Dicker Virus! Windows startet nicht im abgesicherten Modus
Hallo, ich habe mir hier was dickes eingefangen.
Nach Windowsstart heute morgen hat sich sofort eine internetseite mit einem angeblichen Antivirusprogramm von windows geöffnet, die dann immer mehr und mehr seiten geöffnet hat. Konnte noch nicht mal nen onlinevirenscan machen.
Habe dann versucht im abgesicherten modus/+Netzwerktreibern zu starten, aber das hat er nicht mehr gemacht.
Systemwiederherstellung zu einem früheren Zeitpunkt macht er auch nicht.
Hier die Daten
Was kann ich hier machen?Code:Logfile of HijackThis v1.99.1 Scan saved at 08:01:24, on 10.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\taskswitch.exe C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE C:\Programme\Java\jre1.6.0_02\bin\jusched.exe G:\Programme\3.0\Apps\apdproxy.exe C:\Programme\webHancer\Programs\whagent.exe C:\WINDOWS\winlogon.exe C:\WINDOWS\system32\p2pnetworking.exe C:\Programme\Mindjet\MindManager 7\MMReminderService.exe C:\WINDOWS\retadpu1000137.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe C:\WINDOWS\system32\DOBE~1\wowexec.exe C:\WINDOWS\s?mbols\r?gsvr32.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe G:\Programme\Digital Imaging\bin\hpotdd01.exe G:\Programme\Digital Imaging\bin\hposol08.exe C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\taskmgr.exe G:\Programme\Digital Imaging\bin\hpoevm08.exe G:\Programme\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe G:\Programme\winrar\WinRAR.exe C:\DOKUME~1\raptor\LOKALE~1\Temp\Rar$EX00.032\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://google.bearshare.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Programme\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Programme\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [{1C-CF-F3-3C-ZN}] C:\Dokumente und Einstellungen\raptor\Lokale Einstellungen\Temp\TIP2D002.exe P2D002 O4 - HKLM\..\Run: [webHancer Agent] C:\Programme\webHancer\Programs\whagent.exe O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\winlogon.exe O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe O4 - HKLM\..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 7\MMReminderService.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000137.exe 61A847B5BBF72813329B385771FE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\hdmmcagn.dll",forkonce O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Sygate Personal Firewall Start] servic.exe O4 - HKCU\..\Run: [Windows Compliant] winole.exe O4 - HKCU\..\Run: [ccleaner] "C:\Programme\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [pdfSaver3] "C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" O4 - HKCU\..\Run: [Suaa] "C:\WINDOWS\system32\DOBE~1\wowexec.exe" -vt yazb O4 - HKCU\..\Run: [Lnrydvmz] C:\WINDOWS\s?mbols\r?gsvr32.exe O4 - Startup: TA_Start.lnk = C:\Dokumente und Einstellungen\raptor\Lokale Einstellungen\Temp\TIP2D002.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: taskmgr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: An Mindjet MindManager senden - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - G:\Programme\alex\Chat\XM2002.exe (file missing) O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - G:\Programme\alex\Chat\XM2002.exe (file missing) O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O14 - IERESET.INF: START_PAGE_URL=https://www.arcor.de O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - https://download.ebay.com/turbo_lister/DE/install.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsof...?1137691898779 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - https://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - https://chat.msn.com/controls/msnchat45.cab O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - g:\programme\Haufe\HaufeReader\HRInstmon.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file) O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Unknown owner - C:\Programme\AntiVir PersonalEdition Classic\sched.exe (file missing) O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Unknown owner - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (file missing) O23 - Service: MSSvc DataService (DataService) - Unknown owner - c:\windows\system32\dllcache\MSSvc.EXE (file missing) O23 - Service: MSSvc DataStorage (DataStorage) - Unknown owner - c:\windows\system32\dllcache\MSSvc.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InteractiveLogon - Unknown owner - C:\WINDOWS\system32\Fast.exe (file missing) O23 - Service: LiveStats Reporting Server (LiveStats) - Unknown owner - G:/programme/Livestats/livestats.exe (file missing) O23 - Service: LiveStats Data Collector (livestats Collector) - Unknown owner - G:\programme\Livestats\collector.exe (file missing) O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySql (mysql) - Unknown owner - G:/programme/Livestats\db\bin\mysqld-nt.exe (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Danke für Hilfe
Gruß Angel
Zitieren