IE zeigt selbstständig Werbung, explorer.exe crashed

akreusch

Hi,

danke für die Hilfe! Es sieht nach einem Volltreffer aus:

1.0) Virustotal Ergebnisse:

1.1) C:\WINDOWS\mrofinu1044.exe:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2007.12.20.10 2007.12.19 -
AntiVir 7.6.0.45 2007.12.19 TR/Crypt.ULPM.Gen
Authentium 4.93.8 2007.12.19 -
Avast 4.7.1098.0 2007.12.18 Win32:Agent-NMX
AVG 7.5.0.503 2007.12.19 Downloader.Generic6.ZUK
BitDefender 7.2 2007.12.19 Trojan.Downloader.Agent.YWO
CAT-QuickHeal 9.00 2007.12.19 TrojanDownloader.Agent.gat
ClamAV 0.91.2 2007.12.19 -
DrWeb 4.44.0.09170 2007.12.19 Trojan.DownLoader.38055
eSafe 7.0.15.0 2007.12.18 suspicious Trojan/Worm
eTrust-Vet 31.3.5387 2007.12.19 -
Ewido 4.0 2007.12.19 Downloader.Agent.gat
FileAdvisor 1 2007.12.19 -
Fortinet 3.14.0.0 2007.12.19 W32/Dloader.QQN!tr
F-Prot 4.4.2.54 2007.12.18 -
F-Secure 6.70.13030.0 2007.12.19 Trojan-Downloader.Win32.Agent.gat
Ikarus T3.1.1.15 2007.12.19 Trojan-Downloader.Win32.Agent.bls
Kaspersky 7.0.0.125 2007.12.19 Trojan-Downloader.Win32.Agent.gat
McAfee 5188 2007.12.18 Downloader.gen.a
Microsoft 1.3109 2007.12.19 TrojanDropper:Win32/Agent.UJ
NOD32v2 2733 2007.12.19 Win32/TrojanDownloader.Agent.BLS
Norman 5.80.02 2007.12.19 W32/DLoader.ERBV
Panda 9.0.0.4 2007.12.18 Adware/Borlander
Prevx1 V2 2007.12.19 Heuristic: Suspicious File With Outbound Communications
Rising 20.23.22.00 2007.12.19 Trojan.Win32.Undef.ael
Sophos 4.24.0 2007.12.19 Mal/HckPk-D
Sunbelt 2.2.907.0 2007.12.19 Trojan.Crypt.ULPM.Gen
Symantec 10 2007.12.19 Trojan Horse
TheHacker 6.2.9.164 2007.12.18 Trojan/Downloader.Agent.gat
VBA32 3.12.2.5 2007.12.19 Trojan.DownLoader.38055
VirusBuster 4.3.26:9 2007.12.18 -
Webwasher-Gateway 6.6.2 2007.12.19 Trojan.Crypt.ULPM.Gen
weitere Informationen
File size: 39936 bytes
MD5: ea132b3aedbef5cd918c147581242889
SHA1: b8dec1fae44e7bbd8d9f23a8bc2d632544f615e4
PEiD: -
packers: UPX
packers: UPX
packers: UPX
packers: PE_Patch.Upolyx, PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=634FF2A00098D55F9C58006A64CF7100C4E4CF13


