Hallo zusammen,

hatte AntiSpy Check bei einem Onkel auf dem Rechner gefunden, dann Malwarebytes Anti-Malware drüber laufen lassen und alles Gefundene entfernt. Jetzt scheint alles wieder in Ordnung zu sein, keine Fake-Meldungen oder Ähnliches treten mehr auf. Kann sich jemand bitte trotzdem mal noch den Log-File ansehen und mir sagen, ob das jetzt alles so passt? Dankeschön.

[log]
Malwarebytes' Anti-Malware 1.25
Datenbank Version: 1078
Windows 5.1.2600 Service Pack 2

14:39:28 23.08.2008
mbam-log-08-23-2008 (14-39-28).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|)
Durchsuchte Objekte: 111879
Laufzeit: 24 minute(s), 42 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 29
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 25

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\dsaip32b.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\ouhzw.dll (Trojan.Zlob) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pandsf.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spywarning.warningbho (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spywarning.warningbho.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fce457ad-1cfc-4dc7-98da-047af95f8b98} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{300cf5c9-f02d-4cb8-abed-9c229da56825} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{687a466a-d7cb-4fdf-965c-92462a82d7f0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{687a466a-d7cb-4fdf-965c-92462a82d7f0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687a466a-d7cb-4fdf-965c-92462a82d7f0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{fce457ad-1cfc-4dc7-98da-047af95f8b98} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300cf5c9-f02d-4cb8-abed-9c229da56825} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\files secure (Rogue.Files-Secure) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\dsaip32b.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dsaip32b.Video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FilesSecure (Rogue.Files-Secure) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Live.com (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\pandsf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\Files-Secure (Rogue.Files-Secure) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\ouhzw.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\dsaip32b.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\G8FA-tmpa1i.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\~nsu.tmp\Au_.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SSY9F8US\un[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programme\Files-Secure\secure.exe (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EC266BFE-257B-4355-BCA2-2B7CB888659E}\RP77\A0016482.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EC266BFE-257B-4355-BCA2-2B7CB888659E}\RP89\A0019178.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EC266BFE-257B-4355-BCA2-2B7CB888659E}\RP89\A0019179.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Programme\Files-Secure\secure.db1 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Programme\Files-Secure\secure.db2 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Programme\Files-Secure\secure.db3 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Programme\Files-Secure\secure.db4 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Programme\Files-Secure\secure.db5 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Programme\Files-Secure\Uninstall.exe (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\xmp.bat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\wgve1.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\wgve2.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Favoriten\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
[/log]

gruß
berndbernd2

Hallöle. Da würde ich nochmal Smitfraudfix drüber gucken lassen.

Folge dieser Anleitung (Analyse und Bereinigung) und poste den rapport.

Und ein Scan mit SUPERAntiSpyware kann auch nicht schaden..