Virus W32/Jeefo:Wie beseitige ich ihn?

Dieses Thema Virus W32/Jeefo:Wie beseitige ich ihn? im Forum "Viren, Trojaner, Spyware etc." wurde erstellt von »Kenny«, 17. März 2005.

Thema: Virus W32/Jeefo:Wie beseitige ich ihn? Servus,ich habe also folgendes Problem: Ich hab mir vor kurzer Zeit den Virus W32/Jeefo Eingefangen und wollte...

  1. Servus,ich habe also folgendes Problem: Ich hab mir vor kurzer Zeit den Virus W32/Jeefo
    Eingefangen und wollte wissen,wie ich ihn jetzt ganz wieder los werde (möglichst ohne die Festplatte zu formatieren)

    Danke im Voraus
     
  2. Ich hab das Tool schon runtergeladen und alles desinfiziert,aber bei jedem Neustart kommt der Virus
     
  3. Logfile of HijackThis v1.99.1
    Scan saved at 18:59:46, on 18.03.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\windows\system32\spoolsv.exe
    c:\progra~1\0900wa~1\w0svc.exe
    C:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Programme\F-Secure Internet Security\fswsclds.exe
    C:\Programme\Ahead\InCD\InCDsrv.exe
    C:\windows\system32\drivers\KodakCCS.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\windows\System32\Fast.exe
    C:\ATI-CPanel\atiptaxx.exe
    C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Programme\Analog Devices\SoundMAX\Smax4.exe
    C:\Programme\Ahead\InCD\InCD.exe
    C:\Programme\WinFast\WFTVFM\WFWIZ.exe
    C:\Programme\Microsoft Hardware\Keyboard\type32.exe
    C:\Programme\Microsoft IntelliPoint\point32.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\Programme\QuickTime\qttask.exe
    C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
    C:\windows\System32\taskswitch.exe
    C:\windows\System32\fast.exe
    C:\PROGRA~1\MYWEBS~1\bar\e.bin\mwsoemon.exe
    C:\Programme\Desktop Sidebar\dsidebar.exe
    C:\Programme\Preispiraten 2.0b\preispiraten2.exe
    C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Programme\DT\DT 11Mbps Wireless USB Device\Installer\WINXP\DTUSBMonitor.exe
    C:\windows\explorer.exe
    C:\Programme\Mozilla Firefox\firefox.exe
    C:\Programme\Winamp\winampa.exe
    C:\Programme\Winamp\eMusic\eMusicClient.exe
    C:\Programme\EvilLyrics\EvilLyrics.exe
    C:\windows\System32\msiexec.exe
    C:\DOKUME~1\Vitali\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis_199.zip\HijackThis.exe
     
  4. so wird das nix.... Log unvollständig

    und schliesst eure Web-Browser beim Scannen! Dann sieht man leichter, was Sache ist.
     
