Roter Kreis/Weisses Kreuz; Internet-Explorer funzt nicht mehr

C.G.M. · 16.10.2008, 11:42

Ich weiss dass es schon einen anderen Beitrag zu diesem oder zu einem ähnlichen Thema gibt! Seit gestern habe ich auf meinem PC (nicht dieser) einen roten Kreis mit weissem Kreuz in der Taskleiste. Ausserdem funktioniert Inetexplorer sowie Firefox nicht mehr. Ich denke dass ich irgendwo einen Virus aufgelesen habe. Gestern hat er mir noch angezeigt dass ich irgendein Virenprogramm downloaden müsse was ich aber nicht gemacht habe!

Ich hoffe ihr könnt mir helfen...

MfG C.G.M.

(PS: Ich bin kein Profi also kenne ich mich nicht mit allem aus und wäre deshalb froh wenn ihr eure Beiträge auch für Laien verständlich formulieren könntet. Danke!)

C.G.M. · 16.10.2008, 16:36

kann mir jemand helfen? ist echt wichtig! danke!

C.G.M. · 16.10.2008, 17:47

hm ich habe mich nun mal ein bisschen hier und in anderen foren informiert und bin auf anleitungen gestossen wie viren u.ä. entfernt werden! leider sind die anleitungen häufig damit verbunden, dass man ins internet muss um iwas runterzuladen... da ich aber nicht ins internet komme (der andere pc ist betroffen) bin ich irgendwie ratlos! hat jemand einen tipp für mich?

C.G.M. · 16.10.2008, 21:43

so ^^ nochmal ich...
ich habe nun den CCleaner laufen lassen, diese Malware-Prüfung und Windows-Scan gemacht und schliesslich noch HIJack...

Hier die Ergebnisse:

WINDOWS SCAN

Die 30 neuesten Dateien im Ordner Windows:

***** ***** ***** ***** *****
***** Scanning C:\WINDOWS *****
***** ***** ***** ***** *****

16.10.2008 wiadebug.log 20 19:159
16.10.2008 WindowsUpdate.log 20 19:1'631'796
16.10.2008 wiaservc.log 20 19:50
16.10.2008 bootstat.dat 20 19:2'048
16.10.2008 karna.dat 00 30:6'144
16.10.2008 SchedLgU.Txt 00 29:32'618
15.10.2008 zip3.tmp 13 19:4'096
15.10.2008 zipped.tmp 13 19:4'096
15.10.2008 zip2.tmp 13 19:4'096
15.10.2008 userconfig9x.dll 13 19:4'096
15.10.2008 zip1.tmp 13 19:4'096
15.10.2008 FVProtect.exe 13 19:4'096
15.10.2008 base64.tmp 13 19:4'096
15.10.2008 a.bat 13 19:4'096
15.10.2008 iTunesMusic.exe 13 19:4'096
15.10.2008 winsystem.exe 13 18:4'096
15.10.2008 mssecu.exe 13 18:4'096
15.10.2008 bdn.com 13 18:4'096
12.10.2008 NeroDigital.ini 20 50:229
12.10.2008 QTFont.qfn 19 45:54'156
22.09.2008 hpoins11.dat 20 42:121'178
21.09.2008 hpoins11.dat.temp 19 42:121'137
03.08.2008 QTFont.for 13 29:1'409
14.04.2008 win.ini 10 35:773
12.12.2007 flashax.exe 20 07:606'848
12.12.2007 impborl.dll 20 07:12'288
21.09.2007 iPod2PC3.obl 16 22:6

Die 50 neuesten Dateien im Ordner Windows\system32:

