Trojaner-Board - Könnte bitte jemand mein Log prüfen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Könnte bitte jemand mein Log prüfen (https://www.trojaner-board.de/12720-koennte-bitte-jemand-log-pruefen.html)

Könnte bitte jemand mein Log prüfen

hi @ll bin neu hier :crazy:

wollte mal fragen ob jemand mein log bitte überprüfen kann. :)

gruss
busted

Logfile of HijackThis v1.99.0
Scan saved at 13:08:21, on 25.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Norton Internet Security Professional\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Norton Internet Security Professional\SymPxSvc.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programme\Norton Internet Security Professional\IAMAPP.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programme\Razer\razertra.exe
C:\Programme\Norton Internet Security Professional\NISSERV.EXE
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\Wsr\WinsysRsr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Razer\razerhid.exe
C:\Programme\Norton Internet Security Professional\ATRACK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\wincmd\WINCMD32.EXE
C:\DOKUME~1\User\LOKALE~1\Temp\$wc\HIJACK~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Programme\Norton Internet Security Professional\IAMAPP.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [razertra] C:\Programme\Razer\razertra.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [WinsysRsr] C:\Programme\Wsr\WinsysRsr.exe
O4 - HKLM\..\Run: [Microsoft Update] wuampd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuampd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update] wuampd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1099949359828
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1A67AAE-59BE-4313-BE5C-157E5AADAE48}: NameServer = 217.237.151.33 217.237.149.225
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Professional Service - Symantec Corporation - C:\Programme\Norton Internet Security Professional\NISSERV.EXE
O23 - Service: Norton Internet Security Professional Accounts Manager - Symantec Corporation - C:\Programme\Norton Internet Security Professional\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Professional Proxy Service - Symantec Corporation - C:\Programme\Norton Internet Security Professional\SymPxSvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

Hi,
lade dir bitte mal Spybot S&D runter, update es und lasse es laufen.
Berichte was es gefunden hat und poste ein neues Logfile.
Mir geht es darum:
C:\Programme\Wsr\WinsysRsr.exe
cacatoa

hier das log von spybot...

gruss
busted :)

--- Report generated: 2005-01-25 13:49 ---

DSO Exploit: Data source object exploit (Registrierungsdatenbank-Änderung, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registrierungsdatenbank-Änderung, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registrierungsdatenbank-Änderung, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registrierungsdatenbank-Änderung, nothing done)
HKEY_USERS\S-1-5-21-1078081533-515967899-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registrierungsdatenbank-Änderung, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

Alexa Related: Verknüpfung (Datei austauschen, nothing done)
C:\WINDOWS\Web\related.htm

FastClick: Verfolgender Cookie (Internet Explorer: User) (Cookie, nothing done)

Advertising.com: Verfolgender Cookie (Internet Explorer: User) (Cookie, nothing done)

Avenue A, Inc.: Verfolgender Cookie (Internet Explorer: User) (Cookie, nothing done)

DoubleClick: Verfolgender Cookie (Internet Explorer: User) (Cookie, nothing done)

MediaPlex: Verfolgender Cookie (Internet Explorer: User) (Cookie, nothing done)

Advertising.com: Verfolgender Cookie (Internet Explorer: User) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.4 ß2 (build: 20041211) ---

2004-09-27 blindman.exe (1.0.0.0)
2004-12-11 SpybotSD.exe (1.4.0.0)
2004-12-06 TeaTimer.exe (1.4.0.0)
2004-06-15 unins000.exe (51.15.0.0)
2004-09-27 Update.exe (1.3.0.0)
2004-11-29 advcheck.dll (1.0.1.0)
2004-09-27 borlndmm.dll (7.0.4.453)
2004-09-27 delphimm.dll (7.0.4.453)
2004-10-20 SDHelper.dll (1.3.0.12)
2004-09-27 Tools.dll (2.0.0.0)
2004-09-27 UnzDll.dll (1.73.1.1)
2004-09-27 ZipDll.dll (1.73.2.0)
2004-11-29 Includes\Cookies.sbi (*)
2005-01-04 Includes\Dialer.sbi (*)
2005-01-04 Includes\Hijackers.sbi (*)
2004-12-29 Includes\Keyloggers.sbi (*)
2005-01-04 Includes\Malware.sbi (*)
2004-08-11 Includes\plugin-ignore.ini
2004-11-29 Includes\Revision.sbi (*)
2004-11-29 Includes\Security.sbi (*)
2005-01-05 Includes\Spybots.sbi (*)
2004-11-29 Includes\Tracks.uti
2005-01-04 Includes\Trojans.sbi (*)

