Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Log halt... (https://www.trojaner-board.de/20322-log-halt.html)

Sadi 30.07.2005 10:42
Log halt...
 
So. Vorweg: Ich hab absolut keine Ahnung von PC's :D
Hier mal mein Logfile...

Logfile of HijackThis v1.99.1
Scan saved at 11:32:15, on 30.07.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\cFosNT\cFosDNT.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Orbit\update.exe
C:\Programme\Orbit\view.exe
G:\Java\bin\jusched.exe
F:\AntiVir\AVGNT.EXE
F:\AIM95\aim.exe
G:\PROGRA~1\ICQ\ICQ.exe
F:\AntiVir\AVGUARD.EXE
F:\AntiVir\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\slserv.exe
C:\Programme\Internet Explorer\iexplore.exe
F:\Netscape\Communicator\Program\netscape.exe
F:\Programme\Winamp\Winamp.exe
C:\Dokumente und Einstellungen\Thomas\Desktop\DB Design\BtB - Clan\dsffds\llll\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://poker.casino-top.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.net/de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://poker.casino-top.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://poker.casino-top.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=1cj
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://poker.casino-top.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://poker.casino-top.org
R3 - URLSearchHook: OESearchHook Class - {341FB59F-3507-443b-8147-423B4E3B2B15} - C:\Programme\Gemeinsame Dateien\OE\search.dll
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll (file missing)
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [cFosDNT] f:\cFosNT\cFosDNT.exe
O4 - HKLM\..\Run: [Microsoft Update Time] wuam.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGRUN] C:\baa1.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [tkusybtiv] C:\WINDOWS\System32\efwklx.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [R3GRUN] C:\wow.exe
O4 - HKLM\..\Run: [REGISTRY] C:\activex.exe
O4 - HKLM\..\Run: [REFUSED] C:\installer.exe
O4 - HKLM\..\Run: [RERUNME] C:\amar.exe
O4 - HKLM\..\Run: [REGISRTY] C:\web.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winini32.exe
O4 - HKLM\..\Run: [CASHMEM] C:\install.exe
O4 - HKLM\..\Run: [DHOOON] C:\ul0ad.exe
O4 - HKLM\..\Run: [BAAAL] C:\uload.exe
O4 - HKLM\..\Run: [LOUD] C:\loud.exe
O4 - HKLM\..\Run: [LOAD] C:\leo.exe
O4 - HKLM\..\Run: [OrbitUpdate] C:\Programme\Orbit\update.exe
O4 - HKLM\..\Run: [FUKLUD] C:\lud.exe
O4 - HKLM\..\Run: [FUKLBAR] C:\bar.exe
O4 - HKLM\..\Run: [RUNLOUD] C:\l0ud.exe
O4 - HKLM\..\Run: [FUKME] C:\game.exe
O4 - HKLM\..\Run: [RUNLOAD] C:\l0ad.exe
O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [OrbitView] C:\Programme\Orbit\view.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] G:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [wow] C:\bar.exe
O4 - HKLM\..\Run: [suck] C:\l0ad.exe
O4 - HKLM\..\Run: [scuk] C:\l0ud.exe
O4 - HKLM\..\Run: [suckme] C:\l0ad.exe
O4 - HKLM\..\Run: [suckmy] C:\l0ud.exe
O4 - HKLM\..\Run: [LCASH] C:\lcash.exe
O4 - HKLM\..\Run: [GCASH] C:\gcash.exe
O4 - HKLM\..\Run: [YSBCASH] C:\bar.exe
O4 - HKLM\..\Run: [SEXWIFME] C:\msex.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OHBABY] C:\msex.exe
O4 - HKLM\..\Run: [OHBABE] C:\msex.exe
O4 - HKLM\..\Run: [SXUCKME] C:\sex.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Java\bin\jusched.exe
O4 - HKLM\..\Run: [NEWSEX] c:\msex.exe
O4 - HKLM\..\Run: [SESync] "C:\Programme\SED\SED.exe"
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Programme\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvizj32.exe
O4 - HKLM\..\Run: [msnmsgsgsfa32] C:\WINDOWS\msnmsgsgsa32f.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\svchst.exe /i
O4 - HKLM\..\Run: [supernews12] C:\WINDOWS\newsd32.exe
O4 - HKLM\..\Run: [TBllEe] C:\WINDOWS\relsd.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitesxo32.exe
O4 - HKLM\..\Run: [gaSrv] C:\WINDOWS\gaSrv.exe
O4 - HKLM\..\Run: [AVGCtrl] F:\AntiVir\AVGNT.EXE /min
O4 - HKLM\..\RunServices: [Microsoft Update Time] wuam.exe
O4 - HKCU\..\Run: [AIM] F:\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "F:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 1.1.4.lnk = G:\Programme\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\bin\npjpi142_05.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - G:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - G:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .avi: F:\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O16 - DPF: RaptisoftGameLoader - http://real.gamehouse.com/real/games/raptisoft/raptisoftgameloader.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/82kd76fg.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=f4daa263dba84d5ec1dbe591e128bf3e5a0b6d9c8948e19c227a30aa4e82f2e9333fe5ca461b2b5aa2fbea018580cd99a450201cb6:1d54c21a7e9b3b721acfab a4c40c4fec
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c18.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylom.lycos.de/activex/zylomgamesplayer.cab
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt03.com/dialer/internazionale_ver11.CAB
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://real.gamehouse.com/real/games/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CADA4C6-ECBC-4013-9DB0-E5D078D1EF33}: NameServer = 212.95.97.66 212.95.108.3
O20 - Winlogon Notify: f3dsl - MSplg7.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\AntiVir\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\AntiVir\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Haui45 30.07.2005 13:57
Zitat:
Log halt...
Ein aussagekräftiger Titel...

Zitat:
So. Vorweg: Ich hab absolut keine Ahnung von PC's :D
Hier mal mein Logfile...
Eine ausführliche Problembeschreibung...

Zitat:
Logfile of HijackThis v1.99.1....
Ein schreckliches HjT-Log!

Einzige Lösung: http://www.trojaner-board.de/showpos...28&postcount=2

Falls du nicht ausschließlich über DSL online gehst, evtl. vorhandene Dialer vorher mit eScan (Anleitung in jedem 2ten Thread zu finden) ausfindig machen und zwecks Beweissicherung auf Diskette/CD speichern.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131