***** ***** ***** ***** *****
***** Scanning C:\WINDOWS\system32 *****
***** ***** ***** ***** *****

16.10.2008 wpa.dbl 20 19:1'158
16.10.2008 FNTCACHE.DAT 20 19:273'376
16.10.2008 MRT.INI 18 08:208
16.10.2008 wini104552663.exe 00 32:717
16.10.2008 karna.dat 00 30:6'144
15.10.2008 winlogonpc.exe 13 19:4'096
15.10.2008 hoproxy.dll 13 19:4'096
15.10.2008 VBIEWER.OCX 13 19:4'096
15.10.2008 mwin32.exe 13 19:4'096
15.10.2008 sncntr.exe 13 19:4'096
15.10.2008 taack.exe 13 19:4'096
15.10.2008 hxiwlgpm.exe 13 19:4'096
15.10.2008 taack.dat 13 19:4'096
15.10.2008 hxiwlgpm.dat 13 19:4'096
15.10.2008 psoft1.exe 13 19:4'096
15.10.2008 psof1.exe 13 19:4'096
15.10.2008 ps1.exe 13 19:4'096
15.10.2008 bsva-egihsg52.exe 13 19:4'096
15.10.2008 msnbho.dll 13 19:4'096
15.10.2008 ssurf022.dll 13 19:4'096
15.10.2008 medup020.dll 13 19:4'096
15.10.2008 medup012.dll 13 19:4'096
15.10.2008 netode.exe 13 18:4'096
15.10.2008 mtr2.exe 13 18:4'096
15.10.2008 msgp.exe 13 18:4'096
15.10.2008 temp#01.exe 13 18:4'096
15.10.2008 h@tkeysh@@k.dll 13 18:4'096
15.10.2008 dpcproxy.exe 13 18:4'096
15.10.2008 ssvchost.exe 13 18:4'096
15.10.2008 ssvchost.com 13 18:4'096
15.10.2008 regm64.dll 13 18:4'096
15.10.2008 regc64.dll 13 18:4'096
15.10.2008 msvchost.exe 13 18:4'096
15.10.2008 thun32.dll 13 18:4'096
15.10.2008 thun.dll 13 18:4'096
15.10.2008 Rundl1.exe 13 18:4'096
15.10.2008 emesx.dll 13 18:4'096
15.10.2008 newsd32.exe 13 18:4'096
15.10.2008 akttzn.exe 13 18:4'096
15.10.2008 vcatchpi.dll 13 18:4'096
15.10.2008 anticipator.dll 13 18:4'096
15.10.2008 winsystem.exe 13 18:4'096
15.10.2008 mssecu.exe 13 18:4'096
15.10.2008 bdn.com 13 18:4'096
15.10.2008 WINWGPX.EXE 13 18:4'096
15.10.2008 sysreq.exe 13 18:4'096
15.10.2008 awtoolb.dll 13 18:4'096

