Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hilfe bei Hj Logfile (https://www.trojaner-board.de/24235-hilfe-hj-logfile.html)

Miramax 04.12.2005 14:21
Hilfe bei Hj Logfile
 
Hi Leutz,
könntet ihr mir bitte sagen was ich an dem Logfile löschen kann? Habe z.B das T Pferd StartPa.Du.DLL.1 drauf

Vielen Dank für eure Hilfe!

Logfile of HijackThis v1.99.1
Scan saved at 14:07:58, on 04.12.2005
Platform: *Windows XP (WinNT 5.01.2600)
MSIE: *Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ipnh.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\pupxpman.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\webHancer\Programs\whAgent.exe
C:\Programme\QuickTime\qttask.exe
C:\Program Files\webHancer\Programs\whsurvey.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\BearShare\BearShare.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\HbTools\Bin\4.7.1.0\HbtWeatherOnTray.exe
C:\Programme\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe
C:\DOKUME~1\***\LOKALE~1\Temp\85.tmp.exe
C:\DOKUME~1\***\LOKALE~1\Temp\86.tmp.exe
C:\WINDOWS\system32\ipki.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Skype\Phone\Skype.exe
C:\winstall.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Kabelloser Labtec-Desktop\MagicKey.exe
C:\Programme\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Programme\Kabelloser Labtec-Desktop\MulMouse.exe
C:\Programme\MSN Toolbar Suite\DS\02.05.0001.1119\de-de\bin\WindowsSearch.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Kabelloser Labtec-Desktop\OSD.EXE
C:\Programme\MSN Toolbar Suite\DS\02.05.0001.1119\de-de\bin\WindowsSearchIndexer.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\*Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\HbTools\Bin\4.7.1.0\HbtSrv.exe
C:\DOKUME~1\SIMON\LOKALE~1\TEMP\_VWUPSRV.EXE
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\AVPersonal\AVSched32.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\***\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet* Explorer\Main,Search *Bar = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKCU\Software\Microsoft\Internet* Explorer\Main,Search Page = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R0 - HKCU\Software\Microsoft\Internet* Explorer\Main,Start Page = h**p://www.web.de/
R1 - HKLM\Software\Microsoft\Internet* Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet* Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKLM\Software\Microsoft\Internet* Explorer\Main,Search *Bar = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKLM\Software\Microsoft\Internet* Explorer\Main,Search Page = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKCU\Software\Microsoft\Internet* Explorer\Search,SearchAssistant = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R0 - HKLM\Software\Microsoft\Internet* Explorer\Search,SearchAssistant = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKCU\Software\Microsoft\Internet* Explorer\SearchURL,(Default) = h**p://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.178.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://www.routerlogin.net/basicsetting.htm;192.168.1.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Programme\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.7.1.0\HbtHostIE.dll
O2 - BHO: *Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Class - {AEC0E648-ADD3-DDDE-92AB-02CC0E6452E3} - C:\WINDOWS\winwl32.dll
O2 - BHO: MSN Suche Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: MSN Suche Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.7.1.0\HbtHostIE.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Programme\HbTools\Bin\4.7.1.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [HbTools] C:\Programme\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [tzoqlymm] C:\WINDOWS\System32\joghagww.exe
O4 - HKLM\..\Run: [ipdx.exe] C:\WINDOWS\ipdx.exe
O4 - HKLM\..\Run: [85.tmp] C:\DOKUME~1\***\LOKALE~1\Temp\85.tmp.exe
O4 - HKLM\..\Run: [86.tmp] C:\DOKUME~1\***\LOKALE~1\Temp\86.tmp.exe
O4 - HKLM\..\Run: [85.tmp.exe] C:\DOKUME~1\***\LOKALE~1\Temp\85.tmp.exe
O4 - HKLM\..\Run: [86.tmp.exe] C:\DOKUME~1\***\LOKALE~1\Temp\86.tmp.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [ipki.exe] C:\WINDOWS\system32\ipki.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Kabellosen Labtec-Desktop aktivieren.lnk = C:\Programme\Kabelloser Labtec-Desktop\MagicKey.exe
O4 - Global Startup: *Microsoft Office.lnk = C:\Programme\*Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\MSN Toolbar Suite\DS\02.05.0001.1119\de-de\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Suche - res://C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll/search.htm
O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/229?b7bccb85c91d4d85861a9ea17194dee
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/230?b7bccb85c91d4d85861a9ea17194dee
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ShopperReports - Compare *travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Programme\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Programme\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O10 - Hijacked *Internet access by WebHancer
O10 - Hijacked *Internet access by WebHancer
O10 - Hijacked *Internet access by WebHancer
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipnh.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Haui45 04.12.2005 14:40
Hallo,

dein System ist total veraltet! Es fehlt das SP2 sowie alle nachfolgenden Patches. Das ist einer der Gründe, warum dein System vollkommen durchseucht ist, hier mal ein kleiner Auszug:
Zitat:
Zitat von Miramax
R1 - HKCU\Software\Microsoft\Internet* Explorer\Main,Search *Bar = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKCU\Software\Microsoft\Internet* Explorer\Main,Search Page = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKLM\Software\Microsoft\Internet* Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKLM\Software\Microsoft\Internet* Explorer\Main,Search *Bar = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKLM\Software\Microsoft\Internet* Explorer\Main,Search Page = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKCU\Software\Microsoft\Internet* Explorer\Search,SearchAssistant = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R0 - HKLM\Software\Microsoft\Internet* Explorer\Search,SearchAssistant = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R3 - Default URLSearchHook is missing
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Programme\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.7.1.0\HbtHostIE.dll
O2 - BHO: Class - {AEC0E648-ADD3-DDDE-92AB-02CC0E6452E3} - C:\WINDOWS\winwl32.dll
O2 - BHO: MSN Suche Toolbar Helper -
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.7.1.0\HbtHostIE.dll
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [WeatherOnTray] C:\Programme\HbTools\Bin\4.7.1.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [HbTools] C:\Programme\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [tzoqlymm] C:\WINDOWS\System32\joghagww.exe
O4 - HKLM\..\Run: [ipdx.exe] C:\WINDOWS\ipdx.exe
O4 - HKLM\..\Run: [85.tmp] C:\DOKUME~1\***\LOKALE~1\Temp\85.tmp.exe
O4 - HKLM\..\Run: [86.tmp] C:\DOKUME~1\***\LOKALE~1\Temp\86.tmp.exe
O4 - HKLM\..\Run: [85.tmp.exe] C:\DOKUME~1\***\LOKALE~1\Temp\85.tmp.exe
O4 - HKLM\..\Run: [86.tmp.exe] C:\DOKUME~1\***\LOKALE~1\Temp\86.tmp.exe
O4 - HKLM\..\Run: [ipki.exe] C:\WINDOWS\system32\ipki.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O10 - Hijacked *Internet access by WebHancer
O10 - Hijacked *Internet access by WebHancer
O10 - Hijacked *Internet access by WebHancer
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/...ms/hbtools.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipnh.exe
Das ist alles Müll, oder um es auf den Punkt zu bringen:
Setz das System neu auf und überdenke dein Patch- und Surfverhalten --> http://www.trojaner-board.de/showpos...28&postcount=2


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131