  5. Logfile of HijackThis v1.99.1
    Scan saved at 19:22:40, on 18.03.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\csrss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\windows\system32\spoolsv.exe
    c:\progra~1\0900wa~1\w0svc.exe
    C:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Programme\F-Secure Internet Security\fswsclds.exe
    C:\Programme\Ahead\InCD\InCDsrv.exe
    C:\windows\system32\drivers\KodakCCS.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
    C:\windows\system32\wdfmgr.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\windows\System32\Fast.exe
    C:\windows\System32\alg.exe
    C:\ATI-CPanel\atiptaxx.exe
    C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Programme\Analog Devices\SoundMAX\Smax4.exe
    C:\Programme\Ahead\InCD\InCD.exe
    C:\Programme\WinFast\WFTVFM\WFWIZ.exe
    C:\Programme\Microsoft Hardware\Keyboard\type32.exe
    C:\Programme\Microsoft IntelliPoint\point32.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\Programme\QuickTime\qttask.exe
    C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
    C:\windows\System32\taskswitch.exe
    C:\windows\System32\fast.exe
    C:\PROGRA~1\MYWEBS~1\bar\e.bin\mwsoemon.exe
    C:\Programme\Desktop Sidebar\dsidebar.exe
    C:\Programme\Preispiraten 2.0b\preispiraten2.exe
    C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Programme\DT\DT 11Mbps Wireless USB Device\Installer\WINXP\DTUSBMonitor.exe
    C:\windows\explorer.exe
    C:\Programme\Valve\Steam\Steam.exe
    c:\programme\valve\steam\steamapps\chesterv\counter-strike source\hl2.exe
    C:\DOKUME~1\Vitali\LOKALE~1\Temp\Temporäres Verzeichnis 2 für hijackthis_199.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seite.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetstarthere.com/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internetstarthere.com/?p=101
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetstarthere.com/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://internetstarthere.com/customize.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\e.bin\MWSSRCAS.DLL (file missing)
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
    O1 - Hosts: 12.129.205.209 search.netscape.com
    O1 - Hosts: 12.129.205.209 search.netscape.com
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\e.bin\MWSSRCAS.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\e.bin\MWSBAR.DLL
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [NAV_Update] C:\NAV_Update.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\System32\SysUpd.exe
    O4 - HKLM\..\Run: [WinFast Schedule] C:\Programme\WinFast\WFTVFM\WFWIZ.exe
    O4 - HKLM\..\Run: [IntelliType] C:\Programme\Microsoft Hardware\Keyboard\type32.exe
    O4 - HKLM\..\Run: [IntelliPoint] C:\Programme\Microsoft IntelliPoint\point32.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
    O4 - HKLM\..\Run: [BackgroundSwitcher] C:\windows\System32\bgswitch.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\windows\System32\taskswitch.exe
    O4 - HKLM\..\Run: [FastUser] C:\windows\System32\fast.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\e.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [eBayToolbar] C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [BearShare] C:\Programme\BearShare\BearShare.exe /pause
    O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
    O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\e.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [Steam] c:\programme\valve\steam\steam.exe -silent
    O4 - HKCU\..\Run: [SIDEBAR] C:\Programme\Desktop Sidebar\dsidebar.exe
    O4 - HKCU\..\Run: [Preispiraten] C:\Programme\Preispiraten 2.0b\preispiraten2.exe /autorun
    O4 - HKCU\..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe -autorun
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\e.bin\MWSOEMON.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: DT 11Mbps WLAN USB Station.lnk = C:\Programme\DT\DT 11Mbps Wireless USB Device\Installer\WINXP\DTUSBMonitor.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\e.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm104
    O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Programme\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download by Free Download Manager - file://C:\Programme\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Programme\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Programme\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Mit dem LeechGet Wizard laden - file://C:\Programme\LeechGet 2004\\Wizard.html
    O8 - Extra context menu item: Mit LeechGet herunterladen - file://C:\Programme\LeechGet 2004\\AddUrl.html
    O8 - Extra context menu item: Mit LeechGet parsen - file://C:\Programme\LeechGet 2004\\Parser.html
    O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Programme\Desktop Sidebar\sbhelp.dll/menuhandler.html
    O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
    O9 - Extra->Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
    O9 - Extra button: concept/design's onlineTV - {4511C9EF-BA8F-4FDA-878F-3A10C5E27BF0} - C:\Programme\onlineTV\onlineTV.exe
    O9 - Extra button: Preispiraten 2.01b - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Programme\Preispiraten 2.0b\preispiraten2.exe
    O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
    O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
    O15 - Trusted Zone: www.cheats.de
    O15 - Trusted Zone: www.winload.de
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {0AFDA372-EB16-11D5-8A33-0002442B5E80} (AsconOnline.Web3D) - http://as-con.de/cab/as_tools.cab
    O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelgraphics.com/bin/cortvrml10.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
    O16 - DPF: {2CFB52FD-7CF2-479C-BF65-B27F8A834F31} (SecureSession Class) - http://www.samsungtechwin.com/include/pki/SecuiTechIE.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/123f17eda36b6621de16/netzip/RdxIE601_de.cab
    O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikefz4/install.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O23 - Service: 0190/0900 Warner Überwachungsdienst (0190_0900_Warner_MonitorService) - Mirko Böer - c:\progra~1\0900wa~1\w0svc.exe
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\fswsclds.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\windows\svchost.exe (file missing)
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
Die Seite wird geladen...

Virus W32/Jeefo:Wie beseitige ich ihn? - Ähnliche Themen

Forum Datum
Svchost.exe uploaded mit 500 kb/s. Virus? Windows 10 Forum 18. Juli 2015
Ad-Virus auf meinem Rechner Windows 7 Forum 25. Sep. 2014
Virus, der meine Taskleiste & die Icons auf dem Desktop verschwinden gelassen hat?! Windows 7 Forum 12. Sep. 2014
IE11 zeigt komplettes eBay nur als Text-Seite!!!??? Virus? Web-Browser 26. Dez. 2013
Neuer Virusspam? Viren, Trojaner, Spyware etc. 23. Dez. 2013