***** ***** ***** ***** *****
***** Scanning C:\WINDOWS\system32\drivers\etc\hosts *****
***** ***** ***** ***** *****

127.0.0.1 serial.alcohol-soft.com

***** ***** ***** ***** *****
***** Scanning Processe *****
***** ***** ***** ***** *****

Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ===== ================ ========== ===============
System Idle Process 0 Console 0 16 K
System 4 Console 0 152 K
smss.exe 688 Console 0 160 K
csrss.exe 752 Console 0 2'628 K
winlogon.exe 776 Console 0 4'060 K
services.exe 824 Console 0 2'848 K
lsass.exe 836 Console 0 3'476 K
svchost.exe 988 Console 0 2'252 K
svchost.exe 1068 Console 0 2'700 K
svchost.exe 1156 Console 0 13'208 K
keyboardsurrogate.exe 1228 Console 0 6'132 K
svchost.exe 1284 Console 0 1'688 K
svchost.exe 1488 Console 0 2'176 K
spoolsv.exe 1796 Console 0 2'616 K
wisptis.exe 320 Console 0 2'520 K
tabbtnu.exe 368 Console 0 1'132 K
explorer.exe 532 Console 0 10'584 K
ctfmon.exe 584 Console 0 1'892 K
tcserver.exe 728 Console 0 10'612 K
digtizer.exe 1244 Console 0 1'864 K
fsgk32st.exe 1348 Console 0 304 K
FSMA32.EXE 1064 Console 0 552 K
igfxext.exe 1420 Console 0 1'872 K
fsgk32.exe 1448 Console 0 2'144 K
HPZipm12.exe 1568 Console 0 804 K
svchost.exe 1916 Console 0 2'396 K
FSMB32.EXE 2044 Console 0 920 K
huroferu.exe 716 Console 0 6'492 K
jusched.exe 1008 Console 0 1'068 K
ltmoh.exe 1020 Console 0 1'936 K
tabtip.exe 1104 Console 0 10'856 K
igfxtray.exe 1112 Console 0 1'996 K
hkcmd.exe 1120 Console 0 2'160 K
FjEvents.exe 576 Console 0 684 K
FjDspMon.exe 1308 Console 0 1'788 K
igfxext.exe 1384 Console 0 1'812 K
FjMnuIco.exe 1204 Console 0 1'972 K
Apoint.exe 1388 Console 0 2'776 K
realsched.exe 1988 Console 0 144 K
qttask.exe 2100 Console 0 1'532 K
iTunesHelper.exe 2108 Console 0 2'172 K
LAUNCH~1.EXE 2116 Console 0 6'304 K
FSM32.EXE 2124 Console 0 780 K
PcSync2.exe 2228 Console 0 5'056 K
svchost.exe 2252 Console 0 6'948 K
MPAPI3s.exe 2316 Console 0 1'608 K
FCH32.EXE 2488 Console 0 1'392 K
ServiceLayer.exe 2632 Console 0 3'332 K
fssm32.exe 2672 Console 0 19'044 K
fsqh.exe 2808 Console 0 376 K
FAMEH32.EXE 2820 Console 0 420 K
iPodService.exe 3312 Console 0 1'844 K
fsguidll.exe 3348 Console 0 4'128 K
fsaua.exe 3500 Console 0 4'764 K
fsdfwd.exe 3548 Console 0 4'496 K
ApntEx.exe 3732 Console 0 1'336 K
fsus.exe 3896 Console 0 1'584 K
wuauclt.exe 3256 Console 0 1'424 K
fsav32.exe 2924 Console 0 1'772 K
cmd.exe 3600 Console 0 1'872 K
tasklist.exe 2768 Console 0 4'640 K
wmiprvse.exe 284 Console 0 5'616 K

Microsoft Windows XP [Version 5.1.2600]

http://www.paules-pc-forum.de
***** Malware Team *****

***** Ende des Scans 16.10.2008 um 22:22:32.89 ***

HiJAck:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:24:37, on 16.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\System32\digtizer.exe
C:\Programme\Bluewin Security\Anti-Virus\fsgk32st.exe
C:\Programme\Bluewin Security\Common\FSMA32.EXE
C:\Programme\Bluewin Security\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Bluewin Security\Common\FSMB32.EXE
D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pezmnyhk\huroferu.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programme\ltmoh\Ltmoh.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\Fujitsu\Utils\fjevents.exe
C:\Programme\Fujitsu\Utils\FjDspMon.exe
C:\WINDOWS\System32\igfxext.exe
C:\Programme\Fujitsu\Utils\FjMnuIco.exe
C:\Programme\Apoint2K\Apoint.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programme\Bluewin Security\Common\FSM32.EXE
C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programme\Bluewin Security\Common\FCH32.EXE
C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
C:\Programme\Bluewin Security\Anti-Virus\fssm32.exe
C:\Programme\Bluewin Security\Anti-Virus\fsqh.exe
C:\Programme\Bluewin Security\Common\FAMEH32.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Bluewin Security\FSGUI\fsguidll.exe
C:\Programme\Bluewin Security\FSAUA\program\fsaua.exe
C:\Programme\Bluewin Security\FWES\Program\fsdfwd.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Bluewin Security\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Bluewin Security\Anti-Virus\fsav32.exe
G:\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar\01.01.2607.0\msgr.de.de-ch\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [TabletTip] "C:\Programme\Gemeinsame Dateien\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [FjEvents] C:\Programme\Fujitsu\Utils\fjevents.exe
O4 - HKLM\..\Run: [FjDspMon] C:\Programme\Fujitsu\Utils\FjDspMon.exe
O4 - HKLM\..\Run: [Fujitsu Menu] C:\Programme\Fujitsu\Utils\FjMnuIco.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\Bluewin Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\Bluewin Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [d9DM5qGijp] D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pezmnyhk\huroferu.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4E7BD74F-2B8D-469E-DCF7-E869A199B87D} - http://services.bluewin.ch/toolbar/cab/bluewin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {86EEB6E3-B3D0-4322-AA14-1FBFB46B48FF} (Perspectix P'X5 Configurator (vUSM)) - https://www.usmshop.com/vusm/plugin/4.0/npvusm-4.0.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DA511858-B44C-439E-A0EA-704ED20035E7} (EphoxEditLive4.EditLive) - http://www.beepworld.de/hp/activexeditor/editlive4.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata...PSUploader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/de/check/qdiagh.cab?326
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Programme\Bluewin Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programme\Bluewin Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\Bluewin Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\Bluewin Security\Common\FSMA32.EXE
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MrobeService - Unknown owner - C:\WINDOWS\system32\MRobeService.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe

