| |
| |||||||
Log-Analyse und Auswertung: Ist nun alles OK?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.12.2004, 14:18
| #1 |
 |  Ist nun alles OK? Hier meine neuen Logfiles von HijackThis und escan. Wäre nett wenn ihr noch mal drüber schauen könntet. Danke Vandol Logfile of HijackThis v1.98.2 Scan saved at 19:19:30, on 09.12.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVirenKit 2004\AVKService.exe C:\Programme\AntiVirenKit 2004\AVKWCtl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\LTSMMSG.exe C:\WINDOWS\htpatch.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Programme\Roxio\WinOnCD\DirectCD\DirectCD.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\Tools\WinRar\WinRAR.exe C:\DOKUME~1\Andreas\LOKALE~1\Temp\Rar$EX00.735\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32/left.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.gmx.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = 192.168.123.254 R3 - Default URLSearchHook is missing O1 - Hosts: 69.20.16.183 auto.search.msn.com O1 - Hosts: 69.20.16.183 search.netscape.com O1 - Hosts: 69.20.16.183 ieautosearch O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\WinOnCD\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - http://akamai.downloadv3.com/binari...ice_3_EN_XP.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O17 - HKLM\System\CCS\Services\Tcpip\..\{D2A12191-BBB1-450F-B9BF-7E5BDB10B8DD}: NameServer = 192.168.123.254,212.185.252.73 escan: Thu Dec 09 18:52:35 2004 => File C:\WINDOWS\htpatch.exe tagged as not-a-virus:Tool.Win32.HTPatch.a. No Action Taken. Thu Dec 09 18:52:48 2004 => File C:\WINDOWS\ml-uninstall-v10.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Thu Dec 09 18:52:51 2004 => File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Thu Dec 09 18:56:36 2004 => File C:\Drivers\SiSChipsetDriver\AGP\htpatch\htpatch.exe tagged as not-a-virus:Tool.Win32.HTPatch.a. No Action Taken. Thu Dec 09 20:56:37 2004 => File D:\Festplatte_Downloads\Patches\Skout\skout101.zip tagged as not-a-virus:Cracker.AssasinPatch. No Action Taken. Thu Dec 09 18:54:40 2004 => File C:\DOKUME~1\Andreas\LOKALE~1\Temp\temp.fr0D62 infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken. Thu Dec 09 19:51:28 2004 => File C:\RECYCLER\S-1-5-21-2919174591-3357591376-1883412291-1005\Dc40.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Thu Dec 09 20:45:57 2004 => File C:\WINDOWS\Temp\nsdtmp09.dll infected by "not-a-virus:AdWare.MetaDirect.a" Virus. Action Taken: No Action Taken. Thu Dec 09 21:03:42 2004 => ***** Scanning complete. ***** Thu Dec 09 21:03:42 2004 => Total Files Scanned: 102698 Thu Dec 09 21:03:42 2004 => Total Virus(es) Found: 11 Thu Dec 09 21:03:42 2004 => Total Disinfected Files: 0 Thu Dec 09 21:03:42 2004 => Total Files Renamed: 0 Thu Dec 09 21:03:42 2004 => Total Deleted Files: 0 Thu Dec 09 21:03:42 2004 => Total Errors: 45 Thu Dec 09 21:03:42 2004 => Time Elapsed: 01:39:42 Thu Dec 09 21:03:42 2004 => Virus Database Date: 2004/12/08 Thu Dec 09 21:03:42 2004 => Virus Database Count: 111920 Thu Dec 09 21:03:42 2004 => Scan Completed. |
| Themen zu Ist nun alles OK? |
| button, c:\windows\temp, dll, drivers, explorer, festplatte, hijack, hijackthis, infected, internet, internet explorer, logfiles, messenger, microsoft, neue, not-a-virus, nvcpl.dll, p2p, programme, rundll, software, start, system, system32, tcpip, temp, urlsearchhook, usb, windows, windows messenger, windows xp, windows\temp |
Baum-Darstellung