O.k.,
auf ein neues:
Lade Dir AdAware SE runter, update es und lasse einen "full system scan" laufen.
Schau was da gefunden und getan wird.
Bis gleich.
cacatoa

das log ist zu lang um es hier zu posten. hab deshalb nur den eintrag rausgesucht der dich interessiert hat. die unteren beiden einträger verstehe ich nit. war nie auf den seiten :(

gruss
busted

#:22 [winsysrsr.exe]
FilePath : C:\Programme\Wsr\
ProcessID : 1436
ThreadCreationTime : 25.01.2005 12:05:31
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Mp3FileMonitoring ?? ????
FileDescription : Mp3FileMonitoring MFC ?? ????
InternalName : Mp3FileMonitoring
LegalCopyright : Copyright (C) 2002
OriginalFilename : Mp3FileMonitoring.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:user@imrworldwide.com/cgi-bin
Expires : 31.12.2014 21:27:20
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@serving-sys[2].txt
Category : Data Miner
Comment : Hits:347
Value : Cookie:user@serving-sys.com/
Expires : 01.01.2038 06:00:00
LastSync : Hits:347
UseCount : 0
Hits : 347
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@gator[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:user@gator.com/
Expires : 12.02.2005 16:49:12
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@adserver.filefront[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:user@adserver.filefront.com/
Expires : 09.11.2004 23:24:38
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@adserver.71i[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:user@adserver.71i.de/
Expires : 30.12.2037 17:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:user@www.3dstats.com/cgi-bin
Expires : 28.02.2015 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:user@tribalfusion.com/
Expires : 01.01.2038 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@casalemedia[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:user@casalemedia.com/
Expires : 30.10.2005 18:24:48
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@premiumnetworkrocks.valuead[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:user@premiumnetworkrocks.valuead.com/
Expires : 01.01.2021 01:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@tradedoubler[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:user@tradedoubler.com/
Expires : 04.02.2005 16:16:26
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@adserver.easy-ad[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:user@adserver.easy-ad.info/
Expires : 11.11.2014 03:27:24
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@as1.falkag[2].txt
Category : Data Miner
Comment : Hits:109
Value : Cookie:user@as1.falkag.de/
Expires : 04.02.2005 16:28:10
LastSync : Hits:109
UseCount : 0
Hits : 109
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@partners.webmasterplan[2].txt
Category : Data Miner
Comment : Hits:22
Value : Cookie:user@partners.webmasterplan.com/
Expires : 06.02.2005
LastSync : Hits:22
UseCount : 0
Hits : 22
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 13
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 13

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : SpyWare Nuker Adware and Spyware Removal.url
Category : Misc
Comment : Problematic URL discovered: http://www.spywarenuker.com/
Object : C:\Dokumente und Einstellungen\User\Favoriten\Links\

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : CRACKSAM___SMART_SEARCH_RES.URL
Category : Misc
Comment : Problematic URL discovered: http://www.cracks.am/s.x
Object : C:\Dokumente und Einstellungen\User\Favoriten\TEST\WAREZ\

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15
14:26:26 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:35.78
Objects scanned:252075
Objects identified:15
Objects ignored:0
New critical objects:15

Lösche jetzt den Quarantäne-Ordner von AdAware und poste ein neues Logfile.
cacatoa

so siehts aus. die einträge 1-21 waren auskommentiert so das ich sie rauseditiert habe.

gruss
busted

#:22 [winsysrsr.exe]
FilePath : C:\Programme\Wsr\
ProcessID : 1436
ThreadCreationTime : 25.01.2005 12:05:31
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Mp3FileMonitoring ?? ????
FileDescription : Mp3FileMonitoring MFC ?? ????
InternalName : Mp3FileMonitoring
LegalCopyright : Copyright (C) 2002
OriginalFilename : Mp3FileMonitoring.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Disk Scan Result for C:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Disk Scan Result for C:\DOKUME~1\User\LOKALE~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-515967899-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\User\recent
Description : list of recently opened documents

