Log halt...

Sadi · 30.07.2005, 10:42

So. Vorweg: Ich hab absolut keine Ahnung von PC's

Hier mal mein Logfile...

Logfile of HijackThis v1.99.1
Scan saved at 11:32:15, on 30.07.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\cFosNT\cFosDNT.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Orbit\update.exe
C:\Programme\Orbit\view.exe
G:\Java\bin\jusched.exe
F:\AntiVir\AVGNT.EXE
F:\AIM95\aim.exe
G:\PROGRA~1\ICQ\ICQ.exe
F:\AntiVir\AVGUARD.EXE
F:\AntiVir\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\slserv.exe
C:\Programme\Internet Explorer\iexplore.exe
F:\Netscape\Communicator\Program\netscape.exe
F:\Programme\Winamp\Winamp.exe
C:\Dokumente und Einstellungen\Thomas\Desktop\DB Design\BtB - Clan\dsffds\llll\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://poker.casino-top.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.net/de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://poker.casino-top.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://poker.casino-top.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=1cj
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://poker.casino-top.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://poker.casino-top.org
R3 - URLSearchHook: OESearchHook Class - {341FB59F-3507-443b-8147-423B4E3B2B15} - C:\Programme\Gemeinsame Dateien\OE\search.dll
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll (file missing)
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [cFosDNT] f:\cFosNT\cFosDNT.exe
O4 - HKLM\..\Run: [Microsoft Update Time] wuam.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGRUN] C:\baa1.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [tkusybtiv] C:\WINDOWS\System32\efwklx.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [R3GRUN] C:\wow.exe
O4 - HKLM\..\Run: [REGISTRY] C:\activex.exe
O4 - HKLM\..\Run: [REFUSED] C:\installer.exe
O4 - HKLM\..\Run: [RERUNME] C:\amar.exe
O4 - HKLM\..\Run: [REGISRTY] C:\web.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winini32.exe
O4 - HKLM\..\Run: [CASHMEM] C:\install.exe
O4 - HKLM\..\Run: [DHOOON] C:\ul0ad.exe
O4 - HKLM\..\Run: [BAAAL] C:\uload.exe
O4 - HKLM\..\Run: [LOUD] C:\loud.exe
O4 - HKLM\..\Run: [LOAD] C:\leo.exe
O4 - HKLM\..\Run: [OrbitUpdate] C:\Programme\Orbit\update.exe
O4 - HKLM\..\Run: [FUKLUD] C:\lud.exe
O4 - HKLM\..\Run: [FUKLBAR] C:\bar.exe
O4 - HKLM\..\Run: [RUNLOUD] C:\l0ud.exe
O4 - HKLM\..\Run: [FUKME] C:\game.exe
O4 - HKLM\..\Run: [RUNLOAD] C:\l0ad.exe
O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [OrbitView] C:\Programme\Orbit\view.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] G:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [wow] C:\bar.exe
O4 - HKLM\..\Run: [suck] C:\l0ad.exe
O4 - HKLM\..\Run: [scuk] C:\l0ud.exe
O4 - HKLM\..\Run: [suckme] C:\l0ad.exe
O4 - HKLM\..\Run: [suckmy] C:\l0ud.exe
O4 - HKLM\..\Run: [LCASH] C:\lcash.exe
O4 - HKLM\..\Run: [GCASH] C:\gcash.exe
O4 - HKLM\..\Run: [YSBCASH] C:\bar.exe
O4 - HKLM\..\Run: [SEXWIFME] C:\msex.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OHBABY] C:\msex.exe
O4 - HKLM\..\Run: [OHBABE] C:\msex.exe
O4 - HKLM\..\Run: [SXUCKME] C:\sex.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Java\bin\jusched.exe
O4 - HKLM\..\Run: [NEWSEX] c:\msex.exe
O4 - HKLM\..\Run: [SESync] "C:\Programme\SED\SED.exe"
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Programme\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvizj32.exe
O4 - HKLM\..\Run: [msnmsgsgsfa32] C:\WINDOWS\msnmsgsgsa32f.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\svchst.exe /i
O4 - HKLM\..\Run: [supernews12] C:\WINDOWS\newsd32.exe
O4 - HKLM\..\Run: [TBllEe] C:\WINDOWS\relsd.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitesxo32.exe
O4 - HKLM\..\Run: [gaSrv] C:\WINDOWS\gaSrv.exe
O4 - HKLM\..\Run: [AVGCtrl] F:\AntiVir\AVGNT.EXE /min
O4 - HKLM\..\RunServices: [Microsoft Update Time] wuam.exe
O4 - HKCU\..\Run: [AIM] F:\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "F:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 1.1.4.lnk = G:\Programme\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\bin\npjpi142_05.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - G:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - G:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .avi: F:\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O16 - DPF: RaptisoftGameLoader - http://real.gamehouse.com/real/games/raptisoft/raptisoftgameloader.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/82kd76fg.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=f4daa263dba84d5ec1dbe591e128bf3e5a0b6d9c8948e19c227a30aa4e82f2e9333fe5ca461b2b5aa2fbea018580cd99a450201cb6:1d54c21a7e9b3b721acfab a4c40c4fec
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c18.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylom.lycos.de/activex/zylomgamesplayer.cab
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt03.com/dialer/internazionale_ver11.CAB
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://real.gamehouse.com/real/games/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CADA4C6-ECBC-4013-9DB0-E5D078D1EF33}: NameServer = 212.95.97.66 212.95.108.3
O20 - Winlogon Notify: f3dsl - MSplg7.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\AntiVir\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\AntiVir\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Haui45 · 30.07.2005, 13:57

Zitat:

Log halt...

Ein aussagekräftiger Titel...

Zitat:

So. Vorweg: Ich hab absolut keine Ahnung von PC's

Hier mal mein Logfile...

Eine ausführliche Problembeschreibung...

Zitat:

Logfile of HijackThis v1.99.1....

Ein schreckliches HjT-Log!

Einzige Lösung: http://www.trojaner-board.de/showpos...28&postcount=2

Falls du nicht ausschließlich über DSL online gehst, evtl. vorhandene Dialer vorher mit eScan (Anleitung in jedem 2ten Thread zu finden) ausfindig machen und zwecks Beweissicherung auf Diskette/CD speichern.

Log halt...

Log-Analyse und Auswertung: Log halt...

Log halt...

Log halt...

Ähnliche Themen: Log halt...