#1
Hallo, bitte helft mir! Seit Tagen quält mich der Trojaner Murlo.b, IE schließt sich hin und wieder von selbst, die Rechnerleistung ist extrem schlecht. Herzlichen Dank im Voraus!
Logfile of HijackThis v1.99.0 Scan saved at 18:59:38, on 11.03.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.deu.chello.at/ O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Verknüpfung mit CoolerXP.exe.lnk = C:\Programme\MSI\PC Alert 4\CoolerXP.exe O4 - Startup: winupdate14985294[1].exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PC Alert 4.lnk = C:\Programme\MSI\PC Alert 4\PCAlert4.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20e9126ecc2ca85f3c06/netzip/RdxIE601_de.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030625/qtinstall.info.apple.com/abarth/de/win/QuickTimeInstaller.exe O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - ftp://ftp.autodesk.com/webpub/mapguide/ver6/viewer/en/mgaxctrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4C5D0316-1EBC-4A23-8EB3-BAEA1C6F4C7A}: NameServer = 195.34.133.10,195.34.133.11 O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
File C:\WINDOWS\System32\KILLAPPS.EXE tagged as not-a-virus:RiskWare.Tool.KillApp.b. No Action Taken. File C:\DOKUME~1\kendra\LOKALE~1\Temp\tmp2.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\kendra\LOKALE~1\Temp\tmp7.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\kendra\Lokale Einstellungen\Temp\tmp2.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\kendra\Lokale Einstellungen\Temp\tmp7.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: No Action Taken. File C:\My Downloads\Remove.About.Blank.Buddy.v3.0.WinALL.CRACKED-LUCiD\LUCiD\Crack\patch.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken. File C:\My Downloads\Remove.About.Blank.Buddy.v3.0.WinALL.CRACKED-LUCiD\LUCiD.rar tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken. File C:\Programme\ICQ\Received Files\Graystorm\ls_tmpgenc25844152.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken. File C:\Programme\RealVNC\WinVNC\othread2.dll tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC-based.c. No Action Taken. File C:\Programme\RealVNC\WinVNC\vnchooks.dll tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC-based.c. No Action Taken. File C:\Programme\RealVNC\WinVNC\winvnc.exe tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC-based.c. No Action Taken. File C:\WINDOWS\system32\KILLAPPS.EXE tagged as not-a-virus:RiskWare.Tool.KillApp.b. No Action Taken. File D:\Install\Treiber\LiveDrvUni-Pack(GER).exe tagged as not-a-virus:RiskWare.Tool.KillApp.b. No Action Taken.
Fri Mar 11 18:23:36 2005 => ***** Scanning complete. ***** Fri Mar 11 18:23:36 2005 => Total Files Scanned: 35724 Fri Mar 11 18:23:36 2005 => Total Virus(es) Found: 13 Fri Mar 11 18:23:36 2005 => Total Disinfected Files: 0 Fri Mar 11 18:23:36 2005 => Total Files Renamed: 0 Fri Mar 11 18:23:36 2005 => Total Deleted Files: 0 Fri Mar 11 18:23:36 2005 => Total Errors: 8 Fri Mar 11 18:23:36 2005 => Time Elapsed: 00:54:05 Fri Mar 11 18:23:37 2005 => Virus Database Date: 2005/02/14 Fri Mar 11 18:23:37 2005 => Virus Database Count: 118236
Fri Mar 11 18:23:37 2005 => Scan Completed.
Um auf dieses Thema zu ANTWORTEN bitte erst » hier kostenlos registrieren!!
Logfile of HijackThis v1.99.0
Scan saved at 18:59:38, on 11.03.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Dokumente und Einstellungen\kendra\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.deu.chello.at/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Verknüpfung mit CoolerXP.exe.lnk = C:\Programme\MSI\PC Alert 4\CoolerXP.exe
O4 - Startup: winupdate14985294[1].exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC Alert 4.lnk = C:\Programme\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20e9126ecc2ca85f3c06/netzip/RdxIE601_de.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030625/qtinstall.info.apple.com/abarth/de/win/QuickTimeInstaller.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - ftp://ftp.autodesk.com/webpub/mapguide/ver6/viewer/en/mgaxctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C5D0316-1EBC-4A23-8EB3-BAEA1C6F4C7A}: NameServer = 195.34.133.10,195.34.133.11
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
File C:\WINDOWS\System32\KILLAPPS.EXE tagged as not-a-virus:RiskWare.Tool.KillApp.b. No Action Taken.
File C:\DOKUME~1\kendra\LOKALE~1\Temp\tmp2.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\kendra\LOKALE~1\Temp\tmp7.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\kendra\Lokale Einstellungen\Temp\tmp2.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\kendra\Lokale Einstellungen\Temp\tmp7.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: No Action Taken.
File C:\My Downloads\Remove.About.Blank.Buddy.v3.0.WinALL.CRACKED-LUCiD\LUCiD\Crack\patch.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\My Downloads\Remove.About.Blank.Buddy.v3.0.WinALL.CRACKED-LUCiD\LUCiD.rar tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\Programme\ICQ\Received Files\Graystorm\ls_tmpgenc25844152.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\Programme\RealVNC\WinVNC\othread2.dll tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC-based.c. No Action Taken.
File C:\Programme\RealVNC\WinVNC\vnchooks.dll tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC-based.c. No Action Taken.
File C:\Programme\RealVNC\WinVNC\winvnc.exe tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC-based.c. No Action Taken.
File C:\WINDOWS\system32\KILLAPPS.EXE tagged as not-a-virus:RiskWare.Tool.KillApp.b. No Action Taken.
File D:\Install\Treiber\LiveDrvUni-Pack(GER).exe tagged as not-a-virus:RiskWare.Tool.KillApp.b. No Action Taken.
Fri Mar 11 18:23:36 2005 => ***** Scanning complete. *****
Fri Mar 11 18:23:36 2005 => Total Files Scanned: 35724
Fri Mar 11 18:23:36 2005 => Total Virus(es) Found: 13
Fri Mar 11 18:23:36 2005 => Total Disinfected Files: 0
Fri Mar 11 18:23:36 2005 => Total Files Renamed: 0
Fri Mar 11 18:23:36 2005 => Total Deleted Files: 0
Fri Mar 11 18:23:36 2005 => Total Errors: 8
Fri Mar 11 18:23:36 2005 => Time Elapsed: 00:54:05
Fri Mar 11 18:23:37 2005 => Virus Database Date: 2005/02/14
Fri Mar 11 18:23:37 2005 => Virus Database Count: 118236
Fri Mar 11 18:23:37 2005 => Scan Completed.