was muss ich in meiner logfile fixen???

tobstarr · 19.01.2005, 18:47

wäre wirklich nett, wenn sich mal jemand meine logfile anschaut und mir mit rat zur seite steht.
vorab schonmal ein riesiges DANKE!

hier jetzt meine logfile:
Logfile of HijackThis v1.99.0
Scan saved at 18:22:00, on 19.01.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMME\T-DSL SPEEDMANAGER\SPEEDMGR.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMME\TROJANCHECK 6\TCGUARD.EXE
C:\PROGRAMME\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAMME\TELEDAT\IWATCH.EXE
C:\PROGRAMME\FINEPIXVIEWER\QUICKDCF.EXE
C:\WINDOWS\PROFILES\TOBIAS\DESKTOP\ENTZIPPEN\WINZIP\WZQKPICK.EXE
C:\PROGRAMME\T-DSL SPEEDMANAGER\TSMSVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\ADOBE\ACROBAT 4.0\READER\ACRORD32.EXE
C:\T-Online\BSW3\ONLINE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\PROFILES\TOBIAS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.vroomsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vroomsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.vroomsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.vroomsearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.vroomsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAMME\SURFSIDEKICK 2\SSKBHO.DLL (file missing)
O2 - BHO: Advertiser Class - {53D3C442-8FEE-4784-9A21-6297D39613F0} - C:\WINDOWS\SYSTEM\WINAD2.DLL (file missing)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL (file missing)
O2 - BHO: (no name) - {5D4D2A59-2CE3-4863-92C4-D088A597A13B} - C:\WINDOWS\SYSTEM\PHM.DLL (file missing)
O2 - BHO: (no name) - {CB7E4545-86A0-895B-843E-8C4DF7A772C6} - C:\WINDOWS\SYSTEM\RIHF.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\YSB.DLL
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:\PROGRAMME\IEMENUEXTENSION\TBEXTN.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRAMME\T-DSL SPEEDMANAGER\SPEEDMGR.EXE"
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKLM\..\Run: [ErrorGuard] C:\PROGRAMME\ERRORGUARD\ERRORGUARD.Exe
O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\PROGRAMME\TROJANCHECK 6\TCGUARD.EXE
O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAMME\SURFSIDEKICK 2\Ssk.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Reminder] C:\Programme\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAMME\SURFSIDEKICK 2\Ssk.exe
O4 - HKCU\..\RunServices: [Reminder] C:\Programme\Microsoft Money\System\reminder.exe
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [SurfSideKick 2] C:\PROGRAMME\SURFSIDEKICK 2\Ssk.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: ISDNWatch.lnk = C:\Programme\Teledat\IWatch.exe
O4 - Startup: Exif Launcher.lnk = C:\Programme\FinePixViewer\QuickDCF.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\WINDOWS\Profiles\Tobias\Desktop\entzippen\WinZip\WZQKPICK.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: ISDNWatch.lnk = C:\Programme\Teledat\IWatch.exe
O4 - User Startup: Exif Launcher.lnk = C:\Programme\FinePixViewer\QuickDCF.exe
O4 - User Startup: WinZip Quick Pick.lnk = C:\WINDOWS\Profiles\Tobias\Desktop\entzippen\WinZip\WZQKPICK.EXE
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAMME\YAHOO!\MESSENGER\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAMME\YAHOO!\MESSENGER\YPAGER.EXE (file missing)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O16 - DPF: {52290B25-D07A-43B5-84D8-493116D50FA0} (WebPlugin Class) - http://webinstall.tscash.com/webinstall.cab
O16 - DPF: {6D53CD8D-A3DE-41AF-806E-CAA00336AE1B} (acceler8or) - http://www.clubhardcore.de/wlpopup/acceler8or.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.serviceurl.de/StarInstall.ocx
O16 - DPF: {00000000-5555-0704-0B53-2C8830E9FAEC} - http://install.questnet.de/soft/ieloader.cab
O16 - DPF: {13258718-B804-4092-8496-55F80AEDBF1F} (TSCPlugin Class) - http://download.tscash.com/static/TSCash3noS.cab
O16 - DPF: {8699D723-6DC6-47D3-B55C-489BA006B917} - http://www.tanja.nu/mullekken/webinstall.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://iframedollars.biz/dl/adv480/x.chm::/load.exe
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int4.exe
O16 - DPF: {EEF29D20-9A47-4657-ADF7-283EC2504001} - http://download.bigwebportal.com/toolbar2/winenc32.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://www.globalphon.com/dialer/internazionale_ver4.CAB
O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) - http://www9.advnt01.com/dialer/win98_P.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.121.252,192.168.121.253
O18 - Filter: text/html - {6B18EC62-8B55-4D66-A42E-47390756FBEC} - C:\WINDOWS\SYSTEM\PHM.DLL
O18 - Filter: text/plain - {6B18EC62-8B55-4D66-A42E-47390756FBEC} - C:\WINDOWS\SYSTEM\PHM.DLL
O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - C:\WINDOWS\SYSTEM\child.dll (file missing)

