Hallo ich brauche dringend Hilfe weil ich mich gar nicht mit PC´s auskenne.Hab mir irgendwie den virus w32 myzor und anderes gezogen.Hab fehlermeldungen critical system warning und back door trojans.Hab mit highjackthis nen logfile gemacht und wär echt dankbar wenn mir jemand helfen würde allein bin ich verloren.Vielen Dank schonmal im vorraus.Timo
Index % of PCs with item Code Data
1 0.0% O14 START_PAGE_URL=https://www.hyrican.de
2 8.7% O16 {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
3 0.0% O16 {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://update.microsoft.com/windowsupda ... 6807917718
4 0.2% O17 NameServer = 192.168.2.1
5 0.3% O2 SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
6 0.2% O2 AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
7 0.0% O2 XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
8 0.0% O2 (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - C:\Programme\Video ActiveX Access\iesplg.dll
9 25.8% O22 Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
10 24.9% O22 Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
11 0.0% O22 grazable - {fa55d551-9698-48ac-b639-9b00cf1a6ea0} - C:\WINDOWS\System32\psndz.dll
12 2.2% O23 TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
13 0.7% O23 AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
14 0.7% O23 AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
15 0.0% O23 T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
16 0.0% O23 a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programme\a-squared Anti-Malware\a2service.exe
17 0.0% O3 Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Programme\Video ActiveX Access\iesbpl.dll
18 18.9% O4 [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
19 18.7% O4 [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
20 6.6% O4 [SoundMan] SOUNDMAN.EXE
21 2.2% O4 [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
22 1.9% O4 [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
23 1.9% O4 [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
24 1.1% O4 [VTTimer] VTTimer.exe
25 0.8% O4 [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
26 0.6% O4 [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
27 0.5% O4 [VTTrayp] VTtrayp.exe
28 0.4% O4 Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
29 0.3% O4 [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
30 0.2% O4 [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe "
31 0.2% O4 [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
32 0.1% O4 [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
33 0.1% O4 [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
34 0.1% O4 [DeltTray] DeltTray.exe
35 0.0% O4 [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
36 0.0% O4 [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
37 0.0% O4 [icq] "C:\Programme\ICQ6\ICQ.exe" silent
38 0.0% O4 [user32.dll] C:\Programme\Video ActiveX Access\iesmn.exe
39 0.0% O4 [rare] C:\Programme\Video ActiveX Access\imsmain.exe
40 0.0% O4 [WA6PU_Check] "C:\Programme\Gemeinsame Dateien\DriveCleaner Free\udcwap.exe"
41 0.0% O4 [Power2GoExpress] "C:\Programme\CyberLink\Power2Go\Power2GoExpress.e xe" /Startup
42 0.0% O4 LevelOne Wireless Utility.lnk = C:\Programme\LevelOne\Common\RaUI.exe
43 0.0% O4 [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] C:\Programme\CyberLink\PowerBackup\PBKScheduler.ex e
44 0.0% O4 DrAntispy.lnk = C:\Programme\DrAntispy\DrAntispy.exe
45 0.0% O4 [a-squared] "C:\Programme\a-squared Anti-Malware\a2guard.exe" /d=60
46 1.2% O9 Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
47 1.2% O9 Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
48 0.2% O9 (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
49 0.2% O9 Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
50 0.0% O9 ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
51 44.9% P01 C:\WINDOWS\Explorer.EXE
52 43.8% P01 C:\WINDOWS\system32\svchost.exe
53 43.8% P01 C:\WINDOWS\system32\lsass.exe
54 43.8% P01 C:\WINDOWS\system32\winlogon.exe
55 43.8% P01 C:\WINDOWS\system32\services.exe
56 43.7% P01 C:\WINDOWS\System32\smss.exe
57 42.1% P01 C:\WINDOWS\system32\spoolsv.exe
58 11.4% P01 C:\WINDOWS\system32\rundll32.exe
59 6.2% P01 C:\WINDOWS\SOUNDMAN.EXE
60 5.1% P01 C:\WINDOWS\system32\csrss.exe
61 4.2% P01 C:\WINDOWS\System32\alg.exe
62 3.7% P01 C:\WINDOWS\system32\wbem\wmiprvse.exe
63 2.3% P01 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
64 0.9% P01 C:\Programme\AntiVir PersonalEdition Classic\sched.exe
65 0.9% P01 C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
66 0.8% P01 C:\WINDOWS\system32\VTTimer.exe
67 0.8% P01 C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
68 0.7% P01 C:\Programme\Internet Explorer\iexplore.exe
69 0.4% P01 C:\Programme\QuickTime\qttask.exe
70 0.4% P01 C:\WINDOWS\system32\VTtrayp.exe
71 0.3% P01 C:\Programme\Messenger\msmsgs.exe
72 0.2% P01 C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
73 0.2% P01 C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
74 0.2% P01 C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
75 0.1% P01 C:\Programme\Windows Media Player\WMPNSCFG.exe
76 0.1% P01 C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
77 0.0% P01 C:\WINDOWS\system32\DeltTray.exe
78 0.0% P01 C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
79 0.0% P01 C:\Programme\ICQ6\ICQ.exe
80 0.0% P01 C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe
81 0.0% P01 C:\Programme\Windows Media Player\WMPNetwk.exe
82 0.0% P01 C:\Programme\Video ActiveX Access\imsmn.exe
83 0.0% P01 C:\Programme\a-squared Anti-Malware\a2guard.exe
84 0.0% P01 C:\Programme\Video ActiveX Access\imsmain.exe
85 0.0% P01 C:\Programme\Video ActiveX Access\iesmin.exe
86 0.0% P01 C:\Programme\Video ActiveX Access\iesmn.exe
87 0.0% P01 C:\Programme\CyberLink\Power2Go\Power2GoExpress.ex e
88 0.0% P01 C:\Programme\LevelOne\Common\RaUI.exe
89 0.0% P01 C:\Programme\a-squared Anti-Malware\a2service.exe
90 0.0% P01 C:\Programme\DrAntispy\DrAntispy.exe
91 0.0% P01 C:\Dokumente und Einstellungen\Jaylee\Desktop\HiJackThis_v2.exe
92 4.3% R0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
93 2.9% R0 HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
94 0.4% R0 HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
95 0.4% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://google.icq.com/search/search_frame.php
96 0.3% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://google.icq.com
97 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hyrican.de
98 0.0% R3 ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
Explanation of the codes
R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components