Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   HiJackThis log bitte anschaun (https://www.trojaner-board.de/56557-hijackthis-log-bitte-anschaun.html)

amox 22.07.2008 23:34

HiJackThis log bitte anschaun
 
HI

ich habe folgendes Problem mit meinem Desktop-Rechner. Solbald ich eine internet verbindung zu lasse, bricht die ganze leitung zusammen. ping jenseits von 4000 -> zeitüberschreitung der anforderung ... sobald ich aber wieder mit der firewall den kompletten datenverkehr blockiere oder die netzwerkverbindung deaktiviere, kann ich mit laptop wieder normal das internet nutzen.

Hab mit kaspersky internet security den desktop-rechner durchchecken lassen und es wurde auch etwas gefunden/behoben, aber das internet problem bleibt bestehen. ( Trojianisches Programm Heur.Backdoor.Generic )

Leider hab ich keine wirkliche Erfahrung mit HiJackThis, daher suche ich hier mal ein wenig hilfe

mein log :

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:02:46, on 23.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\WINXP\RTHDCPL.EXE
D:\Kaspersky Internet Security 2009\avp.exe
C:\WINXP\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINXP\system32\svchost.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Saitek\SD6\Software\ProfilerU.exe
C:\Programme\Saitek\SD6\Software\SaiMfd.exe
D:\Kaspersky Internet Security 2009\avp.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\RocketDock\RocketDock.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINXP\system32\wuauclt.exe
C:\Programme\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVP] "D:\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "D:\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Download with GetRight Pro - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - h**p://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200837760921
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - h**p://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - h**p://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: D:\KASPER~1\mzvkbd.dll,D:\KASPER~1\adialhk.dll,D:\KASPER~1\kloehk.dll
O23 - Service: AODService - Unknown owner - C:\Programme\AMD\OverDrive\AODAssist (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINXP\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINXP\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\winxp\system32\..\svchost.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - D:\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - D:\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINXP\System32\TuneUpDefragService.exe

--
End of file - 7428 bytes

Process Explorer file

Code:

Process        PID        CPU        Description        Company Name
System Idle Process        0        100.00               
 Interrupts        n/a                Hardware Interrupts       
 DPCs        n/a                Deferred Procedure Calls       
 System        4                       
  smss.exe        1348                Windows NT-Sitzungs-Manager        Microsoft Corporation
  csrss.exe        1444                Client Server Runtime Process        Microsoft Corporation
  winlogon.exe        1488                Windows NT-Anmeldung        Microsoft Corporation
    services.exe        1532                Anwendung für Dienste und Controller        Microsoft Corporation
    ati2evxx.exe        1712                ATI External Event Utility EXE Module        ATI Technologies Inc.
    svchost.exe        1736                Generic Host Process for Win32 Services        Microsoft Corporation
    svchost.exe        1848                Generic Host Process for Win32 Services        Microsoft Corporation
    svchost.exe        2012                Generic Host Process for Win32 Services        Microsoft Corporation
    svchost.exe        364                Generic Host Process for Win32 Services        Microsoft Corporation
    spoolsv.exe        604                Spooler SubSystem App        Microsoft Corporation
    avp.exe        1168                Kaspersky Anti-Virus        Kaspersky Lab
    LSSrvc.exe        1252                        Hewlett-Packard Company
    NMSAccessU.exe        1428                       
    alg.exe        3332                Application Layer Gateway Service        Microsoft Corporation
    lsass.exe        1544                LSA Shell (Export Version)        Microsoft Corporation
    ati2evxx.exe        468                ATI External Event Utility EXE Module        ATI Technologies Inc.
    procexp.exe        904                Sysinternals Process Explorer        Sysinternals - www.sysinternals.com
explorer.exe        960                Windows Explorer        Microsoft Corporation
 RTHDCPL.exe        1076                Realtek HD Audio Control Panel        Realtek Semiconductor Corp.
 ctfmon.exe        1184                CTF Loader        Microsoft Corporation
 jusched.exe        940                Java(TM) Platform SE binary        Sun Microsystems, Inc.
 ProfilerU.exe        1676                Saitek SST Profile Launcher        Saitek
 SaiMfd.exe        1024                Saitek MFD File System Driver        Saitek
 avp.exe        2116                Kaspersky Anti-Virus        Kaspersky Lab
 RocketDock.exe        2152                       
 daemon.exe        2332                DAEMON Tools main application        DT Soft Ltd
 HijackThis.exe        1836                HijackThis        Trend Micro Inc.
  firefox.exe        3088                Firefox        Mozilla Corporation
svchost.exe        1360                Generic Host Process for Win32 Services        Microsoft Corporation
MOM.exe        2148                Catalyst Control Center: Monitoring program        Advanced Micro Devices Inc.
 CCC.exe        2272                Catalyst Control Centre: Host application        ATI Technologies Inc.

danke schon mal im vorraus

amox

edit: durch den zusammenbruch der inet verbindung beim desktop rechner, kann ich auch keine antivirus software mehr updaten. keine chance :(

amox 23.07.2008 02:20

so ich glaub ich bin mein Problem losgeworden. ICh hab nacheinander folgendene Programme benutzt, die dann auch das eine oder andere gefunden haben.

Malwarebytes
SUPERAntispyware
und ich weiß net ob es wichtig war, aber winsockxpfix hab ich auch benutzt, weil in einem anderen thread jemand nen ähnliches problem mit einer malware hatte


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:30 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132