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28
14:55:23 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:44.578
Objects scanned:59173
Objects identified:0
Objects ignored:0
New critical objects:0

Ist ja gut, ich meinte ein HJT-Logfile ;)
cacatoa

*g* und ich versuch die 10000zeichen einzuhalten *lach* und dabei magst du nur ein hjt-loghaben :) hmm sieht irgentwie gleich aus oder täusche ich mich?

greetz
busted

Logfile of HijackThis v1.99.0
Scan saved at 15:07:42, on 25.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Norton Internet Security Professional\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Norton Internet Security Professional\SymPxSvc.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programme\Norton Internet Security Professional\IAMAPP.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Programme\Razer\razertra.exe
C:\Programme\Norton Internet Security Professional\NISSERV.EXE
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\Wsr\WinsysRsr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Razer\razerhid.exe
C:\Programme\Norton Internet Security Professional\ATRACK.EXE
C:\Programme\FlashGet\flashget.exe
C:\wincmd\WINCMD32.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\DOKUME~1\User\LOKALE~1\Temp\$wc\HIJACK~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Programme\Norton Internet Security Professional\IAMAPP.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [razertra] C:\Programme\Razer\razertra.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [WinsysRsr] C:\Programme\Wsr\WinsysRsr.exe
O4 - HKLM\..\Run: [Microsoft Update] wuampd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuampd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update] wuampd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1099949359828
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1A67AAE-59BE-4313-BE5C-157E5AADAE48}: NameServer = 217.237.151.33 217.237.149.225
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Professional Service - Symantec Corporation - C:\Programme\Norton Internet Security Professional\NISSERV.EXE
O23 - Service: Norton Internet Security Professional Accounts Manager - Symantec Corporation - C:\Programme\Norton Internet Security Professional\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Professional Proxy Service - Symantec Corporation - C:\Programme\Norton Internet Security Professional\SymPxSvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

So,
ich muß jetzt leider weg. Deshalb nutze die Zeit und Lade Dir das SP2 für Dein System herunter und installiere es. Das ist schon mal die halbe Miete.
Dann fragst Du Tante google nach folgendem: (Außer Du kennst es)
C:\Programme\Razer\razertra.exe
C:\Programme\Wsr\WinsysRsr.exe
C:\wincmd\WINCMD32.EXE

und dann führst du noch einen eScan genau nach Anleitung durch.
Poste dann auch das Ergebnis
cacatoa

erstmal dickes danke für deine hilfe :)

zu den datein razertra.exe und wincmd32.exe kann ich dir genau sagen wozu sie gehören. :)

razertra.exe ist meine maus (razer diamondback)

wincmd32.exe ist der windows commander 5.0 (find ich besser als den arbeitsplatz)

zu winsysrsr.exe mußte ich tante google (rofl) fragen. soll ein mp3-monitor sein.
kann sein das zu dem programm für meinen mp3-player gehört.

gruss
busted

Hallo busted.

zu der Datei "wuampd.exe" gibt es schon einiges hier in den Foren.
Gib die Dateinamen einfach mal unter "suchen" ein.

dartus

Zitat:

Zitat von dartus

Hallo busted.

zu der Datei "wuampd.exe" gibt es schon einiges hier in den Foren.
Gib die Dateinamen einfach mal unter "suchen" ein.

dartus

hab ich jetzt mal gemacht. das lustige an der sache ist, das ich keinem virus und keinen trojaner auf meinem system habe. ;) laut 6 scans die ich heute durchgeführt habe :)

greets
busted

Womit hast du denn wie gescannt?

Wenn es sich um diese Datei handelt:

C:\WINDOWS\system32\wuampd.exe

ist es ziemlich sicher eine Rbot-Variante, also ein Backdoor.

Teste die Date mal hier: http://virusscan.jotti.org/de

oder verwende mal E-Scan wie vorgeschrieben:

http://www.trojaner-board.de/42731-escan-anleitung.html

Ich habe Dir ebenso wie MK den eScan empfohlen; hast du die Ergenisse?
cacatoa