Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   HijackThis auswertung !!! pls (https://www.trojaner-board.de/52769-hijackthis-auswertung-pls.html)

NothingToxic 21.05.2008 15:10
Neues HijackThis Scan LogFile

HijackThis Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:09:30, on 21.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Silvercrest MTS2118 driver\KMWDSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Silvercrest MTS2118 driver\StartAutorun.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\Silvercrest MTS2118 driver\KMConfig.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programme\Silvercrest MTS2118 driver\KMProcess.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Programme\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KMCONFIG] C:\Programme\Silvercrest MTS2118 driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/.../GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.pe.schuelervz.net/phot...che=1203188682
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://static.pe.schuelervz.net/phot...che=1205972368
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Programme\Silvercrest MTS2118 driver\KMWDSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

NothingToxic 21.05.2008 15:20
iClean logFile:

iclean log 21.05.2008 16:11:36

Windows XP SP2, Using advanced Kernel functions

Processes
---------
488 - \SystemRoot\System32\smss.exe - \SystemRoot\System32\smss.exe
536 - \??\C:\WINDOWS\system32\csrss.exe - \??\C:\WINDOWS\system32\csrss.exe
560 - \??\C:\WINDOWS\system32\winlogon.exe - \??\C:\WINDOWS\system32\winlogon.exe
604 - C:\WINDOWS\system32\services.exe - Anwendung für Dienste und Controller
616 - C:\WINDOWS\system32\lsass.exe - LSA Shell (Export Version)
768 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
824 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
888 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
948 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
1104 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
1264 - C:\WINDOWS\system32\spoolsv.exe - Spooler SubSystem App
1384 - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe - Antivirus Scheduler
1396 - AppleMobileDevi - AppleMobileDevi
1552 - C:\WINDOWS\Explorer.EXE - Windows Explorer
1680 - GoogleUpdaterSe - GoogleUpdaterSe
1704 - C:\Programme\Silvercrest MTS2118 driver\KMWDSrv.exe - Keyboard And Mouse Communication Service
1916 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
1964 - C:\WINDOWS\system32\wdfmgr.exe - Windows User Mode Driver Manager
236 - C:\WINDOWS\SOUNDMAN.EXE - Realtek Sound Manager
248 - StartAutorun.ex - StartAutorun.ex
264 - GoogleDesktop.e - GoogleDesktop.e
280 - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe - RealNetworks Scheduler (Signed)
364 - C:\Programme\Messenger\msmsgs.exe - Windows Messenger
372 - SUPERAntiSpywar - SUPERAntiSpywar
384 - C:\Programme\Silvercrest MTS2118 driver\KMConfig.exe - USB Keyboard And PS/2 Keyboard Driver
1444 - GoogleDesktop.e - GoogleDesktop.e
1564 - C:\Programme\Silvercrest MTS2118 driver\KMProcess.exe - Keyboard And Mouse Processing
2056 - C:\WINDOWS\System32\alg.exe - Application Layer Gateway Service
2084 - C:\WINDOWS\system32\wscntfy.exe - Windows Security Center Notification App
2720 - C:\WINDOWS\system32\wuauclt.exe - Windows Update Automatic Updates (Signed)
2948 - C:\Programme\Mozilla Firefox\firefox.exe - Firefox (Signed)
3032 - C:\WINDOWS\System32\wbem\wmiprvse.exe - WMI
2864 - C:\Dokumente und Einstellungen\privat\Desktop\iclean.exe - Interactive Cleaner

