Quint
,
- Mitglied seit
- 13.08.2002
- Beiträge
- 6.602
- Reaktionen
- 0
Aloha,
Ein Freund von mir hat scheinbar Probleme mit einem Wurm/Trojaner, die genaueren Symptome werde ich später reineditieren - hier eben der HJT-Log:
Logfile of HijackThis v1.99.1
Scan saved at 14:36:37, on 1.7.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\Explorer.EXE
C:\Programme\Winamp\Winampa.exe
C:\Programme\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\System32\ctfmon.exe
C:\WINNT\System32\mswsgs.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Steffi\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer
O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} -
C:\WINNT\System32\urqonnn.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - (no file)
O2 - BHO: (no name) - {D7841E97-003F-401E-9227-66B766BBC814} -
C:\WINNT\System32\vtutr.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Programme\Ashampoo\Ashampoo
FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [Network Security] C:\WINNT\System32\NSecurity.exe
O4 - HKLM\..\Run: [Windows Service Update] C:\WINNT\System32\mswsgs.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [ms AV] mrcw34.exe
O4 - HKCU\..\Run: [ms AV] mrcw34.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [Network Security] C:\WINNT\System32\NSecurity.exe
O4 - HKCU\..\Run: [Windows Service Update] C:\WINNT\System32\mswsgs.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\programme\ashampoo\ashampoo
firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\programme\ashampoo\ashampoo
firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\programme\ashampoo\ashampoo
firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\programme\ashampoo\ashampoo
firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\programme\ashampoo\ashampoo
firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\programme\ashampoo\ashampoo
firewall\spi.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
http://go.microsoft.com/fwlink/?linkid=39204
O17 -
HKLM\System\CCS\Services\Tcpip\..\{1A2072E2-613A-475B-A6B1-798428AE0423}:
NameServer = 212.114.152.1 212.114.153.1
O17 -
HKLM\System\CS1\Services\Tcpip\..\{1A2072E2-613A-475B-A6B1-798428AE0423}:
NameServer = 212.114.152.1 212.114.153.1
O20 - Winlogon Notify: urqonnn - C:\WINNT\SYSTEM32\urqonnn.dll
O20 - Winlogon Notify: vtutr - C:\WINNT\System32\vtutr.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler)
- Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) -
Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner
- C:\Programme\CyberLink\Shared Files\RichVideo.exe
Evtl. kann man ja schon da etwas rauslesen.
Ein Freund von mir hat scheinbar Probleme mit einem Wurm/Trojaner, die genaueren Symptome werde ich später reineditieren - hier eben der HJT-Log:
Logfile of HijackThis v1.99.1
Scan saved at 14:36:37, on 1.7.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\Explorer.EXE
C:\Programme\Winamp\Winampa.exe
C:\Programme\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\System32\ctfmon.exe
C:\WINNT\System32\mswsgs.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Steffi\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer
O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} -
C:\WINNT\System32\urqonnn.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - (no file)
O2 - BHO: (no name) - {D7841E97-003F-401E-9227-66B766BBC814} -
C:\WINNT\System32\vtutr.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Programme\Ashampoo\Ashampoo
FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [Network Security] C:\WINNT\System32\NSecurity.exe
O4 - HKLM\..\Run: [Windows Service Update] C:\WINNT\System32\mswsgs.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [ms AV] mrcw34.exe
O4 - HKCU\..\Run: [ms AV] mrcw34.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [Network Security] C:\WINNT\System32\NSecurity.exe
O4 - HKCU\..\Run: [Windows Service Update] C:\WINNT\System32\mswsgs.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\programme\ashampoo\ashampoo
firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\programme\ashampoo\ashampoo
firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\programme\ashampoo\ashampoo
firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\programme\ashampoo\ashampoo
firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\programme\ashampoo\ashampoo
firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\programme\ashampoo\ashampoo
firewall\spi.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
http://go.microsoft.com/fwlink/?linkid=39204
O17 -
HKLM\System\CCS\Services\Tcpip\..\{1A2072E2-613A-475B-A6B1-798428AE0423}:
NameServer = 212.114.152.1 212.114.153.1
O17 -
HKLM\System\CS1\Services\Tcpip\..\{1A2072E2-613A-475B-A6B1-798428AE0423}:
NameServer = 212.114.152.1 212.114.153.1
O20 - Winlogon Notify: urqonnn - C:\WINNT\SYSTEM32\urqonnn.dll
O20 - Winlogon Notify: vtutr - C:\WINNT\System32\vtutr.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler)
- Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) -
Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner
- C:\Programme\CyberLink\Shared Files\RichVideo.exe
Evtl. kann man ja schon da etwas rauslesen.