WinXP rundll32.exe öffnen schädliche Website

Hallo,
auf meinem WinXP PC bekommen ich seit heute die Meldung:
avast! Web-Schutz hat eine schädliche Webseite oder Datei blockiert.
Objekt: http://download.newnext.me/spark.bin?rnd=2836818799
Infektion: URL:Mal
Prozess C:\WINDOWS\system32\rundll32.exe

Und davon in der Minute so ~20
Was kann ich dagegen tun (also dass die rundll32.exe das nicht mehr öffnen will, so verstehe ich das zumindest)?

Bitte, helft mir!

Danke
xphilpj

P.S. Ja, das FAQ habe ich schon durchsucht…nichts gefunden -.-

If you can understand English

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[]Select LOP and Purity
[
]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir “%systemdrive%*” /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

Yes, I understand english :slight_smile: I’m from Germany, but I learn english in school!
Thanks for your fast reply!
I hope you can say me something, what I can do…here are the results of the ‘test’:

It is much better than my German :slight_smile:

It appears to have been installed as part of this programme C:\Programme\AnimatorDVSimple

So lets now remove it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-796845957-1220945662-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={097A61A6-7F7B-4975-807B-FF3F8EA5BCCE}&mid=&lang=de&ds=rn011&pr=sa&d=2012-04-08 15:33:50&v=10.2.0.3&sap=hp
IE - HKU\S-1-5-21-796845957-1220945662-1417001333-1003\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=desktop&s={searchTerms}&f=4
IE - HKU\S-1-5-21-796845957-1220945662-1417001333-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={097A61A6-7F7B-4975-807B-FF3F8EA5BCCE}&mid=&lang=de&ds=rn011&pr=sa&d=2012-04-08 15:33:50&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-796845957-1220945662-1417001333-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-796845957-1220945662-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: File not found
[2012.04.08 14:33:37 | 000,003,676 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml
O2 - BHO: (no name) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-1220945662-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-1220945662-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-1220945662-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-1220945662-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
[2014.01.20 18:34:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Junior\Anwendungsdaten\newnext.me
[2014.01.20 18:34:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Junior\Lokale Einstellungen\Anwendungsdaten\Mobogenie
[2014.01.20 18:34:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Junior\Eigene Dateien\Mobogenie
[2014.01.20 18:34:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Junior\Lokale Einstellungen\Anwendungsdaten\genienext
[2014.01.20 18:34:15 | 000,000,000 | ---D | C] -- C:\Bio
[2014.01.20 18:34:06 | 000,000,000 | ---D | C] -- C:\Programme\Mobogenie
[2012.12.16 11:54:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2014.02.18 17:03:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Junior\Anwendungsdaten\newnext.me

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.