Umfrageergebnis anzeigen: Ist mein PC sicher wenn ich diese Services (siehe liste) habe?

Teilnehmer
2. Sie dürfen bei dieser Umfrage nicht abstimmen

  • Ja, sicher

    0 0%

  • Keine Ahnung - koennte gefaehrdet sein

    1 50,00%

  • Nein, scheiss drauf, neu installieren

    1 50,00%
Ergebnis 1 bis 2 von 2

Thema: HP - PC check

  1. 26.06.2007, 08:14 #1
    lemon
    lemon ist offline
    Einsteiger
    Registriert seit
    26.06.2007
    Beiträge
    1

    Frage HP - PC check

    Hi wanted to get my PC checked for possible backdoors.
    Thanks, Lemon

    Logfile of HijackThis v1.99.1
    Scan saved at 9:05:06, on 26.6.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\WINDOWS\System32\WinPwdHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ICQ6\ICQ.exe
    C:\Program Files\Microsoft Office Communicator\Communicator.exe
    C:\Program Files\BlazeVideo\BlazeDVD 5 Professional\MediaDetector.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Nortel Networks\Extranet.exe
    C:\Program Files\Hewlett-Packard\OpenView\service desk 4.5\client\bin\sdlaunch.exe
    C:\WINDOWS\system32\wjview.exe
    C:\Program Files\Hewlett-Packard\HP VP Java Console\j2re1.4.2\bin\javaw.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.pg.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = autoproxy.pg.com:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.pg.com;155.*;<local>
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: APHelper Class - {08C63920-DC18-11D2-9E1E-00A0247061AB} - C:\PROGRAM FILES\INTERNET EXPLORER\AUTOPASS\APHELPER.DLL
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ESD3Agent] C:\Program Files\Marimba\Addons\EsdAgent.exe
    O4 - HKCU\..\Run: [WBPCache] WBPCache.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
    O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
    O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 5 Professional\MediaDetector.exe"
    O4 - Startup: SEWP Username.lnk = C:\WINDOWS\system32\UserName.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: iLO Remote Console Applet - https://155.125.83.177/dvc.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (ICA Client) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149035839595
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149035936194
    O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.timevision.com/codebase30/OrgPubX.cab
    O16 - DPF: {C7648BB8-7FF5-4192-886A-6C542051A522} (HideCursorCtl Class) - https://143.21.97.212/HideCursor.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - http://bdc-intra545.internal.pg.com/optsso_prd4enu/19221/applets/SiebelAx_HI_Client.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1F8CE2E3-5BDB-4679-AADD-BA2FA8A515F1}: Domain = eu.pg.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD33C4C8-CC5C-4B53-92C2-4E692D671FA3}: NameServer = 192.44.120.10,192.44.162.132
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = eu.pg.com,pg.com,na.pg.com,la.pg.com,ap.pg.com,internal.pg.c om
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1F8CE2E3-5BDB-4679-AADD-BA2FA8A515F1}: Domain = eu.pg.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = eu.pg.com,pg.com,na.pg.com,la.pg.com,ap.pg.com,internal.pg.c om
    O20 - AppInit_DLLs: AeXPrcssAppInitNT.dll cahooknt.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Altiris eXpress NS Client (AeXNSClient) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
    O23 - Service: Altiris eXpress NS Client Transport (AeXNSClientTransport) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: WinPwdReset - Unknown owner - C:\WINDOWS\System32\WinPwdHelper.exe
  2. 26.06.2007, 10:31 #2
    kira
    kira ist offline
    Moderator Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    28.359

    AW: HP - PC check

    Hello and welcome to HijackThis.eu @ lemon

    First of all we need some information about your system.
    Please hold on these instructions.
    Thanks a lot

    STEP 1

    Please rename Hijackthis.exe in HJT1991.exe.


    We need to rename HijackThis, because of malware attacks it and hides from it.

    Remember that Hijackthis must be run in an own folder.
    Only if Hijackthis runs in an own folder it will create backups!

    Please run HJT1991.exe and let it scan.
    Save the fresh HJT logfile and post it.

    STEP 2

    Make sure you set windows to see the hidden files and folders.

    STEP 3
    1. Please load down the filelist.zip
      (FAQ) to your desktop.
    2. Unzip this file to your desktop (free Zip-Tools)
    3. Restart your system
    4. Doubleclick onto the filelist.bat to run it
    5. Your editor program will open
    6. Highlight the content, chose copy & paste it to your following posting
    7. Please note: we only need the last 30 days of every directory of this file
    • Many Thanks to our Moderator Karl83 for creating this new tool.
    • Directory of C:\
    • Directory of C:\WINDOWS\system32
    • Directory of C:\WINDOWS
    • Directory of C:\WINDOWS\Prefetch (Windows XP)
    • Directory of C:\WINDOWS\tasks
    • Directory of C:\WINDOWS\Temp
    • Directory of C:\DOCUME~1\Name\LOCALS~1\Temp


    Note:
    Please poste all requested logfiles in "code-tags".
    See here how to do this.

    ----------------------
    For the greatest safety, it is recommended that
    you may not do online-banking, file-sharing, mailing, messaging,
    up and downloads behalve to security sites
    until your system is of formatted or cleaned up.
    You need to change your passwords, saved on your machine,
    when your system is cleaned up.

    -----------------------

    regards
    argos
    Warnung!:
    Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!
    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!
« Vorheriges Thema | Nächstes Thema »

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Check Please =)
    Von trihornX im Forum Archiv
    Antworten: 3
    Letzter Beitrag: 06.08.2006, 23:56
  2. Check up!
    Von Mad ant im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 09.08.2005, 20:57
  3. Can you check this out for me?
    Von unregistered im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 28.06.2005, 11:42
  4. Could you please check
    Von Rocky87 im Forum Archiv
    Antworten: 7
    Letzter Beitrag: 22.06.2005, 04:17
  5. PC Check
    Von seas im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 15.04.2005, 20:54

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •  

Foren-Regeln