aktive Links deaktiviert wegen => http://www.trojaner-board.de/showthread.php?t=31832
12.09.2006 Shadow

Rene-gad · 19.01.2005, 19:35

Hallo tobstarr

Zitat:

Platform: Windows ME (Win9x 4.90.3000)

Mit ME kenn ich mich nicht aus, vermute aber, dass die aktuellste Updates fehlen

Zitat:

MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Ist schon längs out und bietet den Hackern verscheidene Möglichkeiten, den PC zu knacken und als Wurmschleuder verwenden.

Zitat:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = h**p://www.vroomsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.vroomsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.vroomsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.vroomsearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.vroomsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = h**p://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = h**p://213.159.117.134/index.php

Müll sowie Links für DL eines Dialers/Trojaners, den hast du schon irgendwo...

Zitat:

R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAMME\SURFSIDEKICK 2\SSKBHO.DLL (file missing)
O2 - BHO: Advertiser Class - {53D3C442-8FEE-4784-9A21-6297D39613F0} - C:\WINDOWS\SYSTEM\WINAD2.DLL (file missing)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL (file missing)
O2 - BHO: (no name) - {5D4D2A59-2CE3-4863-92C4-D088A597A13B} - C:\WINDOWS\SYSTEM\PHM.DLL (file missing)

Fehlende Dateien. Übrigens : SurfSideKick ist Adware - Finger weg.

Zitat:

O2 - BHO: (no name) - {CB7E4545-86A0-895B-843E-8C4DF7A772C6} - C:\WINDOWS\SYSTEM\RIHF.DLL

Das ist mir nicht bekannt. Aus dem Grund, dass die DLL in System-Verzeichnis liegt, würde ich sie mit http://www.kaspersky.com/de/scanforvirus scannen.

Zitat:

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

Ist ein gutes Tool! Warum benutzst du es nicht?

Zitat:

O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\YSB.DLL
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:\PROGRAMME\IEMENUEXTENSION\TBEXTN.DLL

O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKLM\..\Run: [ErrorGuard]

Müll

Zitat:

O4 - HKLM\..\Run: [ErrorGuard]
C:\PROGRAMME\ERRORGUARD\ERRORGUARD.Exe

Ad- und Spyware- Finger weg.

Zitat:

O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\PROGRAMME\TROJANCHECK 6\TCGUARD.EXE

Dieses Projekt wird nicht weiter entwickelt, die Benutzung vom Programm hat keinen Sinn. Einfach deinstallieren.

Zitat:

O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAMME\SURFSIDEKICK 2\Ssk.exe

Ad-Ware -Wie schon gesagt.
....
Sorry, ich habe meine Analyse gestoppt. Und das aus einem einzigen Grund: du musst deine Kiste sowieso Platt machen, Win neu installieren, alle Passwörter wechseln, Update-Seite von Microsoft unbedingt besuchen.
Die Seite auch: http://faq.underflow.de/

aktive schädliche Links deaktiviert wegen => http://www.trojaner-board.de/showthread.php?t=31832
Shadow 12.09.2006

was muss ich in meiner logfile fixen???

Log-Analyse und Auswertung: was muss ich in meiner logfile fixen???

surfsidekick2 & co??? wie ist damit umzugehen???

was muss ich in meiner logfile fixen???

Ähnliche Themen: was muss ich in meiner logfile fixen???