Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hilfe bei Hj Logfile (https://www.trojaner-board.de/24235-hilfe-hj-logfile.html)

Miramax 04.12.2005 14:21
Hilfe bei Hj Logfile
 
Hi Leutz,
könntet ihr mir bitte sagen was ich an dem Logfile löschen kann? Habe z.B das T Pferd StartPa.Du.DLL.1 drauf

Vielen Dank für eure Hilfe!

Logfile of HijackThis v1.99.1
Scan saved at 14:07:58, on 04.12.2005
Platform: *Windows XP (WinNT 5.01.2600)
MSIE: *Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ipnh.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\pupxpman.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\webHancer\Programs\whAgent.exe
C:\Programme\QuickTime\qttask.exe
C:\Program Files\webHancer\Programs\whsurvey.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\BearShare\BearShare.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\HbTools\Bin\4.7.1.0\HbtWeatherOnTray.exe
C:\Programme\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe
C:\DOKUME~1\***\LOKALE~1\Temp\85.tmp.exe
C:\DOKUME~1\***\LOKALE~1\Temp\86.tmp.exe
C:\WINDOWS\system32\ipki.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Skype\Phone\Skype.exe
C:\winstall.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Kabelloser Labtec-Desktop\MagicKey.exe
C:\Programme\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Programme\Kabelloser Labtec-Desktop\MulMouse.exe
C:\Programme\MSN Toolbar Suite\DS\02.05.0001.1119\de-de\bin\WindowsSearch.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Kabelloser Labtec-Desktop\OSD.EXE
C:\Programme\MSN Toolbar Suite\DS\02.05.0001.1119\de-de\bin\WindowsSearchIndexer.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\*Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\HbTools\Bin\4.7.1.0\HbtSrv.exe
C:\DOKUME~1\SIMON\LOKALE~1\TEMP\_VWUPSRV.EXE
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\AVPersonal\AVSched32.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\***\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet* Explorer\Main,Search *Bar = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKCU\Software\Microsoft\Internet* Explorer\Main,Search Page = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R0 - HKCU\Software\Microsoft\Internet* Explorer\Main,Start Page = h**p://www.web.de/
R1 - HKLM\Software\Microsoft\Internet* Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet* Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKLM\Software\Microsoft\Internet* Explorer\Main,Search *Bar = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKLM\Software\Microsoft\Internet* Explorer\Main,Search Page = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKCU\Software\Microsoft\Internet* Explorer\Search,SearchAssistant = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R0 - HKLM\Software\Microsoft\Internet* Explorer\Search,SearchAssistant = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKCU\Software\Microsoft\Internet* Explorer\SearchURL,(Default) = h**p://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.178.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://www.routerlogin.net/basicsetting.htm;192.168.1.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Programme\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.7.1.0\HbtHostIE.dll
O2 - BHO: *Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Class - {AEC0E648-ADD3-DDDE-92AB-02CC0E6452E3} - C:\WINDOWS\winwl32.dll
O2 - BHO: MSN Suche Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: MSN Suche Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.7.1.0\HbtHostIE.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Programme\HbTools\Bin\4.7.1.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [HbTools] C:\Programme\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [tzoqlymm] C:\WINDOWS\System32\joghagww.exe
O4 - HKLM\..\Run: [ipdx.exe] C:\WINDOWS\ipdx.exe
O4 - HKLM\..\Run: [85.tmp] C:\DOKUME~1\***\LOKALE~1\Temp\85.tmp.exe
O4 - HKLM\..\Run: [86.tmp] C:\DOKUME~1\***\LOKALE~1\Temp\86.tmp.exe
O4 - HKLM\..\Run: [85.tmp.exe] C:\DOKUME~1\***\LOKALE~1\Temp\85.tmp.exe
O4 - HKLM\..\Run: [86.tmp.exe] C:\DOKUME~1\***\LOKALE~1\Temp\86.tmp.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [ipki.exe] C:\WINDOWS\system32\ipki.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Kabellosen Labtec-Desktop aktivieren.lnk = C:\Programme\Kabelloser Labtec-Desktop\MagicKey.exe
O4 - Global Startup: *Microsoft Office.lnk = C:\Programme\*Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\MSN Toolbar Suite\DS\02.05.0001.1119\de-de\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Suche - res://C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll/search.htm
O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/229?b7bccb85c91d4d85861a9ea17194dee
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/230?b7bccb85c91d4d85861a9ea17194dee
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ShopperReports - Compare *travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Programme\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Programme\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O10 - Hijacked *Internet access by WebHancer
O10 - Hijacked *Internet access by WebHancer
O10 - Hijacked *Internet access by WebHancer
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipnh.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Haui45 04.12.2005 14:40
Hallo,

dein System ist total veraltet! Es fehlt das SP2 sowie alle nachfolgenden Patches. Das ist einer der Gründe, warum dein System vollkommen durchseucht ist, hier mal ein kleiner Auszug:
Zitat:
Zitat von Miramax
R1 - HKCU\Software\Microsoft\Internet* Explorer\Main,Search *Bar = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKCU\Software\Microsoft\Internet* Explorer\Main,Search Page = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKLM\Software\Microsoft\Internet* Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKLM\Software\Microsoft\Internet* Explorer\Main,Search *Bar = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKLM\Software\Microsoft\Internet* Explorer\Main,Search Page = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R1 - HKCU\Software\Microsoft\Internet* Explorer\Search,SearchAssistant = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R0 - HKLM\Software\Microsoft\Internet* Explorer\Search,SearchAssistant = res://C:\WINDOWS\gmnht.dll/sp.html#88449
R3 - Default URLSearchHook is missing
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Programme\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.7.1.0\HbtHostIE.dll
O2 - BHO: Class - {AEC0E648-ADD3-DDDE-92AB-02CC0E6452E3} - C:\WINDOWS\winwl32.dll
O2 - BHO: MSN Suche Toolbar Helper -
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.7.1.0\HbtHostIE.dll
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [WeatherOnTray] C:\Programme\HbTools\Bin\4.7.1.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [HbTools] C:\Programme\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [tzoqlymm] C:\WINDOWS\System32\joghagww.exe
O4 - HKLM\..\Run: [ipdx.exe] C:\WINDOWS\ipdx.exe
O4 - HKLM\..\Run: [85.tmp] C:\DOKUME~1\***\LOKALE~1\Temp\85.tmp.exe
O4 - HKLM\..\Run: [86.tmp] C:\DOKUME~1\***\LOKALE~1\Temp\86.tmp.exe
O4 - HKLM\..\Run: [85.tmp.exe] C:\DOKUME~1\***\LOKALE~1\Temp\85.tmp.exe
O4 - HKLM\..\Run: [86.tmp.exe] C:\DOKUME~1\***\LOKALE~1\Temp\86.tmp.exe
O4 - HKLM\..\Run: [ipki.exe] C:\WINDOWS\system32\ipki.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O10 - Hijacked *Internet access by WebHancer
O10 - Hijacked *Internet access by WebHancer
O10 - Hijacked *Internet access by WebHancer
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/...ms/hbtools.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipnh.exe
Das ist alles Müll, oder um es auf den Punkt zu bringen:
Setz das System neu auf und überdenke dein Patch- und Surfverhalten --> http://www.trojaner-board.de/showpos...28&postcount=2


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:02 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129