Hallo Norbert
Schalte PC vom Internet ab
Schalte Antivirus ab
Schalte Systemwiederherstellung ab
Fixe mit Hijackthis
Код:
O2 - BHO: (no name) - {275E5BCB-8ECC-4D36-8066-4342D8B05883} - C:\WINDOWS\system32\xxyyyYsT.dll
O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - C:\WINDOWS\system32\urqOGARH.dll
O20 - Winlogon Notify: urqOGARH - C:\WINDOWS\SYSTEM32\urqOGARH.dll
Führe das Script aus
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteService('iMSPCLOj');
DelCLSID('{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}');
RegKeyDel('HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {BE7E4CE1-8CBA-44A6-956F-462A667D3286}',' ');
RegKeyDel('HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, BM251a25c3',' ');
RegKeyDel('HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUmlmNF, DLLName','');
RegKeyDel('HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqOGARH, DLLName','');
QuarantineFile('C:\WINDOWS\system32\efcCvVmJ.dll','');
QuarantineFile('C:\DOKUME~1\Kim\LOKALE~1\Temp\iMSPCLOj.sys','');
QuarantineFile('wvUmlmNF.dll','');
QuarantineFile('urqOGARH.dll','');
QuarantineFile('appmgmts.dll','');
QuarantineFile('C:\WINDOWS\system32\ssnwvyxb.dll','');
QuarantineFile('C:\WINDOWS\system32\urqOGARH.dll','');
QuarantineFile('C:\WINDOWS\system32\xxyyyYsT.dll','');
QuarantineFile('C:\WINDOWS\system32\fpecdmxc.dll','');
DelBHO('{538fb07a-7413-453a-947f-5d28ce377494}');
DelBHO('{9B09908A-E215-4E28-AA3F-343B646CBDD5}');
DelBHO('{BE7E4CE1-8CBA-44A6-956F-462A667D3286}');
DelBHO('{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\usb323.exe','');
DeleteFile('F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\usb323.exe');
DeleteFile('F:\autorun.inf');
DeleteFile('D:\autorun.inf');
DeleteFile('C:\autorun.inf');
DeleteFile('C:\WINDOWS\system32\fpecdmxc.dll');
DeleteFile('C:\WINDOWS\system32\xxyyyYsT.dll');
DeleteFile('C:\WINDOWS\system32\urqOGARH.dll');
DeleteFile('urqOGARH.dll');
DeleteFile('wvUmlmNF.dll');
DeleteFile('C:\WINDOWS\system32\ssnwvyxb.dll');
DeleteFile('C:\DOKUME~1\Kim\LOKALE~1\Temp\iMSPCLOj.sys');
DeleteFile('C:\WINDOWS\system32\efcCvVmJ.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Nach dem Neustart leere alle Temp-Ordner, Papierkorb, Browser Cache etc. (mit CCLeaner od. ClearProg - googlen, um zu finden).
Uploade die Quarantäne über den roten Link oben an der Seite.
Wiederhole die Logfiles.