|
Mülltonne: Virus eingefangenWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
06.01.2009, 21:20 | #1 |
| Virus eingefangen Hallo, ich schleppe jetzt seit fast einer Woche -so glaube ich- einen Virus mit mir rum. Ich hab ne E-Mail von einem Freund geöffnet seit dem meldet AntiVir immer das sie einen Virus gefunden haben. Ich hab natürlich auf löschen geklickt und geglaubt das damit alles erledigt wäre. Aber falsch geglaubt die Virenmahnungen hörten gar nicht mehr auf. Mein Freund hat mir dan gesagt das er auch genau das selbe Problem hat. Ich hab mir mal HijackThis runtergeladen und mal durchlaufen lassen. Hier das Ergebnis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:17:51, on 06.01.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\Elogsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Norman\npm\bin\nvoy.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Norman\Npm\Bin\Zlh.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\taskeng.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE C:\Program Files\Norman\npc\bin\npcsvc32.exe C:\Windows\System32\mobsync.exe C:\Program Files\Norman\Npm\bin\NJEEVES.EXE C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe C:\Program Files\Norman\npc\bin\nuaa.exe C:\Program Files\Norman\nse\bin\NSESVC.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe C:\Program Files\Norman\Nvc\bin\nvcoas.exe C:\Program Files\Norman\Nvc\Bin\Nip.exe C:\Program Files\Norman\Nvc\Bin\cclaw.exe C:\PROGRAM FILES\T-ONLINE\T-ONLINE_SOFTWARE_6\BROWSER\BROWSER.EXE c:\program files\t-online\t-online_software_6\browser\dlman.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\servicing\TrustedInstaller.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [recinfo] c:\recinfo\recinfo.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [fsc-reg] C:\fsc-reg\fscreg.exe 20081222 O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized O4 - HKCU\..\Run: [MSFox] C:\Users\REN~1\AppData\Local\Temp\a.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{3CA617B5-636C-453F-91F3-5C43A586A81A}: NameServer = 217.237.150.115 217.237.151.205 O17 - HKLM\System\CCS\Services\Tcpip\..\{56A533F9-B4ED-488F-B1C8-4F63D0A89929}: NameServer = 85.255.115.52;85.255.112.202 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.52;85.255.112.202 O17 - HKLM\System\CS8\Services\Tcpip\Parameters: NameServer = 85.255.115.52;85.255.112.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.52;85.255.112.202 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Program Files\Norman\npc\bin\npcsvc32.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Program Files\Norman\npc\bin\nuaa.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 11918 bytes Gibt es noch Hoffnung das ich den Virus so gelöscht bekomme oder muss ich formatieren? Ach ja, ich hab mal versucht manuell zu löschen. Hab aber die Datei msqpdxwqsctmei.dll, wo der Virus sein soll nicht gefunden. Hoffentlich könnt ihr mi helfen. Gruß René |
Themen zu Virus eingefangen |
adobe, antivir, antivirus, ask toolbar, askbar, avg, avira, bho, browser, canon, defender, e-mail, explorer, google, gservice, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, local\temp, norman, picasa, plug-in, problem, rundll, senden, software, system, temp, virus, virus eingefangen, virus gefunden, vista, windows, windows defender, windows sidebar |