Spyware Micro Antivirus 2009 - Diplomarbeit in Gefahr !!

elQuapo

Hallo,
ich schreibe gerade an meiner Dioplomarbeit und habe mir diesen sch.... ''Micro Antivirus''-VIRUS eingefangen. Es erscheinen immer wieder Fenster, die vorgeben, Viren gefunden zu haben.
Ich habe bischen im Internet geforscht und bin nun hier gelandet. Wie gewünscht habe ich einen Logfile erstellt. Ich muss aber dazu noch sagen, das ich blutiger Anfänger bei Virenbekämfung bin. Bitte helft mir schnell, da meine Diplomarbeit in Gefahr ist. Wenn möglich Idiotensicher(den das bin ich in dieser Sache).


PS: Soll ich es unterlassen meine E-Mais zu lesen? Ist für mich zur Zeit fast unmöglich, da ich permanent schriftverkehr mit meinem Professor habe.

DANKE euch schon im Voraus.
Hasan



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:29, on 08.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Gemeinsame Dateien\PERI Software Shared\Service\ADT2004OEM Service File.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programme\Symantec AntiVirus\DefWatch.exe
C:\Programme\Gemeinsame Dateien\PERI Software Shared\Service\ElposServiceFile.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\zHotkey.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\Dit.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programme\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
C:\Programme\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Windows\system32\YUR35.exe
C:\Windows\system32\YUR38.exe
C:\Windows\system32\YUR39.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Dokumente und Einstellungen\HASAN\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
C:\Programme\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\******\Desktop\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://de.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**tp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Programme\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Programme\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [\YUR35.exe] C:\Windows\system32\YUR35.exe
O4 - HKLM\..\Run: [\YUR36.exe] C:\Windows\system32\YUR36.exe
O4 - HKLM\..\Run: [\YUR37.exe] C:\Windows\system32\YUR37.exe
O4 - HKLM\..\Run: [\YUR38.exe] C:\Windows\system32\YUR38.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Programme\MicroAV\MicroAV.exe
O4 - HKLM\..\Run: [\YUR39.exe] C:\Windows\system32\YUR39.exe
O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKLM\..\Run: [\YUR8.exe] C:\Windows\system32\YUR8.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [\YUR35.exe] C:\Windows\system32\YUR35.exe
O4 - HKCU\..\Run: [\YUR36.exe] C:\Windows\system32\YUR36.exe
O4 - HKCU\..\Run: [\YUR37.exe] C:\Windows\system32\YUR37.exe
O4 - HKCU\..\Run: [\YUR38.exe] C:\Windows\system32\YUR38.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Programme\MicroAV\MicroAV.exe
O4 - HKCU\..\Run: [\YUR39.exe] C:\Windows\system32\YUR39.exe
O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [\YUR8.exe] C:\Windows\system32\YUR8.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - h**p://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.de/
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - h**p://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - h**p://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - h**p://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programme\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - h**p://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - h**p://www.gamegarden.net/game/ggsecure.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.co...?1103025837531
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - h**p://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsof...?1152207519078
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - h**p://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - h**p://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - h**p://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - h**p://webcam.fantasy.de/webcam/AxisCamControl.ocx
O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - h**p://www.pagedive.com/pagedive5811/PageDive5.cab
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - h**p://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - h**p://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - h**p://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{86F3D526-9224-4CE1-9138-573CE9F10A94}: NameServer = 85.255.115.22 85.255.112.228
O17 - HKLM\System\CCS\Services\Tcpip\..\{914D4439-7E37-4E96-A66C-F52B8E66DA65}: NameServer = 85.255.115.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE9BFC6D-348D-432F-9013-35A90051B9F1}: NameServer = 85.255.115.22,85.255.112.228
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7073A6D-D5EF-416C-875A-3ABFCB611585}: NameServer = 85.255.115.22,85.255.112.228
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.228
O17 - HKLM\System\CS1\Services\Tcpip\..\{86F3D526-9224-4CE1-9138-573CE9F10A94}: NameServer = 85.255.115.22 85.255.112.228
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.228
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)
O22 - SharedTaskScheduler: DirectX additional - {8A5849B5-93F3-429D-FF34-660A2068897C} - (no file)
O23 - Service: ADT2004OEM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\PERI Software Shared\Service\ADT2004OEM Service File.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec AntiVirus\DefWatch.exe
O23 - Service: Elpos Service - Unknown owner - C:\Programme\Gemeinsame Dateien\PERI Software Shared\Service\ElposServiceFile.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MS Internet Countermeasures Framework (ICF) - Unknown owner - C:\WINDOWS\system32:svchost.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec AntiVirus\Rtvscan.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13878 bytes