hallo leute,
habe von eurem forum von einem freund gehört. habe auch schon mal gespickt wie man so ein log erstellt . mit der auswertung hapert es aber.
bitte um prof. hilfe. wie bekomme ich dieses sche... ding wieder vom pc.
danke für die hilfe.

Logfile of HijackThis v1.99.0
Scan saved at 11:32:50, on 04.02.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Dokumente und Einstellungen\Admin\Eigene Dateien\HiJackthisNeu\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dceqe.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dceqe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dceqe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dceqe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dceqe.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dceqe.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: (no name) - {DB059926-D27C-8E92-BBEC-8DEF1964A592} - C:\WINDOWS\msdg32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [OleDevice] C:\WINDOWS\System32\OleHost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [sdknz.exe] C:\WINDOWS\system32\sdknz.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Programme\OpenOffice.org1.1.2\program\quickstart.exe
O4 - Startup: QuickLink.lnk = C:\Programme\PhotoWise\quicklnk.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\wshbth.dll' missing
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://geovision-japan.dipmap.com/ca...ecker_6100.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094905171802
O16 - DPF: {BF5E26B7-7087-4C2D-B0BA-0098F7CBED6B} (LiveX(5.4.0.0) Control) - http://168.253.18.250/cab/Live.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://geovision-japan.dipmap.com/ca...dFile_6100.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\mfcem32.exe

@Rebelyell

Zitat:

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

System und IE sind ungepatcht = ungeschützt.
Die Threads bitte durcharbeiten:
http://www.trojaner-board.com/search...earchid=185850

fixe (wenn sich das noch lohnt) alle hjt.log einträge die mit O15 beginnen.


hat wahrscheinlich noch mehr aber no time
lehrer kommt

hallo leute ,
danke für die schnelle antwort.
hier noch einmal mein eScan-Log,
habe aber wenig hoffnung.

Fri Feb 04 14:49:35 2005 => File C:\DOKUME~1\Admin\LOKALE~1\Temp\28.tmp infected by "Trojan.Win32.HideProc.a" Virus. Action Taken: No Action Taken.
ri Feb 04 14:49:48 2005 => File C:\WINDOWS\system32\sdknz.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
ri Feb 04 14:50:06 2005 => File C:\WINDOWS\system32\mfcem32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:50:07 2005 => File C:\WINDOWS\ieru.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:50:10 2005 => File C:\WINDOWS\ieru.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:50:19 2005 => File C:\WINDOWS\system32\sdknz.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:50:33 2005 => File C:\WINDOWS\system32\mfcem32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:50:34 2005 => File C:\WINDOWS\apiwe32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
ri Feb 04 14:50:34 2005 => File C:\WINDOWS\Bewerbung[bbh-10133,1].exe infected by "not-a-virus:Porn-Dialer.Win32.Intexdial" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:50:35 2005 => File C:\WINDOWS\d3yw.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:50:35 2005 => File C:\WINDOWS\dceqe.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:50:37 2005 => File C:\WINDOWS\javayq32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:50:40 2005 => File C:\WINDOWS\msdg32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:50:40 2005 => File C:\WINDOWS\netns32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:51:46 2005 => File C:\WINDOWS\System32\japrf.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:51:47 2005 => File C:\WINDOWS\System32\javaaz.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:51:47 2005 => File C:\WINDOWS\System32\javaha32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:51:58 2005 => File C:\WINDOWS\System32\majgw.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:53:02 2005 => File C:\WINDOWS\System32\sysaf.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:53:20 2005 => File C:\WINDOWS\System32\winqt32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:53:21 2005 => File C:\WINDOWS\System32\winyj32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:53:32 2005 => File C:\DOKUME~1\Admin\LOKALE~1\Temp\28.tmp infected by "Trojan.Win32.HideProc.a" Virus. Action Taken: No Action Taken.
Fri Feb 04 14:53:37 2005 => ***** Scanning complete. *****

Fri Feb 04 14:53:37 2005 => Total Files Scanned: 3226
Fri Feb 04 14:53:37 2005 => Total Virus(es) Found: 22
Fri Feb 04 14:53:37 2005 => Total Disinfected Files: 0
Fri Feb 04 14:53:37 2005 => Total Files Renamed: 0
Fri Feb 04 14:53:37 2005 => Total Deleted Files: 0
Fri Feb 04 14:53:37 2005 => Total Errors: 1
Fri Feb 04 14:53:37 2005 => Time Elapsed: 00:07:43
Fri Feb 04 14:53:37 2005 => Virus Database Date: 2005/01/28
Fri Feb 04 14:53:37 2005 => Virus Database Count: 117012

Fri Feb 04 14:53:37 2005 => Scan Completed.

ohoh.. Backdoor.Win32.Small.dc...
dein system ist kompromittiert; es ist nicht mehr vertrauenswürdig.

installiere windows neu und beachte diese Anleitung

Les dir bitte das durch und geh so vor http://trojaner-board.de/showthread.php?t=12154

Du hast mehrer Backdoor`s auf dem Rechner!

Gruss