need help -Hijacker

StupidHead · 11.09.2004, 10:31

Hi Leutz,

hab mir leider nen Hijacker eingefangen und kann ihm nicht entfernen. Hab bereits Spybot, Adaware und CWSchreder ohen erfolg durchlaufen lassen. Kann leider mit der Log von HijackThsi nichts anfangenen. Hoffe jemand kann mir helfen!? der Hijacker nervt u.a. mit Popups beim surfen und der veränderten SDtartseite...

Logfile of HijackThis v1.97.7
Scan saved at 11:26:28, on 11.09.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\avmclient\avmbtservice.exe
C:\Programme\avmclient\panapp.exe
C:\Programme\avmclient\AvmObexService.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\apips32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Programme\RAM Idle\RAM_XP.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\FRITZ!DSL\Awatch.exe
C:\Programme\avmclient\bluefritz.exe
C:\Programme\avmclient\AvmObex.exe
C:\WINDOWS\system32\winuu32.exe
C:\WINDOWS\System32\gqfnxq.exe
C:\Programme\avmclient\AvmObex.exe
C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Dokumente und Einstellungen\Ulf\Anwendungsdaten\soht.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\FRITZ!DSL\FritzDSL.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\...\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bspzf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bspzf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bspzf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bspzf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bspzf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\bspzf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bspzf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.aldi.com/
F1 - win.ini: run=C:\WINDOWS\System32\services\wmplayer.exe
O2 - BHO: (no name) - {0542B4FA-4ED0-23FD-0D46-8499061B3766} - C:\WINDOWS\javadm.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Programme\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe
O4 - HKLM\..\Run: [AVMBlueClient] C:\Programme\avmclient\bluefritz.exe
O4 - HKLM\..\Run: [AVMBLUEOBEX] C:\Programme\avmclient\AvmObex.exe -pushclient -ftpclient
O4 - HKLM\..\Run: [winuu32.exe] C:\WINDOWS\system32\winuu32.exe
O4 - HKLM\..\Run: [onxnctlui] C:\WINDOWS\System32\gqfnxq.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [YAW starten] "C:\Programme\Zubehör\YAW 3.5\yawguard.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Rlos] C:\Dokumente und Einstellungen\Ulf\Anwendungsdaten\soht.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: SideFind (HKLM)
O9 - Extra button: ICQ 4.1 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MedionShop (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...e72640af5cb44d
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...657.0299189815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binarie...pe32_EN_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13D5E3FD-FDC6-44FD-9FD0-46BDF8FF47F9}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF847FC3-214D-4622-BE98-8EA95A9BAB38}: NameServer = 192.168.122.252,192.168.122.253

need help -Hijacker

Log-Analyse und Auswertung: need help -Hijacker

need help -Hijacker

Ähnliche Themen: need help -Hijacker