit mit nem nervigen Popup belästigt
    dann öffnet sich der Internet Explorer mit der Seite drivecleaner.com und dass ich irgendwas installieren soll, nervt ziemlich.


    Ich habe nun die Schritte auf folgender Seite
    http://www.paules-pc-forum.de/phpBB2/topic,98281.html
    abgearbeitet und poste hier nun die Ergebnisse.


    Es wäre super wenn mir jemand helfen könnte, da ich kein PC-Crack bin und mich nur mit dem nötigsten auskenne.


    Vielen Dank schon mal für die Hilfe..... :lol:


    --------------------------------------------------------------------------------------


    1. Führe zuerst a-squared Web Malware Scanner Online Scan durch (Mit dem Internet Explorer!)


    Habe ich getan! :lol:


    2. CCLEANER


    Erledigt. :lol:


    3. AVG Anti-Spyware (vormals Ewido)


    Erledigt, aber leider kein Bericht zum posten (hat aber auch nichts gefunden - dennoch kommen die Popups weiter)


    4. Onlinescan (PANDA)


    Bericht:


    Ereignis Zustand Standort


    Spyware:Spyware/Virtumonde Nicht desinfiziert C:\WINDOWS\system32\mqpvobse.dll
    Spyware:Cookie/YieldManager Nicht desinfiziert C:\Dokumente und Einstellungen\Mike\Cookies\mike@ad.yieldmanager[2].txt
    Spyware:Cookie/Adrevolver Nicht desinfiziert C:\Dokumente und Einstellungen\Mike\Cookies\mike@adrevolver[2].txt
    Spyware:Cookie/Adrevolver Nicht desinfiziert C:\Dokumente und Einstellungen\Mike\Cookies\mike@adrevolver[3].txt
    Spyware:Cookie/PointRoll Nicht desinfiziert C:\Dokumente und Einstellungen\Mike\Cookies\mike@ads.pointroll[2].txt


    5. HiJack


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 15:17:47, on 16.04.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal



    6. Lade dir blF-Secure BlackLight


    Bericht:


    04/16/07 15:23:38 [Info]: BlackLight Engine 1.0.61 initialized
    04/16/07 15:23:38 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    04/16/07 15:23:38 [Note]: 7019 4
    04/16/07 15:23:38 [Note]: 7005 0
    04/16/07 15:24:12 [Note]: 7006 0
    04/16/07 15:24:12 [Note]: 7011 1288
    04/16/07 15:24:12 [Note]: 7026 0
    04/16/07 15:24:12 [Note]: 7026 0
    04/16/07 15:24:18 [Note]: FSRAW library version 1.7.1021
    04/16/07 15:29:34 [Note]: 7007 0


    Wie geht es jetzt weiter?
    Ich bekomme immer noch so ein "Windowsfenster" mit dem Hinweis meine besuchten Sexseiten werden gespeichert und können mir schaden zufügen etc. Sowie ungewollte Popups (trotz Blocker)...


    Was kann ich noch tun?


    Vielen Dank schon mal :lol:


    Armani31