Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Dloader und HideRun! BITTE HELFT!!!! (https://www.trojaner-board.de/10568-dloader-hiderun-bitte-helft.html)

NotAnAddict 08.12.2004 20:59
Dloader und HideRun! BITTE HELFT!!!!
 
OH; ich glaub ich habs... könnt Ihr Lieben mir vielleicht helfen? :heilig:

Logfile of HijackThis v1.98.2
Scan saved at 20:41:05, on 08.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\0900WA~1\w0svc.exe
D:\AVGUARD.EXE
D:\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\ltmoh\Ltmoh.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\System32\winmplayers.exe
C:\WINDOWS\System32\spoolsv32.exe
C:\WINDOWS\System32\syswin32.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\msdos.exe
D:\AVGNT.EXE
C:\PROGRA~1\0900WA~1\WARN0900.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\System32\slmss.exe
C:\Programme\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\System32\bsc32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\msgrsv32.exe
C:\Programme\Yahoo!\Messenger\ypager.exe
C:\Programme\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\WINDOWS\ISW\netcol.dsl\signup\ncdial.exe
C:\Programme\BullsEye Network\bin\bargains.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Cadi\Eigene Dateien\hijackthis_198\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internetcologne.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.internetcologne.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internetcologne.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...ount_id=1001613
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.internetcologne.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\EliteToolBar version 57.dll (file missing)
O2 - BHO: BHO Class - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [Microsoft media] winmplayers.exe
O4 - HKLM\..\Run: [USB Device] win32usb.exe
O4 - HKLM\..\Run: [Msn Messenger] msnmsgs.exe
O4 - HKLM\..\Run: [scvhost] spoolsv32.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] syswin32.exe
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programme\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [dlite] dllmanager.exe
O4 - HKLM\..\Run: [notepad.exe] C:\WINDOWS\iexplorer.exe
O4 - HKLM\..\Run: [Adobe] C:\WINDOWS\msdos.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\AVGNT.EXE /min
O4 - HKLM\..\Run: [0900 Warner] C:\PROGRA~1\0900WA~1\WARN0900.EXE
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Windows Update] slmss.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programme\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\kbicuco.exe
O4 - HKLM\..\Run: [Windows Registry Server] spoolsvc.exe
O4 - HKLM\..\Run: [System CPL manager] syhqkxu.exe
O4 - HKLM\..\Run: [Microsoft Services] C:\WINDOWS\System32\bsc32.exe
O4 - HKLM\..\Run: [svshost32] C:\WINDOWS\System32\msgrsv32.exe
O4 - HKLM\..\RunServices: [Microsoft media] winmplayers.exe
O4 - HKLM\..\RunServices: [USB Device] win32usb.exe
O4 - HKLM\..\RunServices: [Msn Messenger] msnmsgs.exe
O4 - HKLM\..\RunServices: [scvhost] spoolsv32.exe
O4 - HKLM\..\RunServices: [Microsoft WinUpdate] syswin32.exe
O4 - HKLM\..\RunServices: [dlite] dllmanager.exe
O4 - HKLM\..\RunServices: [Windows Registry Server] spoolsvc.exe
O4 - HKLM\..\RunServices: [System CPL manager] syhqkxu.exe
O4 - HKLM\..\RunServices: [Microsoft Services] C:\WINDOWS\System32\bsc32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Msn Messenger] msnmsgs.exe
O4 - HKCU\..\Run: [Microsoft WinUpdate] syswin32.exe
O4 - HKCU\..\Run: [dlite] dllmanager.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [System CPL manager] syhqkxu.exe
O4 - HKCU\..\RunServices: [Msn Messenger] msnmsgs.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKCU\..\RunOnce: [Windows Update] slmss.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Programme\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: v3cab - http://searchmiracle.com/cab/12.cab
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...9f7220940378be6
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1100888130337
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares...ysb_regular.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BD65F8A-919B-4969-8A7E-7095E5EC18CB}: NameServer = 81.173.194.68 194.8.194.60
O18 - Filter: text/html - {DC1A94FD-6181-4009-B7A2-5B457AAB72A3} - C:\Dokumente und Einstellungen\Cadi\Lokale Einstellungen\Anwendungsdaten\microsoft\internet explorer\V0.26.dat

cacatoa 08.12.2004 21:30
Der thread ist andernorts schon erldedigt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:38 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28