Trojaner-Board - Log-Analyse

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Log-Analyse - BITTE (https://www.trojaner-board.de/43087-log-analyse-bitte.html)

Log-Analyse - BITTE

Logfile of HijackThis v1.99.1
Scan saved at 21:04:14, on 05.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programme\BitDefender\BitDefender 2008\vsserv.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Programme\Azureus\Azureus.exe
J:\PStart.exe
J:\PoRt4bL3\Sicherheit\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.hanf-spiel.de/?ID=48812
O1 - Hosts: 67.15.88.46 dau01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dcn01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 deu01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 djp01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dkr01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dmx01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dru01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dsa01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dtw01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 duk01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dus01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fau01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fcn01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 feu01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fjp01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fkr01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fmx01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fru01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fsa01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 ftw01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fuk01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fus01.ps3.update.playstation.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Programme\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: Alles mit FlashGet laden - G:\Volume\alte platte\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - G:\Volume\alte platte\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

die Speicherauslastung vom explorer ist kurz nach dem Start recht hoch, dabei läuft nix außer Bitdefender Antivirus

DANKE im Vorraus

Ne magere Fehlerbeschreibung und einen noch schlimmeren Titel hast Du da gepostet.:mad:

Lade CWS Shredder, klicke auf Fix und lasse das Tool durchlaufen.
Poste danach ein neues HJT Logfile und berichte was CWS Shredder gefunden hat.

Bata

Danke für die Antwort und endschuldigung das ich neu bin kaum/keine Ahnung hab und Hilfe suche.
Also CWS Shredder hat nix gefunden nachdem ich auf FIX geklickt habe.

Und hier nochmal die Log-File:
Logfile of HijackThis v1.99.1
Scan saved at 03:34:36, on 06.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programme\BitDefender\BitDefender 2008\vsserv.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
J:\PStart.exe
J:\PoRt4bL3\Sicherheit\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.hanf-spiel.de/?ID=48812
O1 - Hosts: 67.15.88.46 dau01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dcn01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 deu01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 djp01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dkr01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dmx01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dru01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dsa01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dtw01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 duk01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dus01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fau01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fcn01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 feu01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fjp01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fkr01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fmx01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fru01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fsa01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 ftw01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fuk01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fus01.ps3.update.playstation.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Programme\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: Alles mit FlashGet laden - G:\Volume\alte platte\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - G:\Volume\alte platte\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

DANKE

Zitat:

Zitat von BataAlexander (Beitrag 291929)

Ich will ja nichts sagen, aber für sowas gibts den Melde-Button. GUA Shadow werauchimmer werden sich dem annehmen! :juul::juul:
Wenn man sie nur lässt! :heilig: :bussi:

Aber wir sind entgegen meiner smilies auch kein Friedhof der Kuschelbytes! :mad:

:nixda::nixda:

Es reicht! :teufel2: