Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Ist alles so weit OK? (https://www.trojaner-board.de/21901-alles-so-weit-ok.html)

OHL 17.09.2005 11:38
Ist alles so weit OK?
 
Huhu
Könnt ihr was finden was da nicht rein soll MERCI :heilig:

Logfile of HijackThis v1.99.1
Scan saved at 12:38:14, on 17.09.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\config\svchost.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\T-ONLINE\BSW4\ToDuCAlC.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Paul\Desktop\nfsu\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = ***t-online.de/software/ie401/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ***google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dlexport] C:\Programme\Windows Media Player\dlexport.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQ 4.0\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Service Process] C:\WINDOWS\system32\config\svchost.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LDM] C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQ 4.0\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Alles mit FlashGet laden - C:\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\FlashGet\jc_link.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ 4.0\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ 4.0\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht! ***home.dworx.org/ax/loud.chm::/bridge-c11.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - ***fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - ***v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117029887294
O17 - HKLM\System\CCS\Services\Tcpip\..\{A435787E-E004-4F0C-9086-1448C20DC9AF}: NameServer = 217.237.151.161 217.237.151.33
O18 - Protocol: bw+0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {996B3401-B823-4972-A03E-2918E5626CE0} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE

[edit]
links entfernt
[/edit]

Rene-gad 17.09.2005 11:52
@OHL
Zitat:
Könnt ihr was finden was da nicht rein soll
Soll rein, ist aber nicht da:
Zitat:
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Service Pack 2 für WinXP und IE
Zitat:
C:\T-ONLINE\BSW4\ToDuCAlC.EXE
Für WinXP ist seit Kurzem TOSW6 vorhanden. CD-Rom ist kostenlos Online zu bestellen.
Aber das musst du erst nach dem Neuafsetzen deines Systems tun, denn hier
Zitat:
O4 - HKLM\..\Run: [Service Process] C:\WINDOWS\system32\config\svchost.exe
ist ein Backdoor vesteckt: http://sophos.de/virusinfo/analyses/trojdcmbota.html

cacatoa 17.09.2005 11:55
Hi,
erstens gehört was rein, was nicht drin ist:
Du hast ein völlig ungepatchtes System. Sofort updaten. Hier.
Dann ist vieles drin was nicht rein gehört.
Deshalb bitte einen eScan genau nach Anleitung durchführen und die Ergebnisse posten.
cacatoa

edit:
@ Rene-Gad:
Ich hätte auf einen P2P-Wurm getippt, der nur evtl. eine Backdoor-Funktion hat.
Deshalb der Vorschlag, eScan durchzuführen. :heilig:

Rene-gad 17.09.2005 12:01
@cacatoa
Zitat:
Deshalb der Vorschlag, eScan durchzuführen.
eScan kann keinem schaden ;). :heilig:


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:35 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28