| |
| |||||||
Mülltonne: Verdacht auf Tr. HiJackThis log auswerten bitteWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
05.12.2008, 12:11
| #1 |
| |  Verdacht auf Tr. HiJackThis log auswerten bitte Also ich habe einen Verdacht auf einen Trojaner auf meinen Pc kann mich aber auch irrn wäre schön wenn ihr das logfile mal durchschaut Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:06:25, on 05.12.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: E:\WINDOWS.0\System32\smss.exe E:\WINDOWS.0\system32\winlogon.exe E:\WINDOWS.0\system32\services.exe E:\WINDOWS.0\system32\lsass.exe E:\WINDOWS.0\system32\svchost.exe E:\WINDOWS.0\System32\svchost.exe E:\WINDOWS.0\system32\TASKMAN.EXE E:\WINDOWS.0\system32\spoolsv.exe E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe E:\Programme\Windows32\bcserver.service E:\Programme\Bonjour\mDNSResponder.exe C:\Tobit ClipInc\Server\ClipInc-Server.exe E:\Programme\FileZilla Server\FileZilla Server.exe E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe E:\Programme\Icecast2 Win32\icecastService.exe E:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe E:\WINDOWS.0\system32\nvsvc32.exe E:\WINDOWS.0\system32\PnkBstrA.exe E:\WINDOWS.0\system32\PnkBstrB.exe E:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe E:\WINDOWS.0\system32\RUNDLL32.EXE E:\WINDOWS.0\RTHDCPL.EXE E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe E:\Programme\Winamp\winampa.exe E:\WINDOWS.0\system32\ctfmon.exe E:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Tobit ClipInc\Player\ClipIncTray.exe E:\WINDOWS.0\system32\svchost.exe E:\Programme\Java\jre6\bin\jqs.exe E:\WINDOWS.0\system32\drwtsn32.exe E:\WINDOWS.0\system32\wbem\wmiapsrv.exe E:\WINDOWS.0\system32\drwtsn32.exe E:\Programme\Cain\Cain.exe E:\WINDOWS.0\explorer.exe E:\Programme\No-IP\DUC20.exe E:\Programme\Trend Micro\HijackThis\HijackThis.exe E:\Programme\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - E:\Programme\AskBarDis\bar\bin\askBar.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - E:\Programme\Winamp Toolbar\winamptb.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Programme\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Programme\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:\Programme\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - E:\Programme\Winamp Toolbar\winamptb.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Programme\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS.0\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AVP] "E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LogonStudio] "E:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [WinampAgent] E:\Programme\Winamp\winampa.exe O4 - HKLM\..\RunOnce: [NSSInstallation] E:\WINDOWS.0\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS.0\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS.0\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS.0\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = E:\Programme\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Winamp Search - E:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Alles mit FDM herunterladen - file://E:\Programme\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://E:\Programme\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://E:\Programme\Free Download Manager\dllink.htm O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: RF - Formular ausfüllen - file://E:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RF - Formular speichern - file://E:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: RF - Menü anpassen - file://E:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - file://E:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Videos mit FDM herunterladen - file://E:\Programme\Free Download Manager\dlfvideo.htm O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6\ICQ.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll O23 - Service: Adobe LM Service - Adobe Systems - E:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Icecast-trunk Streaming Media Server (Icecast-trunk) - Unknown owner - E:\Programme\Icecast2 Win32\icecastService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS.0\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Programme\WinPcap\rpcapd.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe -- End of file - 9264 bytes mfg southpark |
| Themen zu Verdacht auf Tr. HiJackThis log auswerten bitte |
| adobe, ask toolbar, askbar, auswerten, bho, bonjour, einstellungen, excel, explorer, firefox, free download, google, hijack, hijackthis, hijackthis log, hkus\s-1-5-18, internet, internet explorer, jusched.exe, kaspersky, log auswerten, logfile, mozilla, no-ip, object, plug-in, rundll, security, security suite, software, studio, system, trojaner, windows, windows xp, windows32 |