1.2) C:\WINDOWS\system32\xpudgiql.dll

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2007.12.20.10 2007.12.19 Win-AppCare/Virtumonde.86080.B
AntiVir 7.6.0.45 2007.12.19 ADSPY/Virtumonde.bhu
Authentium 4.93.8 2007.12.19 -
Avast 4.7.1098.0 2007.12.18 -
AVG 7.5.0.503 2007.12.19 Lop
BitDefender 7.2 2007.12.19 Trojan.Vundo.DRQ
CAT-QuickHeal 9.00 2007.12.19 AdWare.Virtumonde.bjl (Not a Virus)
ClamAV 0.91.2 2007.12.19 Adware.Virtumonde-452
DrWeb 4.44.0.09170 2007.12.19 -
eSafe 7.0.15.0 2007.12.18 -
eTrust-Vet 31.3.5387 2007.12.19 -
Ewido 4.0 2007.12.19 -
FileAdvisor 1 2007.12.19 -
Fortinet 3.14.0.0 2007.12.19 -
F-Prot 4.4.2.54 2007.12.18 W32/Virtumonde.G.gen!Eldorado
F-Secure 6.70.13030.0 2007.12.19 -
Ikarus T3.1.1.15 2007.12.19 -
Kaspersky 7.0.0.125 2007.12.19 -
McAfee 5188 2007.12.18 -
Microsoft 1.3109 2007.12.19 -
NOD32v2 2733 2007.12.19 a variant of Win32/Adware.Virtumonde
Norman 5.80.02 2007.12.19 W32/Virtumonde.JHB
Panda 9.0.0.4 2007.12.18 Suspicious file
Prevx1 V2 2007.12.19 Lop
Rising 20.23.22.00 2007.12.19 -
Sophos 4.24.0 2007.12.19 -
Sunbelt 2.2.907.0 2007.12.19 -
Symantec 10 2007.12.19 Trojan.Vundo
TheHacker 6.2.9.164 2007.12.18 Adware/Virtumonde.big
VBA32 3.12.2.5 2007.12.19 AdWare.Win32.Virtumonde.bjl
VirusBuster 4.3.26:9 2007.12.18 Adware.Vundo.V.Gen
Webwasher-Gateway 6.6.2 2007.12.19 Ad-Spyware.Virtumonde.bhu
weitere Informationen
File size: 86080 bytes
MD5: d665c54b4f988f433442331de4eddd2c
SHA1: 515a7ef4b9447674c9378de168170f33343fcc6a
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=6952C27240E9862C50B601127F21A70033A3253C

2.0) eScan Ergebnisse

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
find.bat Version 2007.06.16.01

