Geschrieben von umbro am 17.04.2005 um 13:17:
Trojaner
Hi könnt ihr euch das mal anschauen und mir sagen was ich weg machen soll
Logfile of HijackThis v1.99.1
Scan saved at 13:11:43, on 17.04.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Sicherheit\AVPersonal\AVGUARD.EXE
C:\Programme\Sicherheit\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Sicherheit\AVPersonal\AVGNT.EXE
C:\Programme\Oleco NetLCR PRO\ol_pro.exe
C:\Programme\Internet Sachen\ICQLite\ICQLite.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\Star Downloader\stardown.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\PR0~1.UMB\LOKALE~1\Temp\Rar$EX00.835\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.pro.umbro.de.vu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.pro.umbro.de.vu
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://search.hlsw.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Schubi´s - eXplorer
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\Internet Sachen\ICQToolbar\toolbaru.dll
F3 - REG:win.ini: run=C:\WINDOWS\System32\msoffice.exe
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\Star Downloader\SDIEInt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\Internet Sachen\ICQToolbar\toolbaru.dll
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\Sicherheit\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\Internet Sachen\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\Internet Sachen\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with Star Downloader - C:\Programme\Star Downloader\sdie.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\Internet Sachen\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\Internet Sachen\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {2D30D894-71DD-4D77-993B-12024F03EADB} - C:\Programme\Sicherheit\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {2D30D894-71DD-4D77-993B-12024F03EADB} - C:\Programme\Sicherheit\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de/service/redir/ie_t-online.htm
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2fucked.biz
O15 - Trusted Zone: *.traffic2cash.biz
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c11.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108164445869
O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} (VacPro.internazionale_ver10) -
http://advnt01.com/dialer/internazionale_ver10.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E23B8D6-AA1A-453E-A9DB-3B6CFB45D0A7}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8E183BE-C239-43B6-8027-11598CF45A80}: NameServer = 62.104.191.241 62.104.196.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{5E23B8D6-AA1A-453E-A9DB-3B6CFB45D0A7}: NameServer = 192.168.120.252,192.168.120.253
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\m6lslg3716.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\GEMEIN~1\Stardock\mcpstub.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\Sicherheit\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Sicherheit\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\Sicherheit\WinStylerThemeSvc.exe
Anmerkung der Moderation:
Dein Post und alle weiteren Posts die Dir gewidmet waren, wurden aus dem Thread 'Viren, Trojaner und sonstige Malware beseitigen' herausgelöst.
Bitte das nächste Mal einen eigenen Thread eröffnen!
LG Cidre