|
Mülltonne: Virus/Spyware befall, was soll ich tun? (HiJack Log)Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
11.08.2008, 12:14 | #1 |
| Virus/Spyware befall, was soll ich tun? (HiJack Log) Hi, ich habe mir wie auch immer einen Virus eingefangen, der scheint zyklisch ein paar Befehle auszuführen, denn alle 3-5 Min stürzt Firefox ab ohne ersichtlichen Grund, wird wohl abgeschossen. Ich habe schon versucht mit Spybot der Sache Herr zu werden aber dieses eine kleine letzte Programm kann ich nicht entfernen. Es schreibt auch immer wieder was in die Registry. Wenn man es löscht, ist es 5 Min später wieder da. Spybot zeigt was von Virtumonde.dll an. (UNd vorher stand auch noch was von smitfraud-C.bs, aberr das hat er offenbar schon löschen können) Angefangen hatte es das mein Avira gemeckert hat und dann war mein Desktop BG auf hellblau mit nem Bild in dem stand "Warning! Spyware detected on your computer!". Kann mir bitte jemand helfen wie ich den Rest loswerde. Hier das HiJack Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:44:15, on 11.08.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\KEN!\kentbcli.exe C:\Windows\SOUNDMAN.EXE C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Avira\AntiVir Workstation\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ICQ6\ICQ.exe C:\Program Files\desktop_exe\desktop.exe C:\Users\XXX\AppData\Local\HumanizedEnso\Enso.exe C:\Program Files\DAEMON Tools Lite\daemon.exe E:\Zusatzprogramme\Rainlendar2\Rainlendar2.exe C:\Windows\System32\rundll32.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\AGFEO\Tk-Suite-Basic\tools\ctimon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Windows\System32\mobsync.exe C:\Program Files\MyPhoneExplorer\MyPhoneExplorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = h**p://192.168.89.4:3128/proxy.ins R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\PlayerIE\playerIE.dll (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [KEN Taskbar Client] "C:\Program Files\KEN!\kentbcli.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Workstation\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [desktop.exe] C:\Program Files\desktop_exe\desktop.exe O4 - HKCU\..\Run: [HumanizedEnso] C:\Users\XXX\AppData\Local\HumanizedEnso\Enso.exe --disable-monologue-boxes O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Rainlendar2] E:\Zusatzprogramme\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe wingfz32.rom,ZnWRun O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: TK-Suite Client.lnk = C:\Program Files\AGFEO\Tk-Suite-Basic\tools\ctimon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O15 - Trusted Zone: h**p://asia.msi.com.tw O15 - Trusted Zone: h**p://global.msi.com.tw O15 - Trusted Zone: h**p://www.msi.com.tw O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - h**p://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PaariServer.intern O17 - HKLM\Software\..\Telephony: DomainName = PaariServer.intern O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PaariServer.intern O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PaariServer.intern O23 - Service: Avira Security Management Center Agent (AntiVir Security Management Center Agent) - Avira GmbH - C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe O23 - Service: Avira AntiVir Professional MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Workstation\avmailc.exe O23 - Service: Avira AntiVir Professional Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Workstation\sched.exe O23 - Service: Avira AntiVir Professional Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Workstation\avguard.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Avira AntiVir Professional MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir Workstation\avesvc.exe O23 - Service: Symantec pcAnywhere Host-Dienst (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Client32 - NetSupport Ltd - C:\Program Files\NetSupport\NetSupport Manager\client32.exe O23 - Service: AVM KEN Klient (KEN Client Service) - AVM Berlin - C:\Program Files\KEN!\KENCLI.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdateInstaller - Sage Software - C:\Program Files\Common Files\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Sage Registrierungsdienst (Registry) - Sage Software - C:\Program Files\Common Files\Sage KHK Shared\Registry.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe -- End of file - 8352 bytes |
Themen zu Virus/Spyware befall, was soll ich tun? (HiJack Log) |
adobe, antivir, askbar, avg, avira, bho, cdburnerxp, computer, defender, desktop, excel, firefox, helfen, hijack, hijackthis, immer wieder, internet, internet explorer, myphoneexplorer, object, programm, rundll, safer networking, security, software, spyware, symantec, system, virtumonde.dll, virus, virus eingefangen, vista, windows, windows defender, windows sidebar |