Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner Schwarzer Desktop (https://www.trojaner-board.de/20110-trojaner-schwarzer-desktop.html)

hoermi 23.07.2005 12:29
Trojaner Schwarzer Desktop
 
Habe mir da was eingefangen....


könnt ihr mit bitte helfen das ding los zu bekommen

Logfile of HijackThis v1.99.1
Scan saved at 13:21:15, on 23.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
F:\AVPersonal\AVGUARD.EXE
F:\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\sstray.exe
F:\Programme\ASUS\Probe\AsusProb.exe
F:\Logitech\iTouch\iTouch.exe
F:\QuickTime\qttask.exe
f:\Logitech\MouseWare\system\em_exec.exe
F:\AVPersonal\AVSched32.EXE
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
F:\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\tppaldr.exe
F:\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
F:\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\rundll32.exe
F:\WinSweep\WSMonitor.exe
F:\Spybot - Search & Destroy\TeaTimer.exe
F:\FRITZ!\IWatch.exe
F:\DeTeMedien\Das Telefonbuch für Deutschland\OMAlarm.exe
F:\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\3com\Connection Assistant\bin\mpbtn.exe
F:\ICQ\ICQ.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\intmonp.exe
F:\Avant Browser\avant.exe
f:\WinRAR\WinRAR.exe
C:\DOKUME~1\Daniel\LOKALE~1\Temp\Rar$EX00.906\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ttjdt.dll/sp.html#94115
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ttjdt.dll/sp.html#94115
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ttjdt.dll/sp.html#94115
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ttjdt.dll/sp.html#94115
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hpB99D.tmp (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ASUS Probe] f:\Programme\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SmcService] F:\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] f:\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVSCHED32] F:\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVGCtrl] F:\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [WINSWEEP] F:\WinSweep\WINSWEEP.Exe /AUTO
O4 - HKCU\..\Run: [WINSWEEP Popupblocker] F:\WinSweep\WSPopup.Exe /STEP1 /SOUND
O4 - HKCU\..\Run: [SpybotSD TeaTimer] f:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 3Com Connection Assistant.lnk = C:\Program Files\3com\Connection Assistant\bin\matcli.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = F:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ISDNWatch.lnk = F:\FRITZ!\IWatch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: OfficeManager Terminerinnerung.lnk = ?
O4 - Global Startup: SATARaid.lnk = F:\Silicon Image\SiISATARaid\SATARaid.exe
O4 - Global Startup: TVG WebServer.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Alle Bilder von gleichem Server filtern - F:\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Hervorheben - F:\Avant Browser\Highlight.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Suchen - F:\Avant Browser\Search.htm
O8 - Extra context menu item: Zur Werbebanner-Filterliste hinzufügen - F:\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Öffne alle Links auf dieser Seite... - F:\Avant Browser\OpenAllLinks.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - F:\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - F:\ICQ\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://*.63.219.181.7
O16 - DPF: {00000000-7777-0704-0B53-2C8830E9FAEC} - http://212.79.237.40/videoplay.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...bridge-c18.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.75tz.com/codac/inst2_ax.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/mail/fotoalbum/...pload_1125.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EB9B42C-2CA7-4B3A-B268-FE2AD14D187E}: NameServer = 199.166.31.3,199.5.157.128
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7AABEBC-9EBE-4CB2-9E5D-804EBA4AAC35}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EB9B42C-2CA7-4B3A-B268-FE2AD14D187E}: NameServer = 199.166.31.3,199.5.157.128
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EB9B42C-2CA7-4B3A-B268-FE2AD14D187E}: NameServer = 199.166.31.3,199.5.157.128
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Sygate\SPF\smc.exe


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:18 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131