Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Brauche dringend Hilfe! (https://www.trojaner-board.de/12835-brauche-dringend-hilfe.html)

sweethovi 26.01.2005 22:33
Brauche dringend Hilfe!
 
Hallo!

Folgendes Problem:

Ich starte das Internet und ca. 15 Minuten später bekomme ich eine Fehlermeldung "generic Host process hat ein Problem festgestellt und muss beendet werden". Dann wird die Internetverbindung nach kurzer Zeit beendet. Bei nochmaliger Verbindung, bekomme ich eine Verbindung, aber ich bekomme keine I-Net Seiten angezeigt. Ich muss den Pc neustarten damit wieder alles klappt!

Ich habe Win. XP Home.

Logfile of HijackThis v1.99.0
Scan saved at 22:20:55, on 26.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\Winamp\Winampa.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\sysaq.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Programme\CashBack\bin\cashback.exe
C:\Programme\ISTsvc\istsvc.exe
C:\Programme\BullsEye Network\bin\bargains.exe
C:\Programme\NaviSearch\bin\nls.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\Program Files\Aahkqa\Neoxvl.exe
C:\WINDOWS\system32\pcupelnpn.exe
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
E:\Programme\Spamihilator\spamihilator.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\p6.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\WINDOWS\Downloaded Program Files\eBayTBar.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Dokumente und Einstellungen\Eddi\Startmenü\Programme\Autostart\winupdate78727476[1].exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\crue.exe
C:\Programme\Messenger\msmsgs.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\WINDOWS\System32\p3.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Netscape\Netscape\Netscp.exe
C:\Dokumente und Einstellungen\Eddi\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis199.zip\HijackThis.exe

sweethovi 26.01.2005 22:35
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.52/1269/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.191.52/1269/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.52/1269/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hmfkm.dll/sp.html#44376
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.52/1269/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.191.52/1269/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.52/1269/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hmfkm.dll/sp.html#44376
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.191.52/1269/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\System32\MTC.dll
O2 - BHO: (no name) - {D2B4826F-8417-BA3B-EB85-58BC0D6D86BF} - C:\WINDOWS\syslr.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\System32\MTC.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [sysaq.exe] C:\WINDOWS\system32\sysaq.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [CashBack] C:\Programme\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programme\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [NaviSearch] C:\Programme\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\Programme\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [Ckhls] C:\Program Files\Aahkqa\Neoxvl.exe
O4 - HKLM\..\Run: [E9B842F3] C:\WINDOWS\system32\pcupelnpn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Internet Content Publisher] icp.exe
O4 - HKLM\..\Run: [MSPluginSrvc] p3.exe
O4 - HKLM\..\Run: [MSNPluginSrvcs] p6.exe
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\rundll32.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKLM\..\RunServices: [Internet Content Publisher] icp.exe
O4 - HKLM\..\RunServices: [MSPluginSrvc] p3.exe
O4 - HKLM\..\RunServices: [MSNPluginSrvcs] p6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [Spamihilator] "e:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [E9B842F3] C:\WINDOWS\system32\pcupelnpn.exe
O4 - HKCU\..\Run: [Internet Content Publisher] icp.exe
O4 - HKCU\..\Run: [MSPluginSrvc] p3.exe
O4 - HKCU\..\Run: [MSNPluginSrvcs] p6.exe
O4 - Startup: winupdate78727476[1].exe
O4 - Global Startup: BrowserStar-Auto.lnk = C:\Programme\BrowserStar\BrowserStar.exe
O4 - Global Startup: Corel Family & Friends Erinnerungsfunktionen.LNK = E:\Corel\Print House Magic\cffrem.exe
O4 - Global Startup: eBay Toolbar.LNK = ?
O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Kalendar Checker 4.0 SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar3.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

sweethovi 26.01.2005 22:36
C:\Programme\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O13 - WWW Prefix: http://69.50.191.50/?
O13 - WWW. Prefix: http://
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {00000000-7777-0704-0B53-2C8830E9FAEC} - http://gn.one2bill.de/soft/axload.cab
O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} - http://download.ebay.com/toolbar/de/eBayTBar.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://start.online-dialer.com/cax.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Cl...ridge-c139.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/de/games4.cab
O16 - DPF: {9EAC0186-5F5A-4362-B120-15C312CE012D} - http://www.awmdabest.com/cabl/319/tb.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA56E882-5AD1-4015-9339-609545A550F2}: NameServer = 217.237.150.97 217.237.149.161
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O21 - SSODL: IntegrityChecker - {481FD58C-579B-45A7-B3CA-F60F91ACE934} - C:\WINDOWS\System32\licmd400.dll
O21 - SSODL: IntegrityMonitor - {C0138CF0-E527-427A-A13C-1736401E56E9} - C:\WINDOWS\System32\tractui2.exe
O21 - SSODL: MSSQLMonitor - {354F8B42-4977-4298-AEBA-B5216170F1E6} - C:\WINDOWS\System32\kbdlrsda.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Licensing Detect Internet Connection - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\crue.exe


Danke für Antworten!!

LG, Anja


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:10 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129