Virus ...ich bitte um Hilfe Inst_312s1.exe

Hijackthis
 
Hijackthis downloaden und anwenden,anschliesend das Logfile posten.
Hier ist eine bebilderte Anleitung
Hijackthis






MalwareBytes' Anti-Malware

Download:MalwareBytes' Anti-Malware


Installiere das Programm in den vorgegebenen Pfad.
Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
Lasse es online updaten (Reiter Updates), wenn das nicht automatisch passiert (ca. 1 MB).
Aktiviere "Quick Scan" => Scan.
Wähle alle verfügbaren Laufwerke aus und starte den Scan.
Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
Versichere Dich, dass alle Funde markiert sind und drücke "Löschen".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden. 

Daten sichern,neu instalieren.andere sachen sind reine voodoozaubereien.

Hallo,
bin soweit Deinem Rat gefolgt und poste den Bericht. Hoffe Du kannst damit was anfangen??? Nach dem ersten Scan kamn allerdings die Meldung, dass nicht alles gelöscht werden konnt und ich den Rechner neu starten soll. Beim zweiten Scancersuch kam folgende Fehlermeldung: Error Code 721 (0,14)

Hier der Bericht:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3156
Windows 5.1.2600 Service Pack 1

12.11.2009 23:08:34
mbam-log-2009-11-12 (23-08-34).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 114755
Laufzeit: 10 minute(s), 49 second(s)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 11
Infizierte Registrierungswerte: 7
Infizierte Dateiobjekte der Registrierung: 8
Infizierte Verzeichnisse: 0
Infizierte Dateien: 49

Infizierte Speicherprozesse:
C:\WINDOWS\pp12.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\freddy73.exe (Worm.KoobFace) -> Unloaded process successfully.

Infizierte Speichermodule:
c:\WINDOWS\system32\fio32.dll (Worm.KoobFace) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fioo32 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fioo32 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fioo32 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fio32 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FIO32 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FIOO32 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SfX (Rootkit.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.Koobface) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\captcha7 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\fioo32 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wab (Trojan.Dropper) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\Castor\ANWEND~1\MACROM~1\Common\429700261.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\Castor\ANWEND~1\MACROM~1\Common\429700261.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\Castor\ANWEND~1\MACROM~1\Common\429700261.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\Castor\ANWEND~1\MACROM~1\Common\429700261.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\Castor\ANWEND~1\MACROM~1\Common\429700261.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\Castor\ANWEND~1\MACROM~1\Common\429700261.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\Castor\ANWEND~1\MACROM~1\Common\429700261.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\Castor\ANWEND~1\MACROM~1\Common\429700261.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\pp12.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fio32.dll (Worm.KoobFace) -> Delete on reboot.
C:\WINDOWS\ld15.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Programme\captcha.dll (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Castor\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KHERC1I3\Inst_312s1[2].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7EF4A3-591C-41A9-995D-CB6B6B2D1201}\RP95\A0295531.dll (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7EF4A3-591C-41A9-995D-CB6B6B2D1201}\RP96\A0295538.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7EF4A3-591C-41A9-995D-CB6B6B2D1201}\RP96\A0296531.dll (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7EF4A3-591C-41A9-995D-CB6B6B2D1201}\RP97\A0301532.dll (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\twitty04.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\freddy70.exe (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\freddy71.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\freddy72.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1255630224.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1255640160.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1255765221.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1256395571.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1256942336.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1257063731.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1257064627.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1257189460.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1257198149.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1257357268.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1257458095.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1257707070.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1257797144.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1257798861.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1257882199.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1258052334.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1255465907.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1256465982.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1256465983.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1257275654.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1257275657.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1257275658.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146116101.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464855.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464955.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465055.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465155.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465248.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Castor\Anwendungsdaten\Macromedia\Common\429700261.dll (Hijack.Sound) -> Quarantined and deleted successfully.
C:\WINDOWS\freddy73.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\tw23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Castor\Anwendungsdaten\Macromedia\Common\4297002619.exe (Trojan.Dropper) -> Quarantined and deleted successfully.


Was meinst Du?

Hör aus,herumzuspielen und setze das system neu auf.das ist so verseucht,das bekommt man nicht mehr sauber.
 

Ok, dann hilft nur noch Daten sichern und komplett neu installieren.
Aber wie kann ich Sicher sein, dass ich nicht bei den gesicherten Daten einen Virus, Trojaner, Wurm o.ä. mit kopiere?

verwende einfach paldo live cd zum sichern.

Ok das beste ist dann noch Format C,geht auch viel schneller
Du kannst alles sichern ausser ausführbare daten..
Allso Musik,Bilder,Videos,E-mails,Dokumente kannst du gefahrlos sichern...

Ok, dann hilft nur noch Daten sichern und komplett neu installieren.
Aber wie kann ich Sicher sein, dass ich nicht bei den gesicherten Daten einen Virus, Trojaner, Wurm o.ä. mit kopiere?

NUR Daten / Datenbanken sichern .
Viren verstecken sich fast nur in Programmen / Systemteilen .
Daten VOR Rück-Übernahme auf Viren testen !! 

Vor erstem Internetkontakt ein AV-Prog installieren , dann sofort über Internet aktualisieren .
Lade es dir ggf jetzt sofort runter und sicher es mit .