Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Zu viel Logitch Datein (O18) (https://www.trojaner-board.de/20898-viel-logitch-datein-o18.html)

OHL 17.08.2005 17:33
Zu viel Logitech Datein (O18)
 
Hiho

Da ich kein plan habe wie so ich so viele O18 - Enumeration of existing protocols and filters Von meinem maushersteller habe Poste ich die log und warte auf eure meinung... :dummguck:

Danke im vorraus :)

Logfile of HijackThis v1.99.1
Scan saved at 18:27:25, on 17.08.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\config\svchost.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\T-ONLINE\BSW4\ToDuCAlC.EXE
C:\Programme\teamspeak2_RC2\TeamSpeak.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Winamp\Winamp.exe
C:\Dokumente und Einstellungen\Paul\Desktop\nfsu\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online.de/software/ie401/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dlexport] C:\Programme\Windows Media Player\dlexport.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQ 4.0\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Service Process] C:\WINDOWS\system32\config\svchost.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [LDM] C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQ 4.0\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Alles mit FlashGet laden - C:\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\FlashGet\jc_link.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ 4.0\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ 4.0\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht!http://home.dworx.org/ax/loud.chm::/bridge-c11.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1117029887294
O17 - HKLM\System\CCS\Services\Tcpip\..\{A435787E-E004-4F0C-9086-1448C20DC9AF}: NameServer = 217.237.151.161 217.237.151.33
O18 - Protocol: bw+0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE

OHL 17.08.2005 17:38
hmm wen ich log saven möchte tellt mir mein AntiVir
Das mit :crazy:

C:\DOKUMENTE UND EINSTELLUNGEN\PAUL\DESKTOP\NFSU\HIJACKTHIS.LOG

Enthält Signatur des HTML-Scriptvirus HTML/Exploit.Mhtml

Das bin ich Da ist mein HIJACKTHIS drin (Ordner)
Das Programm hatt mein kleiner bruder draufgemacht :sword2: Mit dem ich oft streiten darf wer an Pc kann...

dartus 17.08.2005 22:59
Hallo OHL,

in Deinem System ist u.u. dieser hier aktiv:
http://securityresponse.symantec.com...rker.worm.html

Grund ist Dein nicht aktuelles Betriebssytem! SP 2 und alle weiteren Sicherheitspatches müssen installiert sein!

Bei einem Trojaner mit Backdoorfunktionalität wird Dir dringend zur Neuinstallation geraten.

http://www.mathematik.uni-marburg.de...c-removal.html
http://www.mathematik.uni-marburg.de...ompromise.html
http://en.wikipedia.org/wiki/Botnet
http://de.wikipedia.org/wiki/Backdoor

Empfohlene Anleitung zur Neuinstallation

http://www.trojaner-board.de/showthread.php?t=12154

Thema Datensicherung:

http://www.trojaner-board.de/showpos...8&postcount=11

dartus

OHL 18.08.2005 16:09
Und meine log so weit ok ?


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:42 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131