Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Mülltonne (https://www.trojaner-board.de/muelltonne/)
-   -   Virus/Spyware befall, was soll ich tun? (HiJack Log) (https://www.trojaner-board.de/57684-virus-spyware-befall-tun-hijack-log.html)

Ecke 11.08.2008 12:14
Virus/Spyware befall, was soll ich tun? (HiJack Log)
 
Hi,

ich habe mir wie auch immer einen Virus eingefangen, der scheint zyklisch ein paar Befehle auszuführen, denn alle 3-5 Min stürzt Firefox ab ohne ersichtlichen Grund, wird wohl abgeschossen.
Ich habe schon versucht mit Spybot der Sache Herr zu werden aber dieses eine kleine letzte Programm kann ich nicht entfernen. Es schreibt auch immer wieder was in die Registry. Wenn man es löscht, ist es 5 Min später wieder da.

Spybot zeigt was von Virtumonde.dll an. (UNd vorher stand auch noch was von smitfraud-C.bs, aberr das hat er offenbar schon löschen können)
Angefangen hatte es das mein Avira gemeckert hat und dann war mein Desktop BG auf hellblau mit nem Bild in dem stand "Warning! Spyware detected on your computer!".


Kann mir bitte jemand helfen wie ich den Rest loswerde.

Hier das HiJack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:15, on 11.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\KEN!\kentbcli.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir Workstation\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\desktop_exe\desktop.exe
C:\Users\XXX\AppData\Local\HumanizedEnso\Enso.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Zusatzprogramme\Rainlendar2\Rainlendar2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AGFEO\Tk-Suite-Basic\tools\ctimon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\MyPhoneExplorer\MyPhoneExplorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = h**p://192.168.89.4:3128/proxy.ins
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\PlayerIE\playerIE.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [KEN Taskbar Client] "C:\Program Files\KEN!\kentbcli.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Workstation\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [desktop.exe] C:\Program Files\desktop_exe\desktop.exe
O4 - HKCU\..\Run: [HumanizedEnso] C:\Users\XXX\AppData\Local\HumanizedEnso\Enso.exe --disable-monologue-boxes
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Rainlendar2] E:\Zusatzprogramme\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe wingfz32.rom,ZnWRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: TK-Suite Client.lnk = C:\Program Files\AGFEO\Tk-Suite-Basic\tools\ctimon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: h**p://asia.msi.com.tw
O15 - Trusted Zone: h**p://global.msi.com.tw
O15 - Trusted Zone: h**p://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - h**p://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PaariServer.intern
O17 - HKLM\Software\..\Telephony: DomainName = PaariServer.intern
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PaariServer.intern
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PaariServer.intern
O23 - Service: Avira Security Management Center Agent (AntiVir Security Management Center Agent) - Avira GmbH - C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe
O23 - Service: Avira AntiVir Professional MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Workstation\avmailc.exe
O23 - Service: Avira AntiVir Professional Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Workstation\sched.exe
O23 - Service: Avira AntiVir Professional Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Workstation\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Avira AntiVir Professional MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir Workstation\avesvc.exe
O23 - Service: Symantec pcAnywhere Host-Dienst (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Client32 - NetSupport Ltd - C:\Program Files\NetSupport\NetSupport Manager\client32.exe
O23 - Service: AVM KEN Klient (KEN Client Service) - AVM Berlin - C:\Program Files\KEN!\KENCLI.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdateInstaller - Sage Software - C:\Program Files\Common Files\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Sage Registrierungsdienst (Registry) - Sage Software - C:\Program Files\Common Files\Sage KHK Shared\Registry.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--
End of file - 8352 bytes


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55