Windows Security Center / 50 EUR Virus

peterreiser

Schönen guten Tag,

auch ich habe mich leider mit dem "50 EUR Virus" infiziert und bitte um Eure Hilfe.

Der infizierte Computer zeigt, sobald ich mich mit dem Internet verbinde, mit einigen Minuten Verspätung die "Windows Security" Seite und verlangt 50 EUR Gebühr.

Ich habe trotz mehrmaligem Virenscan mit AVIRA keinen Virenfund gehabt.
Auch der TDSSKiller von Kaspersky brachte keine Meldung.

Unten habe ich die "dds.txt" angeführt und als zip "attach.txt" , "Gmer.txt" und "defogger_disable.log" beigefügt.

Ich danke Euch für Eure Hilfe.

Freundliche Grüße, P. Reiser.
--------------------------------------------------
Hier die dds.txt:
--------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by *** at 11:09:13 on 2012-02-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1013.782 [GMT 1:00]
.
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ch/
uSearch Page = ${URL_SEARCHPAGE}
uSearch Bar = hxxp://www.google.com/ie
mSearch Page = ${URL_SEARCHPAGE}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Eazel-DE Toolbar: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - c:\programme\eazel-de\prxtbEaz2.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\programme\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\programme\divx\divx plus web player\npdivx32.dll
BHO: Eazel-DE Toolbar: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - c:\programme\eazel-de\prxtbEaz2.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programme\java\jre1.6.0_02\bin\ssv.dll
TB: Eazel-DE Toolbar: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - c:\programme\eazel-de\prxtbEaz2.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [{CBA72718-FF04-11DE-BD10-806D6172696F}] c:\dokumente und einstellungen\***\anwendungsdaten\microsoft\audiodb.exe
mRun: [Hercules DJ Series] c:\programme\hercules\audio\dj console series\HDJSeriesCPL.exe /boot
mRun: [VVSN] c:\programme\vvsn\VVSN.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\programme\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
TCP: Interfaces\{9EDAFA5B-EC50-4E07-BCCD-D23447BE0413} : NameServer = 194.24.128.100,81.3.216.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\programme\gemeinsame dateien\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\bia9j4lr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at
FF - plugin: c:\programme\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\programme\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\programme\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\programme\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\programme\divx\divx plus web player\firefox\wpa
.
============= SERVICES / DRIVERS ===============
.
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-9-12 156160]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\programme\hercules\audio\dj console series\drivers\x86\HerculesDJControlMP3.EXE [2011-8-6 20480]
S2 Micro Star SCM;Micro Star SCM;c:\programme\system control manager\MSIService.exe [2008-9-23 159744]
S2 MLPTDR_N;MLPTDR_N;c:\windows\system32\MLPTDR_N.SYS [2003-7-19 18848]
S2 NIHardwareService;NIHardwareService;c:\programme\gemeinsame dateien\native instruments\hardware\NIHardwareService.exe [2011-4-7 3857408]
S2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2011-12-29 14976]
S2 SRS_PostInstaller;SRS PostInstaller Service;c:\programme\srs labs\wowhd and tsxt driver\SRS_PostInstaller.exe [2008-9-5 69632]
S3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [2011-8-6 160000]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJAsioK.sys [2011-8-6 220416]
S3 HDJMidi;Hercules DJ Console Mk4 MIDI;c:\windows\system32\drivers\HDJMidi.sys [2011-8-6 225408]
S3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [2008-9-5 22528]
S4 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-5-17 136176]
S4 gupdatem;Google Update-Dienst (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-5-17 136176]
S4 Symantec Core LC;Symantec Core LC;c:\progra~1\gemein~1\symant~1\ccpd-lc\symlcsvc.exe [2009-3-3 1245064]
.
=============== Created Last 30 ================
.
2012-02-19 09:26:31 -------- d-----w- c:\programme\uTorrent
2012-02-19 09:25:41 -------- d-----w- c:\dokumente und einstellungen\***\anwendungsdaten\uTorrent
2012-02-17 09:41:27 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-17 09:41:27 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-16 19:41:48 -------- d-----w- c:\programme\Tomb Raider II Gold (Full Net)
2012-01-23 17:09:10 -------- d-----w- c:\programme\Jeskola
.
==================== Find3M ====================
.
2012-02-19 10:48:38 2060336 ----a-w- C:\TDSSKiller.exe
2012-01-12 17:20:28 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-11-25 21:57:03 293888 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 11:10:06,70 ===============