Also ich hab letztens mir i-wie nen Virus oder ähnliches eingefangen.

Mein Hauptproblem ist das mein gesamtes System verlangsamt und auch instabiel ist. Das zweite ist beim Surfen mit dem IE7 öffnen sich immer riesige Pop-Up's mit Werbung aller Art: O2, Glatiatus, Quelle, und so Handy-Klingelton downloads. Diese Werbung kommt glaub ich durch "Virtumonde" soviel hab ich über Google schon rausbekommen nur leider Kann mein Kaspersky es nicht Desinfiziren auserdem hab ich noch 3 andere Viren drauf (so sagt es Kaspersky)

Ich hab es mal gescreent:


Konzentriert euch nur auf den Rot makierten Bereich den alles daruber war ein Virus vor 2 Monaten oder so den ich aber mit eurer Hilfe auch wegbekommen hab.

Ich hab CCleaner auch schon durchlaufen lassen und Spyware Doctor hat auch nen bisschen gefunden und auch desinfiziert:

Schau hier:



Ich versuche es jetzt nur noch 1 Mal mit eurer Hilfe die Dinger wegzubekommen, wenn nicht muss ich wohl meine Recovery CD reinlegen.

Also bitte Helft mir!!!

Sagt mir einfach schritt für schritt was ich machen soll da ich ein voll Noob auf diesem Gebiet bin


MFG
Jannis

Hallo Janis

Bitte erstelle als erstes ein HijackThis Logfile (der Link ist in meiner Signatur) und poste es hier.
Danach sehen wir weiter

OK hab das jetzt soweit gemacht

Logfile of Trend Micro HijackThis v2.0.2

[edit]
bitte editiere zukünftig deine links, wie es dir u.a. hier angezeigt wird:
http://www.trojaner-board.de/22771-a...tml#post171958

danke
GUA
[/edit]

Bitte editiere als erstes noch die Links und lasse dan Malwarebytes laufen und poste den Report.
Das HijackThis Logfile schaue ich mir gerade an.

Also als erstes "fixe" folgende Einträge mit HiJackThis (Beschreibung findest du auf der Seite die in meiner Signatur angegeben ist):

O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: emotrlq - {741023D3-8067-4EBD-9D57-AD8C659DEBD5} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)


Nun lädst du bitte folgende Dateien hier oder hier hoch und lässt sie online überprüfen:

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\abmludgl\wlkxgzcl.exe
C:\WINDOWS\system32\rfnxfglu.dll",b

Bitte beende im Taskmanager folgende Prozesse:

wlkxgzcl.exe
rfnxfglu.dll",b

Nachdem du die Prozesse im Taskmanager beendet hast, fixe folgende Einträge mit Hijackthis

O4 - HKLM\..\Policies\Explorer\Run: [OriA30H1uB] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\abmludgl\wlkxgzcl.exe
O4 - HKLM\..\Run: [08cad989] rundll32.exe "C:\WINDOWS\system32\rfnxfglu.dll",b

Danach auch ein neues HijackThis Logfile posten bitte und die Reports vom OnlineScan nicht vergessen

Ok hier erst mal der Report von Maleware.

(Da sind jetzt 84 in Quarantäne)

Zitat:

Malwarebytes' Anti-Malware 1.11
Datenbank Version: 648

Scan Art: Komplett Scan (C:\|)
Objekte gescannt: 325087
Scan Dauer: 1 hour(s), 51 minute(s), 12 second(s)

Infizierte Speicher Prozesse: 1
Infizierte Speicher Module: 2
Infizierte Registrierungsschlüssel: 21
Infizierte Registrierungswerte: 4
Infizierte Datei Objekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 59

Infizierte Speicher Prozesse:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\abmludgl\wlkxgzcl.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Infizierte Speicher Module:
C:\WINDOWS\system32\hgGwUNhG.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\rfnxfglu.dll (Trojan.Vundo) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9852541-00d6-4d80-beee-2fea098da5e9} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c9852541-00d6-4d80-beee-2fea098da5e9} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c14e6230-757d-4246-81ce-b34e2940c722} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\emotrlq.bvpr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\emotrlq.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{741023d3-8067-4ebd-9d57-ad8c659debd5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{58724766-a7ea-49dc-8aa8-aa897a606b57} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{91362f7b-4d5c-4e26-8324-7354b4201492} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\OriA30H1uB (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c14e6230-757d-4246-81ce-b34e2940c722} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{741023d3-8067-4ebd-9d57-ad8c659debd5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggwunhg -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggwunhg -> Delete on reboot.

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\hgGwUNhG.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\GhNUwGgh.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\GhNUwGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rfnxfglu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ulgfxnfr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ulgfxnfr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\abmludgl\wlkxgzcl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programme\GpotatoEu\Flyff\uninst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4CCF4E2E-CAFA-4858-8DC7-65A22BABA1BA}\RP552\A0083996.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4CCF4E2E-CAFA-4858-8DC7-65A22BABA1BA}\RP555\A0084061.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\whwdipgp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32h@tkeysh@@k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ps1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Das andere mach ich jetzt sofort und posten den Bericht wieder

MFG
Jannis