Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bitte Hijack.log prüfen (https://www.trojaner-board.de/18562-bitte-hijack-log-pruefen.html)

mursain 03.06.2005 15:48
Bitte Hijack.log prüfen
 
Beim Starten des Internetexplorers und aufrufen einer Internetadresse wird automatisch diese URL aufgerufen.
213.193.215.174/ssredir/gr.html

Kann sich jemand die Mühe machen und mal mein Logfile checken? Danke!!!! :o


Hier ist das Log (einen Eintrag mit hot-tats oder so habe ich schon gelöscht):
Logfile of HijackThis v1.99.1
Scan saved at 11:18:13, on 03.06.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\WINNT\System32\qttask.exe
C:\Programme\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programme\Microsoft Hardware\Mouse\point32.exe
C:\Programme\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Programme\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programme\Netropa\Onscreen Display\OSD.exe
C:\WINNT\System32\hkcmd.exe
C:\Programme\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Tivoli\lcf\dat\1\Mobile\mobile.exe
C:\Programme\ePOAgent\Common Framework\UpdaterUI.exe
C:\WINNT\system32\internat.exe
C:\Programme\Notes\NLNOTES.EXE
C:\Programme\Notes\ntaskldr.EXE
C:\Programme\Microsoft Office\Office\MSACCESS.EXE
C:\Programme\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Tivoli\Desktop\tivoli.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\System32\mshta.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\HijackThis.exe




O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programme\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [lcfep] "C:\Programme\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe"
O4 - HKLM\..\Run: [SwdisUsrPCN.DEPHBRSAA1DT68U] "C:\PROGRA~1\Tivoli\lcf\dat\1\cache\lib\w32-ix86\wdusrpcn.exe" "C:\Programme\Tivoli\swdis\1\wdusrpcn.env"
O4 - HKLM\..\Run: [Mobile] "C:\Programme\Tivoli\lcf\dat\1\Mobile\epspawn.exe" -w "C:\Programme\Tivoli\lcf\dat\1\Mobile" "C:\Programme\Tivoli\lcf\dat\1\Mobile\mobile.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\ePOAgent\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\PLUGINS\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://pww.de.ms.philips.com
O16 - DPF: JavaConnect - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\JavaConnect.cab
O16 - DPF: Sametime BroadCast Client ST31 - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STBroadcastClient.cab
O16 - DPF: Sametime Directory Applet ST31 - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STDirectoryApplet.cab
O16 - DPF: Sametime Meeting Room Client ST31 - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STMeetingRoomClient.cab
O16 - DPF: {719433EA-60DE-45A8-8255-115826F16D5B} (STConnectivityAgent Control) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\InstallSTConnAgent.cab
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STJNILoader.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Programme\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Programme\ePOAgent\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programme\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Programme\Oracle\ora81\bin\ONRSD.EXE
O23 - Service: Tivoli Remote Control Service (TME10RC) - IBM Corporation - C:\WINNT\RCSERV.EXE


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:01 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19