Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   HiJackThis log für "Virus versendet eigenständig nachrichten in msn und kann mit..." (https://www.trojaner-board.de/80045-hijackthis-log-virus-versendet-eigenstaendig-nachrichten-msn.html)

BazzKiD 04.12.2009 16:40
HiJackThis log für "Virus versendet eigenständig nachrichten in msn und kann mit..."
 
http://www.trojaner-board.de/80044-v...r-chatten.html


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:56, on 04.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINXP\System32\smss.exe
D:\WINXP\system32\winlogon.exe
D:\WINXP\system32\services.exe
D:\WINXP\system32\lsass.exe
D:\WINXP\system32\svchost.exe
D:\WINXP\System32\svchost.exe
D:\WINXP\system32\spoolsv.exe
D:\Programme\Avira\AntiVir Desktop\sched.exe
D:\Programme\Avira\AntiVir Desktop\avguard.exe
D:\WINXP\system32\nvsvc32.exe
D:\WINXP\system32\svchost.exe
D:\WINXP\Explorer.EXE
D:\WINXP\system32\RUNDLL32.EXE
D:\Programme\Avira\AntiVir Desktop\avgnt.exe
D:\WINXP\system32\rundll32.exe
D:\WINXP\System32\svchost.exe
D:\Programme\Windows Live\Messenger\msnmsgr.exe
D:\Programme\Windows Live\Contacts\wlcomm.exe
D:\WINXP\system32\ctfmon.exe
D:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
D:\PROGRA~1\FREEDO~1\fdm.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - D:\Programme\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - D:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programme\Free Download Manager\iefdm2.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - D:\Programme\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - D:\Dokumente und Einstellungen\DJ_BazzKid\Anwendungsdaten\Mozilla\Firefox\Profiles\nkx80b3z.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.78.dll (file missing)
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - D:\Programme\SHOUTcast Radio Toolbar\shoutcasttb.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - D:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINXP\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HControlUser] D:\Programme\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKHOTKEY] D:\Programme\ASUS\ATK Hotkey\HControl.exe
O4 - HKLM\..\Run: [ATKOSD2] D:\Programme\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] D:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power4Gear] D:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] D:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ExtremeSync Background Scheduler] D:\Programme\SuperFlexible\ExtremeSyncService.exe /TIMERASAPP /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [QuickTime Task] "D:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "D:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [DisplayFusion] "D:\Programme\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [Free Download Manager] D:\Programme\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Core Temp] "D:\DOKUME~1\DJ_BAZ~1\LOKALE~1\Temp\Rar$EX00.531\CoreTemp\CoreTemp32\Core Temp.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINXP\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINXP\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINXP\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = D:\Programme\DynDNS Updater\DynTray.exe
O8 - Extra context menu item: Alles mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://D:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlfvideo.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\winxp\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233865991859
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6548596-078E-462D-81BA-43A4921A4C11}: NameServer = 213.94.78.16 213.94.78.17
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - D:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - D:\Programme\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - D:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - D:\Programme\DynDNS Updater\DynUpSvc.exe
O23 - Service: FileZilla Server - FileZilla Project - C:\xampp\FileZillaFTP\FileZilla server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Mercury - Apache Friends - C:\xampp\xampp_service_mercury.exe
O23 - Service: MySQL - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINXP\system32\nvsvc32.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - D:\Programme\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\xampp\tomcat\bin\tomcat6.exe
O23 - Service: WTGService - Unknown owner - D:\Programme\3DataManager\WTGService.exe

--
End of file - 10822 bytes


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131