Hi ich hab ein problem mit nem virus.. ich weis nicht genau was er macht oder wie er genau heisst .. auf jedenfall hab ich einen prozess der ständige den namen wechselt sobald man ihn beendet.. (zb: vfzzydm.exe -> wurde zu tmptsl.exe usw...)

also nun mein log


Logfile of HijackThis v1.99.1
Scan saved at 13:53:29, on 19.06.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\vfzzydm.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Winamp\Winamp.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Opera\Opera.exe
C:\Dokumente und Einstellungen\asd\Desktop\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://w*w.richfind.c*m/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Search - {98B72100-D6FC-42FB-9720-2B5FB15534CA} - C:\WINDOWS\System32\Q694828.dll (file missing)
R3 - URLSearchHook: Search - {B57F956F-65B9-49DB-BFFB-6FDE1C4A1219} - C:\WINDOWS\System32\Q694828.dll (file missing)
R3 - URLSearchHook: Search - {D1905F87-E848-4F23-9BA0-629972F7B887} - C:\WINDOWS\System32\Q721875.dll (file missing)
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Search - {92EA8F80-FF46-4D4F-821D-73E76B63BCA5} - C:\WINDOWS\System32\Q694828.dll (file missing)
O3 - Toolbar: Search - {691695E8-2C3C-4621-9B29-661EFB1D5449} - C:\WINDOWS\System32\Q694828.dll (file missing)
O3 - Toolbar: Search - {2BA7B59C-B05E-4165-A24C-5F97DE42BCEE} - C:\WINDOWS\System32\Q721875.dll (file missing)
O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Programme\AdwareFilterToolBar\AdwareFilter.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [eitwbeb] c:\windows\system32\vfzzydm.exe r
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Search - {2BA7B59C-B05E-4165-A24C-5F97DE42BCEE} - C:\WINDOWS\System32\Q721875.dll (file missing)
O9 - Extra button: Search - {691695E8-2C3C-4621-9B29-661EFB1D5449} - C:\WINDOWS\System32\Q694828.dll (file missing)
O9 - Extra button: Search - {92EA8F80-FF46-4D4F-821D-73E76B63BCA5} - C:\WINDOWS\System32\Q694828.dll (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {3337F610-D236-4335-A4AB-E780FB897395} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {3337F610-D236-4335-A4AB-E780FB897395} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O13 - WWW. Prefix: h**p://ehttp.cc/?
O15 - Trusted Zone: h**p://*.63.219.181.7
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: h**p://*.search-soft.net
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118440158031
O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} (Access Control) -
O18 - Filter: text/html - {F589C659-0E20-4217-812A-0B4B11EC163F} - C:\WINDOWS\System32\Q694828.dll
O18 - Filter: text/plain - {F589C659-0E20-4217-812A-0B4B11EC163F} - C:\WINDOWS\System32\Q694828.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: COM+-Systemanwendung (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\System32\dllhost.exe
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\System32\MsPMSPSv.exe (file missing)

@noop

Zitat:

ich hab ein problem mit nem virus..

Ich gehe von mehreren Viren aus.
Dein System

Zitat:

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

ist absolut jungfräulich: nicht einmal SP1.
Empfehlung: Neu aufsetzen nach Anleitung (Link in meiner Signatur).