Hi,
wie in der Überschrift schon steht, hab ich seit 2 Tagen eine Malware auf meinem Computer.
Angefangen hat alles, als Kaspersky mir angezeigt hat, das ich Malware auf dem Computer habe. Habe dann gemerkt, dass das Datum sowie die Uhrzeit geändert wurde und Java nicht mehr funktioniert hat. Nach einem normalen Neustart waren alle meine "wichtigen persönlichen" Daten weg. Mein Desktop war komplett leer, alles war weg. Dann hab ich gemerkt das alles nur unsichtbar gemacht wurde. Hab jetzt alles geändert und nun ist alles wieder da. Musste sogar im Bios das Datum sowie die Uhrzeit ändern, da ich sonst immer F1 drücken musste, damit er hochfährt.
Hab jetzt Hijackthis drüber laufen lassen und hier das Ergebnis:
Logfile of Trend Micro HijackThis v2_0_4
Scan saved at 00:42:49, on 03_06_2011
Platform: Windows Vista SP2 (WinNT 6_00_1906)
MSIE: Internet Explorer v7_00 (7_00_6002_18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm-exe
C:\Windows\Explorer-EXE
C:\Windows\system32\taskeng-exe
C:\Program Files\Windows Defender\MSASCui-exe
C:\Program Files\ATKOSD2\ATKOSD2-exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr-exe
C:\Program Files\Synaptics\SynTP\SynTPEnh-exe
C:\Program Files\ASUS\ATK Media\DMedia-exe
C:\Program Files\P4P\P4P-exe
C:\Windows\ASScrPro-exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp-exe
C:\Windows\RtHDVCpl-exe
C:\Program Files\iTunes\iTunesHelper-exe
C:\Program Files\Windows Media Player\wmpnscfg-exe
C:\Windows\ehome\ehtray-exe
C:\Program Files\Synaptics\SynTP\SynAsus-exe
C:\Program Files\ATI Technologies\ATI-ACE\Core-Static\MOM-exe
C:\Windows\ehome\ehmsas-exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost-exe
C:\Program Files\ATI Technologies\ATI-ACE\Core-Static\CCC-exe
C:\Program Files\Opera\opera-exe
C:\Program Files\Java\jre6\bin\javaw-exe
C:\Users\D-Sik\Desktop\HiJackThis204-exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = _go-microsoft-com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = _start-icq-com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = __-asus-com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = _go-microsoft-com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = _go-microsoft-com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = _go-microsoft-com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd-dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv-dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn-dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho-dll
O4 - HKLM\_.\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui-exe -hide
O4 - HKLM\_.\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2-exe"
O4 - HKLM\_.\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr-exe
O4 - HKLM\_.\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE-exe
O4 - HKLM\_.\Run: [CognizanceTS] rundll32-exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC-dll,RegisterModule
O4 - HKLM\_.\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh-exe
O4 - HKLM\_.\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA-EXE
O4 - HKLM\_.\Run: [PowerForPhone] "C:\Program Files\P4P\P4P-exe"
O4 - HKLM\_.\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog-exe
O4 - HKLM\_.\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro-exe
O4 - HKLM\_.\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp-exe"
O4 - HKLM\_.\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb-exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\_.\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp-exe"
O4 - HKLM\_.\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI-ACE\Core-Static\CLIStart-exe" MSRun
O4 - HKLM\_.\Run: [RtHDVCpl] RtHDVCpl-exe
O4 - HKLM\_.\Run: [Skytel] Skytel-exe
O4 - HKLM\_.\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask-exe" -atboottime
O4 - HKLM\_.\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper-exe"
O4 - HKCU\_.\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel-exe -hidden
O4 - HKCU\_.\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG-exe
O4 - HKCU\_.\Run: [ehTray-exe] C:\Windows\ehome\ehTray-exe
O4 - HKCU\_.\Run: [Steam] "C:\1-David\Spiele\Steam\Steam-exe" -silent
O4 - Startup: igfxtray-exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL-EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\D-Sik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload-htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\D-Sik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter-htm
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny-htm
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet-dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet-dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho-dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR-DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho-dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]_fpdownload2-macromedia-com/get/shockwave/cabs/flash/swflash-cab[/url]
O20 - AppInit_DLLs: APSHook-dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3-dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk-dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui-dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx-exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService-exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv-exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv-exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp-exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder-exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst-exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst-exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost-exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService-exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc-exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc-exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService-exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr-exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService-exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32-exe (file missing)
--
End of file - 8408 bytes
Hab schon versucht mit Kaspersky die ******* zu enfernen. Darauf reagiert Kaspersky nicht. Mittlerweile ist meine Lizenz gesperrt, obwohl der Key noch gut paar Monate laufen sollte. Was soll ich tun? Bin ein totaler Noob was sowas angeht.
Vielen Dank