- #1
H
hotte444
Bekanntes Mitglied
Themenersteller
- Dabei seit
- 03.10.2005
- Beiträge
- 92
- Reaktionspunkte
- 0
guten morgen, kann mir jemand an hand meiner hijack liste sagen ob mein sxstem infiziert ist?
gruss
horst
Logfile of HijackThis v1.99.1
Scan saved at 09:27:24, on 24.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\csrss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Eset\nod32krn.exe
C:\WINDOWS1\system32\oodag.exe
C:\WINDOWS1\system32\locator.exe
C:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\wdfmgr.exe
C:\WINDOWS1\System32\alg.exe
C:\WINDOWS1\Mixer.exe
C:\Programme\ip@ctive\ip@ctive Client.exe
C:\Programme\Eset\nod32kui.exe
C:\Programme\1&1\SMS-Manager\SMSMngr.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Programme\Serv-U\ServUTray.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Programme\TechSmith\SnagIt 7\SnagIt32.exe
C:\Programme\FRITZ!DSL\FwebProt.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programme\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\WinAce\WinAce.exe
C:\DOKUME~1\HORST~1.HOT\LOKALE~1\Temp\~AceTemp\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://de.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://de.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://de.search.yahoo.com
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ip@ctive] C:\Programme\ip@ctive\ip@ctive Client.exe -s
O4 - HKLM\..\Run: [nod32kui] C:\Programme\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [1&1 SMS-Manager] C:\Programme\1&1\SMS-Manager\SMSMngr.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe autostart
O4 - HKCU\..\Run: [1&1 EasyLogin] C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe HIDE
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Programme\Serv-U\ServUTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] C:\Programme\MSN Messenger\msnmsgr.exe /background
O4 - Startup: FRITZ!webProtect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Programme\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Decompiler - C:\Programme\SourceTec\Sothink Glanda\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra->Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Y!mLite - {9B04D939-D9D1-45e0-9FBF-5A31AAF7A68A} - C:\Programme\Y!mLite\ymlite.exe
O9 - Extra button: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\SourceTec\Sothink Glanda\InternetExplorer.htm
O9 - Extra->Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\SourceTec\Sothink Glanda\InternetExplorer.htm
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {443AF0D3-BAE8-40D8-83B5-037C67735E7D} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra->Tools' menuitem: Unterstützung für xp-AntiSpy - {443AF0D3-BAE8-40D8-83B5-037C67735E7D} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\Programme\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {790A280D-1494-11D3-AD4E-002018280775} (VB6Runtime.VB6RuntimeFiles) - http://www.a-softtech.com/ActiveX/VB6Runtime.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB6FCDB9-BC52-4984-8DC3-0F5A99BC5F7E}: NameServer = 192.168.122.252,192.168.122.253
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS1\system32\ati2sgag.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS1\system32\oodag.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\PROGRA~1\Serv-U\ServUDaemon.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
verschoben von Windows XP
gruss
horst
Logfile of HijackThis v1.99.1
Scan saved at 09:27:24, on 24.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\csrss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Eset\nod32krn.exe
C:\WINDOWS1\system32\oodag.exe
C:\WINDOWS1\system32\locator.exe
C:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\wdfmgr.exe
C:\WINDOWS1\System32\alg.exe
C:\WINDOWS1\Mixer.exe
C:\Programme\ip@ctive\ip@ctive Client.exe
C:\Programme\Eset\nod32kui.exe
C:\Programme\1&1\SMS-Manager\SMSMngr.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Programme\Serv-U\ServUTray.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Programme\TechSmith\SnagIt 7\SnagIt32.exe
C:\Programme\FRITZ!DSL\FwebProt.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programme\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\WinAce\WinAce.exe
C:\DOKUME~1\HORST~1.HOT\LOKALE~1\Temp\~AceTemp\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://de.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://de.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://de.search.yahoo.com
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ip@ctive] C:\Programme\ip@ctive\ip@ctive Client.exe -s
O4 - HKLM\..\Run: [nod32kui] C:\Programme\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [1&1 SMS-Manager] C:\Programme\1&1\SMS-Manager\SMSMngr.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe autostart
O4 - HKCU\..\Run: [1&1 EasyLogin] C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe HIDE
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Programme\Serv-U\ServUTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] C:\Programme\MSN Messenger\msnmsgr.exe /background
O4 - Startup: FRITZ!webProtect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Programme\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Decompiler - C:\Programme\SourceTec\Sothink Glanda\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra->Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Y!mLite - {9B04D939-D9D1-45e0-9FBF-5A31AAF7A68A} - C:\Programme\Y!mLite\ymlite.exe
O9 - Extra button: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\SourceTec\Sothink Glanda\InternetExplorer.htm
O9 - Extra->Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\SourceTec\Sothink Glanda\InternetExplorer.htm
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {443AF0D3-BAE8-40D8-83B5-037C67735E7D} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra->Tools' menuitem: Unterstützung für xp-AntiSpy - {443AF0D3-BAE8-40D8-83B5-037C67735E7D} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\Programme\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {790A280D-1494-11D3-AD4E-002018280775} (VB6Runtime.VB6RuntimeFiles) - http://www.a-softtech.com/ActiveX/VB6Runtime.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB6FCDB9-BC52-4984-8DC3-0F5A99BC5F7E}: NameServer = 192.168.122.252,192.168.122.253
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS1\system32\ati2sgag.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS1\system32\oodag.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\PROGRA~1\Serv-U\ServUDaemon.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
verschoben von Windows XP