Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   LogFile bitte. (https://www.trojaner-board.de/8062-logfile-bitte.html)

PHILIPS A 03.10.2004 13:10
LogFile bitte.
 
Guten Tag

können sie mir bitte dieses file auswerten ?

Logfile of HijackThis v1.98.2
Scan saved at 13:38:06, on 2004-10-03
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system32\sysdpt.exe
C:\Program\iWare\iWare Mouse\3.2\lwbwheel.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program\Winamp\winampa.exe
C:\Program\NORTON~1\navapw32.exe
C:\Program\D-Tools\daemon.exe
C:\Program\Hotbar\bin\4.4.6.0\WeatherOnTray.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\Delade filer\CMEII\CMESys.exe
C:\Program\Save\Save.exe
C:\Program\WHENUS~1\Search.exe
C:\Program\WHENUS~1\whse.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\WeatherCast\Weather.exe
C:\Program\ClockSync\Sync.exe
c:\program\intern~1\iexplore.exe
C:\Program\Delade filer\GMT\GMT.exe
C:\Program\PrecisionTime\PrecisionTime.exe
C:\Program\WebSecureAlert\WebSecureAlert.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program\MediaKey\OSD.EXE
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\MediaKey\Versato.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\rsvp.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Documents and Settings\Kamaran\Mina dokument\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.csofnlbfucyuagvzvlwmzz.co.../GieNDRsFQ.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mavnawxjpilovcecnocfxnni.net/...piGGQDfVQM.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F3 - REG:win.ini: run=c:\windows\system32\sysdpt.exe
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - **¦C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - **¦C:\Program\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Program\DashBar\DashBar17.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program\iWare\iWare Mouse\3.2\lwbwheel.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program\Hotbar\bin\4.4.6.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [move multi] C:\Program\GLUESO~1\ProxyMpeg.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program\Delade filer\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [WhenUSave] "C:\Program\Save\Save.exe"
O4 - HKLM\..\Run: [WhenUSearch] C:\Program\WHENUS~1\Search.exe
O4 - HKLM\..\Run: [WhenUSearchWHSE] C:\Program\WHENUS~1\whse.exe
O4 - HKLM\..\Run: [Sysdpt] c:\windows\system32\sysdpt.exe
O4 - HKCU\..\Run: [Versato] C:\Program\MediaKey\MagicRun.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WeatherCast] "C:\Program\WeatherCast\Weather.exe" /q
O4 - HKCU\..\Run: [ClockSync] "C:\Program\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [Sysdpt] c:\windows\system32\sysdpt.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: GStartup.lnk = C:\Program\Delade filer\GMT\GMT.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: WebSecureAlert.lnk = C:\Program\WebSecureAlert\WebSecureAlert.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binarie...tc32_EN_XP.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {A02780C3-7F77-4E28-855B-28890F3CF37A} - http://akamai.downloadv3.com/binarie...34_pack_XP.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binarie...34_pack_XP.cab
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstWCDT.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab

danke erstmal.

chaosman 03.10.2004 18:38
@PHILIPS A
lade escan hier
http://www.mwti.net/antivirus/free_utilities.asp
entpacke es nach c:\bases (erstellen)
update es wie hier beschrieben
http://www.trojaner-board.de/42731-escan-anleitung.html

fixe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.csofnlbfucyuagvzvlwmzz.c...E/GieNDRsFQ.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mavnawxjpilovcecnocfxnni.net...vpiGGQDfVQM.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F3 - REG:win.ini: run=c:\windows\system32\sysdpt.exe
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [CMESys] "C:\Program\Delade filer\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [WhenUSearch] C:\Program\WHENUS~1\Search.exe
O4 - HKLM\..\Run: [WhenUSearchWHSE] C:\Program\WHENUS~1\whse.exe
O4 - HKLM\..\Run: [Sysdpt] c:\windows\system32\sysdpt.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Sysdpt] c:\windows\system32\sysdpt.exe
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binari...dtc32_EN_XP.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
O16 - DPF: {A02780C3-7F77-4E28-855B-28890F3CF37A} - http://akamai.downloadv3.com/binari...034_pack_XP.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binari...034_pack_XP.cab
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstWCDT.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
dann in denn abgesicherten modus gehen
folgende dateien manuell löschen
:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\Delade filer\CMEII\CMESys.exe
C:\Program\Save\Save.exe
C:\Program\WHENUS~1\Search.exe
C:\Program\WHENUS~1\whse.exe
C:\Program\Delade filer\GMT\GMT.exe

systemwiederherstellung deaktivieren
temp files löschen
C:\Dokumente und Einstellungen\*Benutername*\Lokale Einstellungen\Temp
C:\WINDOWS\Downloaded Program Files
C:\Dokumente und Einstellungen\*Benutername*\Lokale Einstellungen\Temporary Internet Files
escan starten
neu starten
danach mit HJT ein neues logfile hier im board posten
chaosman

PHILIPS A 03.10.2004 20:13
Hi Chaosman

[ in denn abgesicherten modus gehen
folgende dateien manuell löschen]
:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\Delade filer\CMEII\CMESys.exe
C:\Program\Save\Save.exe
C:\Program\WHENUS~1\Search.exe
C:\Program\WHENUS~1\whse.exe
C:\Program\Delade filer\GMT\GMT.exe

was sind diese Dateien Virus oder was sind diese bitte ?

chaosman 03.10.2004 20:38
@PHILIPS A
du hast mehrere progamme oben die spyware auf den pc holen.
kuckst du hier
http://www.pestpatrol.com/PestInfo/s/search-exe.asp
http://www.neuber.com/taskmanager/de...mesys.exe.html
http://www.neuber.com/taskmanager/de.../save.exe.html
der enthält spyware
\Program\Messenger Plus! 3\MsgPlus.exe
versuche es doch mal mit googlen
chaosman

PHILIPS A 03.10.2004 21:18
wenn ich "MsgPlus.exe" lösche, bleibt das MessengerProgramm bestehen ? oder kommt es auch durcheinander ?

MfG

MountainKing 03.10.2004 23:10
Das dürfte den Messenger nicht beeinträchtigen es ist nur ein Zusatztool von einer anderen Firma.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:24 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131