PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : HijackThis



toron
02.04.07, 22:26
hey.. könnt mir jemand sagen ob dieses log file in ordnung ist oder ob hier etwas nicht passt, also ob ein trojaner oben ist? wär sehr dankbar:

Logfile of HijackThis v1.99.1
Scan saved at 21:22:35, on 02.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Programme\Alwil Software\Avast4\aswUpdSv.exe
d:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\SatSrv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
d:\Programme\TurboFTP\tftpsvc.exe
d:\Programme\Alwil Software\Avast4\ashMaiSv.exe
d:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\drivers\Icon.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
D:\Programme\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
D:\Programme\firefox\firefox.exe
d:\PROGRA~1\FREEDO~1\fdm.exe
d:\Programme\WinAce\WinAce.exe
C:\DOKUME~1\admin\LOKALE~1\Temp\~AceTemp\hijackthi s\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 172.16.4.1:3128
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - d:\Programme\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "d:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download all with Free Download Manager - file://d:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://d:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://d:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Programme\ICQ\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Programme\ICQ\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE9F1114-A361-40CB-BD95-B4EBBD8B2291}: NameServer = 83.68.128.1,83.68.128.2
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - d:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - d:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - d:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - d:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\WINDOWS\system32\SatSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Programme\Sygate\SPF\smc.exe
O23 - Service: TurboFTP Sync Service (TBFTPSyncService) - TurboSoft,Inc - d:\Programme\TurboFTP\tftpsvc.exe



mfg toron

Duke
03.04.07, 03:08
Das kannste selber hier (http://www.hijackthis.de/de#anl) machen.


Nur den solltest du sofort beseitigen.


Besucherbewertung Analysedetails
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe

Art
Äußerst schädlich

Unbedingt fixen! Variant of the RapidBlaster parasite (in an "Icon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer -

toron
03.04.07, 17:09
10000 thx. jetzt weis ich auch wo ich die log files selbst auswerten.

*verbeugen tu*

;-)