Microsoft Windows XP [Version 5.1.2600]
Bootmodus: NETWORK

eScan Version: 9.6.2
Sprache: English
Virus Database Date: 19.12.2007

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
System found infected with istbar Spyware/Adware (imgconv.dll)! Action taken: No Action Taken.
System found infected with istbar Spyware/Adware (imgconv.dll)! Action taken: No Action Taken.
System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: No Action Taken.
System found infected with backdoor (ircbot) trojans Spyware/Adware (hkey_local_machine\software\microsoft\windows\currentversion\run/runner1)! Action taken: No Action Taken.
Object "NULLBYTE Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
File C:\WINDOWS\mrofinu1044.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX infected by "Trojan-Downloader.Win32.Agent.gat" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mrofinu1044.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX infected by "Trojan-Downloader.Win32.Agent.gat" Virus! Action Taken: No Action Taken.
File C:\Temp\Temporary Internet Files\Content.IE5\8VK2T2LW\17PHolmes[1].cmt//PE_Patch.Upolyx//PE_Patch.UPX//UPX infected by "Trojan-Downloader.Win32.Agent.gat" Virus! Action Taken: No Action Taken.
File C:\Temp\Temporary Internet Files\Content.IE5\CDO5QF8X\a8f5a020e4b833865a1034489887c8b9[1].zip/b122.exe infected by "Trojan-Downloader.Win32.Agent.erf" Virus! Action Taken: No Action Taken.
File C:\Temp\TEMPOR~1\Content.IE5\8VK2T2LW\17PHolmes[1].cmt//PE_Patch.Upolyx//PE_Patch.UPX//UPX infected by "Trojan-Downloader.Win32.Agent.gat" Virus! Action Taken: No Action Taken.
File C:\Temp\TEMPOR~1\Content.IE5\CDO5QF8X\a8f5a020e4b833865a1034489887c8b9[1].zip/b122.exe infected by "Trojan-Downloader.Win32.Agent.erf" Virus! Action Taken: No Action Taken.
File C:\Dell\Drivers\R122161\HDAQFE\win2k3\jpn\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Dell\Drivers\R122161\HDAQFE\win2k3\us\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Dell\Drivers\R122161\HDAQFE\win2k_xp\us\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\SigmaTel\C-Major Audio\HDAQFE\win2k3\jpn\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\SigmaTel\C-Major Audio\HDAQFE\win2k3\us\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\SigmaTel\C-Major Audio\HDAQFE\win2k_xp\us\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Temp\Temporary Internet Files\Content.IE5\8VK2T2LW\17PHolmes[1].cmt//PE_Patch.Upolyx//PE_Patch.UPX//UPX infected by "Trojan-Downloader.Win32.Agent.gat" Virus! Action Taken: No Action Taken.
File C:\Temp\Temporary Internet Files\Content.IE5\CDO5QF8X\a8f5a020e4b833865a1034489887c8b9[1].zip/b122.exe infected by "Trojan-Downloader.Win32.Agent.erf" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Drivers\D420\03_Sound_v.A06\HDAQFE\win2k3\jpn\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Drivers\D420\03_Sound_v.A06\HDAQFE\win2k3\us\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Drivers\D420\03_Sound_v.A06\HDAQFE\win2k_xp\us\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Drivers\D620\03_Sound_v.A06\HDAQFE\win2k3\jpn\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Drivers\D620\03_Sound_v.A06\HDAQFE\win2k3\us\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Drivers\D620\03_Sound_v.A06\HDAQFE\win2k_xp\us\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Drivers\D820\03_Sound_v.A06\HDAQFE\win2k3\jpn\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Drivers\D820\03_Sound_v.A06\HDAQFE\win2k3\us\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Drivers\D820\03_Sound_v.A06\HDAQFE\win2k_xp\us\qfe.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mrofinu1044.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX infected by "Trojan-Downloader.Win32.Agent.gat" Virus! Action Taken: No Action Taken.
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
File C:\WINDOWS\system32\jkhgdaw.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.byl". Action Taken: No Action Taken.
File C:\WINDOWS\system32\jkhgdaw.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.byl". Action Taken: No Action Taken.
File C:\WINDOWS\system32\jkhgdaw.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.byl". Action Taken: No Action Taken.
File C:\WINDOWS\system32\jkhgdaw.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.byl". Action Taken: No Action Taken.
File C:\Temp\Temporary Internet Files\Content.IE5\DFMGH21N\ggdll[1] tagged as "not-a-virus:AdWare.Win32.Virtumonde.bjl". Action Taken: No Action Taken.
File C:\Temp\TEMPOR~1\Content.IE5\DFMGH21N\ggdll[1] tagged as "not-a-virus:AdWare.Win32.Virtumonde.bjl". Action Taken: No Action Taken.
File C:\Temp\Temporary Internet Files\Content.IE5\DFMGH21N\ggdll[1] tagged as "not-a-virus:AdWare.Win32.Virtumonde.bjl". Action Taken: No Action Taken.
File C:\WINDOWS\system32\jkhgdaw.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.byl". Action Taken: No Action Taken.
File D:\USER Data\Software\Burning\Nero 6 Reloaded\Nero-6.6.1.15a.exe/Toolbar.exe tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bm". Action Taken: No Action Taken.
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Offending file found: D:\USER Data\temp\nti386\imgconv.dll
Offending file found: D:\USER Data\temp\nti386\imgconv.dll
Offending file found: C:\WINDOWS\system32\unrar.dll
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
~~~~~~~~~~~
Registry
~~~~~~~~~~~
Offending Key found: HKCR\magnet !!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diverses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Prozesse und Module
~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Scanfehler
~~~~~~~~~~~~~~~~~~~~~~
C:\Temp\Temporary Internet Files\Content.IE5\UZW1AFL5\HiJackThis[1].zip not Scanned. Possibly password protected...
C:\Temp\TEMPOR~1\Content.IE5\UZW1AFL5\HiJackThis[1].zip not Scanned. Possibly password protected...
C:\Temp\Temporary Internet Files\Content.IE5\UZW1AFL5\HiJackThis[1].zip not Scanned. Possibly password protected...
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP133.tmp\mscorlib.dll not Scanned. Possibly password protected...
D:\Documents and Settings\AKs\Local Settings\Application Data\Trend Micro\HCMS\checkup\en-US\checkup.zip.tmp not Scanned. Possibly password protected...
~~~~~~~~~~~~~~~~~~~~~~
Hosts-Datei
~~~~~~~~~~~~~~~~~~~~~~
DataBasePath: %SystemRoot%\System32\drivers\etc
C:\WINDOWS\System32\drivers\etc\hosts :
C:\WINDOWS\System32\drivers\etc\hosts :192.168.184.128 nw70-j-sp9-sp.local.net
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Total Critical Objects: 39
Total Disinfected Objects: 0
Total Objects Renamed: 0
Total Deleted Objects: 0
Total Errors: 60
Time Elapsed: 01:10:15
Total Objects Scanned: 119687
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan-Optionen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Memory Check: Enabled
Registry Check: Enabled
System Folder Check: Enabled
System Area Check: Disabled
Services Check: Enabled
Drive Check: Disabled
All Drive Check :Enabled
All Drive Check :Enabled

Batchstart: 16:33:21,53
Batchende: 16:33:42,15


Sieht wohl übel aus, oder?

Beste Grüße!