--
End of file - 10213 bytes

ich kenn mich da sowieso nicht aus!!! das malware prog hat 121 infizierte objekte gefunden... sieht ziemlich böse aus

kann mir jemand sagen wie ich weiter vorgehen soll? was muss ich beachten?

BITTE HELFT MIR!

C.G.M. · 16.10.2008, 22:01

MALWARE

Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1134
Windows 5.1.2600 Service Pack 2

16.10.2008 22:58:33
mbam-log-2008-10-16 (22-58-33).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 47802
Laufzeit: 9 minute(s), 40 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 38
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 7
Infizierte Dateien: 69

Infizierte Speicherprozesse:
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\toolband.xttbpos00 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77d6ddfa-7834-4541-b2b3-a8b0fb0e3924} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4bd2d6c3-31dc-b947-23d0-dc52ec4f0c4c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolband.xttbpos00.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\d9dm5qgijp (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programme\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Infizierte Dateien:
D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pezmnyhk\huroferu.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Programme\ICQToolbar\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programme\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
d:\Dokumente und Einstellungen\colocator\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.

WIE GEHE ICH WEITER VOR???

C.G.M. · 17.10.2008, 09:52

der inetexplorer und firefox funzen jetzt wieder! leider habe ich immer noch ein ungutes gefühl... schliesslich hat mir das malwareprog 121 infizierte dateien angezeigt! die können ja nicht alle weg sein oder?

C.G.M. · 18.10.2008, 10:26

echt der hammer wie man hier behandelt wird... kommt jemand der sich mit solchem zeug auskennt und wird gleich vergöttert und man kaut ihm jeden kleinen schritt vor! komme ich, der keine ahnung hat, und poste hier mal mein problem weil ich dachte dass ihr mir vielleicht helfen könnt... finde es echt ein bisschen scheisse! sorry für die ausdrucksweise aber ich kanns nicht anders sagen!

Ela____ · 21.10.2008, 17:54

Zitat:

Zitat von C.G.M.

echt der hammer wie man hier behandelt wird... kommt jemand der sich mit solchem zeug auskennt und wird gleich vergöttert und man kaut ihm jeden kleinen schritt vor! komme ich, der keine ahnung hat, und poste hier mal mein problem weil ich dachte dass ihr mir vielleicht helfen könnt... finde es echt ein bisschen scheisse! sorry für die ausdrucksweise aber ich kanns nicht anders sagen!

Hallo..

ja mir gings hier genauso,..hab auch dasselbe Problem mit dem roten x in der Leiste rechts unten, das is antispyware 2009,...

viel mehr als als die sachen auf die seite posten und den CCleaner benutzen kann man eh nicht machen,.. klar, es gibt noch mehrere möglichkeiten mit versch. einstellungen von combofix, aber da sollte uns auch jemand helfen der sich ein bisschen mehr auskennt..

aber du kannst (fals du den virus erst seit ein paar tagen hast) versuchen eine systemwiederherstellung zu machen! das setztr deinen PC an einen früheren zeitpunkt zurück,.. an einen zeitpunkt an dem der virus noch nicht da war!

geh einfach auf start - programme - zubehör - systemprogramme - systemwiederherstellung

da suchst du dir dann ein datum aus u der pc wird wieder frei von dem plagegeist

aber nicht vergessen: alle sachen die du seitdem am pc gespeichert hast usw sind dann weg,.. alles vorher auf einen usb stick schmeißn das nichts verloren geht!

lg
manu

Roter Kreis/Weisses Kreuz; Internet-Explorer funzt nicht mehr

Plagegeister aller Art und deren Bekämpfung: Roter Kreis/Weisses Kreuz; Internet-Explorer funzt nicht mehr