| |
| |||||||
Log-Analyse und Auswertung: Searchdom Msh?????Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.02.2005, 00:16
| #1 |
| |  Searchdom Msh????? HELP! NEED SOMEBODY HELP!!! Wie kriege ich das Problem bloß weg??? Hier mein Logfile: Logfile of HijackThis v1.97.7 Scan saved at 00:14:27, on 03.02.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Venturi2\Client\ventc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\T-Online\ISDNSP~1\Tomcat.exe C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\Buhl\Anti Trojaner\Taumon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\TuneUp Utilities 2004\MemOptimizer.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\eBay\eBay Toolbar\4.2.0.3\ebaytbar.exe C:\Programme\BHODemon 2\BHODemon.exe C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe C:\Programme\Microsoft AntiSpyware\gcasServ.exe C:\PROGRA~1\Strato\Strato.exe C:\Programme\Internet Explorer\iexplore.exe D:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchdom.net R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchdom.net/?re= (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchdom.net/?re= (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Strato DSL O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\Programme\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\Programme\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll O4 - HKLM\..\Run: [ISDN SpeedManager] "C:\PROGRA~1\T-Online\ISDNSP~1\Tomcat.exe" O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [Tau Monitor] C:\Programme\Buhl\Anti Trojaner\Taumon.exe O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2004\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Programme\Microsoft AntiSpyware\gcASCleaner.exe O4 - HKCU\..\RunOnce: [ICQ Lite] F:\Internet\ICQ\ICQLite\ICQLite.exe -trayboot O4 - Startup: BHODemon 2.0.lnk = C:\Programme\BHODemon 2\BHODemon.exe O4 - Global Startup: eBay Toolbar.LNK = C:\Programme\eBay\eBay Toolbar\4.2.0.3\ebaytbar.exe O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add O8 - Extra context menu item: Ähnliche Seiten - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: eBay Toolbar (HKLM) O9 - Extra 'Tools' menuitem: eBay Toolbar (HKLM) O9 - Extra button: ICQ 4.1 (HKLM) O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O9 - Extra button: Trashcan (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU) O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy (HKCU) O10 - Broken Internet access because of LSP provider 'vlsp.dll' missing O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .mpga: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll O13 - DefaultPrefix: http://%77%77%77%2E%73%65%61%72%63%6...%6E%65%74/?re= O13 - WWW Prefix: http://%77%77%77%2E%73%65%61%72%63%6...%6E%65%74/?re= O14 - IERESET.INF: START_PAGE_URL=http://www.strato.de/dsl/ O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.sc5.yahoo.com/v45/yacscom.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/288644c3...dxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093459541296 O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/de/bi.../GoogleNav.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...029.3687615741 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...sh/swflash.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.serviceurl.de/StarInstall.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{61315BA6-6B3D-4EF9-B216-73455D957D24}: NameServer = 192.168.122.252,192.168.122.253 O17 - HKLM\System\CCS\Services\Tcpip\..\{FDAA254C-5D36-4A1A-A0AB-0990E0C871D8}: NameServer = 195.71.239.195 193.189.244.205 |
|
03.02.2005, 00:25
| #2 |
| | Searchdom Msh????? Hier das Logfile mit der neuen Version von HijackThis:
__________________Logfile of HijackThis v1.99.0 Scan saved at 00:22:36, on 03.02.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Venturi2\Client\ventc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\T-Online\ISDNSP~1\Tomcat.exe C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\Buhl\Anti Trojaner\Taumon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\TuneUp Utilities 2004\MemOptimizer.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\eBay\eBay Toolbar\4.2.0.3\ebaytbar.exe C:\Programme\BHODemon 2\BHODemon.exe C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe C:\Programme\Microsoft AntiSpyware\gcasServ.exe C:\PROGRA~1\Strato\Strato.exe C:\Programme\WinRAR\WinRAR.exe D:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchdom.net R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchdom.net/?re= (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchdom.net/?re= (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Strato DSL O2 - BHO: eBay Helper Object - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\Programme\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\Programme\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll O4 - HKLM\..\Run: [ISDN SpeedManager] "C:\PROGRA~1\T-Online\ISDNSP~1\Tomcat.exe" O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [Tau Monitor] C:\Programme\Buhl\Anti Trojaner\Taumon.exe O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Programme\Microsoft AntiSpyware\gcASCleaner.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2004\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] F:\Internet\ICQ\ICQLite\ICQLite.exe -trayboot O4 - Startup: BHODemon 2.0.lnk = C:\Programme\BHODemon 2\BHODemon.exe O4 - Global Startup: eBay Toolbar.LNK = C:\Programme\eBay\eBay Toolbar\4.2.0.3\ebaytbar.exe O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add O8 - Extra context menu item: Ähnliche Seiten - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\Programme\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\Programme\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Internet\ICQ\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Internet\ICQ\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Programme\Buhl\PC Firewall 2.0\trash.exe (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Programme\Buhl\PC Firewall 2.0\trash.exe (HKCU) O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {C5A23D83-BB9A-42AF-A341-8222AC6132EB} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {C5A23D83-BB9A-42AF-A341-8222AC6132EB} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .mpga: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll O13 - DefaultPrefix: http://%77%77%77%2E%73%65%61%72%63%6...%6E%65%74/?re= O13 - WWW Prefix: http://%77%77%77%2E%73%65%61%72%63%6...%6E%65%74/?re= O14 - IERESET.INF: START_PAGE_URL=http://www.strato.de/dsl/ O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.sc5.yahoo.com/v45/yacscom.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/288644c3...dxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093459541296 O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/de/bi.../GoogleNav.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.serviceurl.de/StarInstall.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{61315BA6-6B3D-4EF9-B216-73455D957D24}: NameServer = 192.168.122.252,192.168.122.253 O17 - HKLM\System\CCS\Services\Tcpip\..\{FDAA254C-5D36-4A1A-A0AB-0990E0C871D8}: NameServer = 195.71.239.195 193.189.244.205 O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: InCD Helper - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing) O23 - Service: SFirewall Service - Unknown - C:\PROGRA~1\Buhl\PCFIRE~1.0\sfw.exe O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: Venturi2 Client - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe O23 - Service: X10 Device Network Service - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe WER KANN MIR WEITERHELFEN??? Gruß, Unki |
|
03.02.2005, 07:39
| #3 |
| Administrator, a.D.   | Searchdom Msh????? Hallo,
__________________führe dies aus -> http://www.trojaner-board.de/showpos...24&postcount=8 Poste danach ein neues HJT Log-File mit der neuen Version 1.99.
__________________ |
|
| Themen zu Searchdom Msh????? |
| .inf, adobe, antispyware, ebay, excel, explorer, google, help, hijack, hijackthis, icq, installation, internet, internet explorer, logfile, microsoft, monitor, obfuscated, object, problem, programme, shockwave, software, sun java, system, t-online, tcpip, trojaner, tuneup utilities, windows, windows messenger, windows xp, yahoo |
Linear-Darstellung
