Hallo ihr lieben,

mein PC wurde durch dieses Mistprogramm infiziert und ich hab jetzt erst wie empfohlen rkill bzw iExplore drübergejagt und jetzt Malware. Das LOG dazu poste ich hier, ich hoffe, daß das was gebracht hat, denn nach rkill alleine tauchte das Mistding wieder auf.


Hier also das LOG:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4329

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.07.2010 09:11:54
mbam-log-2010-07-20 (09-11-54).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 132787
Laufzeit: 6 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 16
Infizierte Registrierungswerte: 7
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 4
Infizierte Dateien: 12

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5jf-4fcb-11cf-aaa5-00401c6xx500} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5jf-4fcb-11cf-aaa5-00401c6xx500} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47a7d0d3-f625-4013-8feb-b3b6aaae6a0c} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{47a7d0d3-f625-4013-8feb-b3b6aaae6a0c} (Adware.AdRotator) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rvrlpupk (Trojan.FakeAV) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rvrlpupk (Trojan.FakeAV) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\Ihr Name\Anwendungsdaten\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Ihr Name\Anwendungsdaten\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spynet (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\spynet\mswin8.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Ihr Name\Lokale Einstellungen\Anwendungsdaten\aytgfmteb\bhahxbxtssd.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Ihr Name\Lokale Einstellungen\Temp\naorsmexwc.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Ihr Name\Lokale Einstellungen\Temp\uhedyvt.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Ihr Name\Lokale Einstellungen\Temp\eblmw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Ihr Name\Lokale Einstellungen\Temp\rropyvnl.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Ihr Name\Lokale Einstellungen\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Ihr Name\Lokale Einstellungen\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Ihr Name\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xgvkp.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Ach Du dickes Ei, ich bin doch ein Techniklegasteniker. Ich seh es mir heut Abend an und werd es versuchen. Liebe Grüße