- #1
W
walter68
Neues Mitglied
Themenersteller
- Dabei seit
- 18.05.2004
- Beiträge
- 4
- Reaktionspunkte
- 0
hallo leute!
viellecht kann mir hier wer helfen.
Hab nen würm oder trojaner auf meinen rechner den ich nicht wegbekomme. hab schon alle möglichen antiviren programme versucht nützt alles nix.
jetzt versuch ich es mal mit hijack. kann sich mal wer das log ansehen ob da was nicht stimmt.
danke im vorraus
Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programme\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
C:\windows\SYSTEM32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\windows\System32\CTHELPER.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\TelefonCD\OtbStart.EXE
C:\Programme\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\windows\System32\devldr32.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\Programme\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
C:\Programme\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
C:\Programme\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
C:\Programme\Panda Software\Panda Platinum Internet Security\WebProxy.exe
C:\Dokumente und Einstellungen\WalteJ\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //netsearchsoft.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http: //netsearchsoft.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http: //www.krone.at/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //netsearchsoft.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //netsearchsoft.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http: //netsearchsoft.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //netsearchsoft.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {416A5D91-6281-40C3-8189-D571427E1685} - C:\windows\kCZoO0A.dll
O2 - BHO: (no name) - {D97287B6-4018-4060-948D-54D2122FC5C3} - C:\PROGRA~1\GEMEIN~1\GSERVI~1\0002C00.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OtbStart] C:\Programme\TelefonCD\OtbStart.EXE
O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
O4 - HKLM\..\Run: [SCANINICIO] C:\Programme\Panda Software\Panda Platinum Internet Security\Inicio.exe
O4 - HKLM\..\Run: [APVXDWIN] C:\Programme\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE /s
O4 - HKCU\..\Run: [MSMSGS] C:\Programme\Messenger\msmsgs.exe /background
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra->Tools' menuitem: Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\programme\panda software\panda platinum internet security\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\panda software\panda platinum internet security\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\panda software\panda platinum internet security\pavlsp.dll
O12 - Plugin for .qt: C:\Programme\Internet Explorer\PLUGINS\npqtw32.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_AT.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF58B50B-47FC-47F7-B030-1A19899AFB44}: NameServer = 195.34.133.13,195.34.133.14
Links deaktiviert
verschoben von Windows XP
viellecht kann mir hier wer helfen.
Hab nen würm oder trojaner auf meinen rechner den ich nicht wegbekomme. hab schon alle möglichen antiviren programme versucht nützt alles nix.
jetzt versuch ich es mal mit hijack. kann sich mal wer das log ansehen ob da was nicht stimmt.
danke im vorraus
Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programme\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
C:\windows\SYSTEM32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\windows\System32\CTHELPER.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\TelefonCD\OtbStart.EXE
C:\Programme\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\windows\System32\devldr32.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\Programme\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
C:\Programme\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
C:\Programme\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
C:\Programme\Panda Software\Panda Platinum Internet Security\WebProxy.exe
C:\Dokumente und Einstellungen\WalteJ\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //netsearchsoft.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http: //netsearchsoft.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http: //www.krone.at/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //netsearchsoft.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //netsearchsoft.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http: //netsearchsoft.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //netsearchsoft.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {416A5D91-6281-40C3-8189-D571427E1685} - C:\windows\kCZoO0A.dll
O2 - BHO: (no name) - {D97287B6-4018-4060-948D-54D2122FC5C3} - C:\PROGRA~1\GEMEIN~1\GSERVI~1\0002C00.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OtbStart] C:\Programme\TelefonCD\OtbStart.EXE
O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
O4 - HKLM\..\Run: [SCANINICIO] C:\Programme\Panda Software\Panda Platinum Internet Security\Inicio.exe
O4 - HKLM\..\Run: [APVXDWIN] C:\Programme\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE /s
O4 - HKCU\..\Run: [MSMSGS] C:\Programme\Messenger\msmsgs.exe /background
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra->Tools' menuitem: Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\programme\panda software\panda platinum internet security\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\panda software\panda platinum internet security\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\panda software\panda platinum internet security\pavlsp.dll
O12 - Plugin for .qt: C:\Programme\Internet Explorer\PLUGINS\npqtw32.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_AT.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF58B50B-47FC-47F7-B030-1A19899AFB44}: NameServer = 195.34.133.13,195.34.133.14
Links deaktiviert
verschoben von Windows XP