Services
--------
C:\WINDOWS\system32\alg.exe=ALG
c:\programme\avira\antivir personaledition classic\sched.exe=AntiVirScheduler
c:\programme\gemeinsame dateien\apple\mobile device support\bin\applemobiledeviceservice.exe=Apple Mobile Device
C:\WINDOWS\system32\svchost.exe=AudioSrv
C:\WINDOWS\system32\svchost.exe=BITS
C:\WINDOWS\system32\svchost.exe=Browser
C:\WINDOWS\system32\svchost.exe=CryptSvc
C:\WINDOWS\system32\svchost.exe=DcomLaunch
C:\WINDOWS\system32\svchost.exe=Dhcp
C:\WINDOWS\system32\svchost.exe=dmserver
C:\WINDOWS\system32\svchost.exe=Dnscache
C:\WINDOWS\system32\svchost.exe=ERSvc
C:\WINDOWS\system32\services.exe=Eventlog
c:\windows\system32\svchost.exe=EventSystem
C:\WINDOWS\system32\svchost.exe=FastUserSwitchingCompatibility
c:\programme\google\common\google updater\googleupdaterservice.exe=gusvc
C:\WINDOWS\system32\svchost.exe=helpsvc
C:\WINDOWS\system32\svchost.exe=HidServ
c:\programme\silvercrest mts2118 driver\kmwdsrv.exe=KMWDSERVICE
C:\WINDOWS\system32\svchost.exe=lanmanserver
C:\WINDOWS\system32\svchost.exe=lanmanworkstation
C:\WINDOWS\system32\svchost.exe=LmHosts
C:\WINDOWS\system32\svchost.exe=Netman
C:\WINDOWS\system32\svchost.exe=Nla
C:\WINDOWS\system32\services.exe=PlugPlay
C:\WINDOWS\system32\lsass.exe=PolicyAgent
C:\WINDOWS\system32\lsass.exe=ProtectedStorage
C:\WINDOWS\system32\svchost.exe=RasMan
C:\WINDOWS\system32\svchost.exe=RemoteRegistry
C:\WINDOWS\system32\svchost.exe=RpcSs
C:\WINDOWS\system32\lsass.exe=SamSs
C:\WINDOWS\system32\svchost.exe=Schedule
C:\WINDOWS\system32\svchost.exe=seclogon
C:\WINDOWS\system32\svchost.exe=SENS
C:\WINDOWS\system32\svchost.exe=SharedAccess
C:\WINDOWS\system32\svchost.exe=ShellHWDetection
C:\WINDOWS\system32\spoolsv.exe=Spooler
C:\WINDOWS\system32\svchost.exe=srservice
C:\WINDOWS\system32\svchost.exe=SSDPSRV
C:\WINDOWS\system32\svchost.exe=stisvc
C:\WINDOWS\system32\svchost.exe=TapiSrv
C:\WINDOWS\system32\svchost.exe=TermService
C:\WINDOWS\system32\svchost.exe=Themes
C:\WINDOWS\system32\svchost.exe=TrkWks
c:\windows\system32\wdfmgr.exe=UMWdf
C:\WINDOWS\system32\svchost.exe=UxTuneUp
C:\WINDOWS\system32\svchost.exe=W32Time
C:\WINDOWS\system32\svchost.exe=WebClient
C:\WINDOWS\system32\svchost.exe=winmgmt
C:\WINDOWS\system32\svchost.exe=wscsvc
C:\WINDOWS\system32\svchost.exe=wuauserv
C:\WINDOWS\system32\svchost.exe=WZCSVC

Registry
--------
000=HKCU\Run: MSMSGS="c:\programme\messenger\msmsgs.exe" /background
000=HKCU\Run: SUPERAntiSpyware=c:\programme\superantispyware\superantispyware.exe
000=HKLM\Run: Adobe Reader Speed Launcher="c:\programme\adobe\reader 8.0\reader\reader_sl.exe"
000=HKLM\Run: Google Desktop Search="c:\programme\google\google desktop search\googledesktop.exe" /startup
000=HKLM\Run: KMCONFIG=c:\programme\silvercrest mts2118 driver\startautorun.exe
000=HKLM\Run: SoundMan=c:\windows\soundman.exe
000=HKLM\Run: TkBellExe="c:\programme\gemeinsame dateien\real\update_ob\realsched.exe" -osboot
001=Firewall bypass: %windir%\Network Diagnostic\xpnetdiag.exe=c:\windows\network diagnostic\xpnetdiag.exe
001=Firewall bypass: %windir%\system32\sessmgr.exe=c:\windows\system32\sessmgr.exe
001=Firewall bypass: C:\Programme\iTunes\iTunes.exe=c:\programme\itunes\itunes.exe
001=Firewall bypass: C:\Programme\Messenger\msmsgs.exe=c:\programme\messenger\msmsgs.exe
001=Firewall bypass: C:\Programme\Metin2_Germany\metin2.bin=c:\programme\metin2_germany\metin2.bin
020=SSODL: CDBurn=C:\WINDOWS\system32\shell32.dll
020=SSODL: PostBootReminder=C:\WINDOWS\system32\shell32.dll
020=SSODL: SysTray=c:\windows\system32\stobject.dll
020=SSODL: UPnPMonitor=c:\windows\system32\upnpui.dll
020=SSODL: WebCheck=C:\WINDOWS\system32\webcheck.dll
030=BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=(null) ()
030=BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=(null) ()
030=BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programme\google\googletoolbar1.dll (Google Toolbar Helper)
030=BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=c:\programme\google\googletoolbarnotifier\2.1.1119.1736\swg.dll (Google Toolbar Notifier BHO)
031=Toolbar: {01E04581-4EEE-11D0-BFE9-00AA005B4383}=C:\WINDOWS\system32\browseui.dll
031=Toolbar: {0E5CBF21-D15F-11D0-8301-00AA005B4383}=C:\WINDOWS\system32\shell32.dll
031=Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}=c:\programme\google\googletoolbar1.dll
031=Toolbar: {5617ECA9-488D-4BA2-8562-9710B9AB78D2}=(null)
031=Toolbar: {855F3B16-6D32-4FE6-8A56-BBB695989046}=(null)
031=Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}=c:\programme\google\googletoolbar1.dll
031=Toolbar: {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F}=c:\programme\systran\5.0\personal\ieplugin.dll

Startup Folders
---------------
Common: desktop.ini
Personal: desktop.ini

HOSTS
-----
# Copyright (c) 1993-1999 Microsoft Corp.

undoreal 21.05.2008 16:48
Halli hallo.
Zitat:
C:\Dokumente und Einstellungen\privat\Desktop\Multi-teil\Multi teil\M2 MULTIHACK 1.83 (beta) .exe
:zzwhip: löschen und nie wieder so einen Scheiß saugen! :kloppen:

Werte das eScan log bitte mit Hilfe der find.bat aus (wie in der Anleitung beschrieben) und poste das Ergebnis!


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:07 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131