|
Log-Analyse und Auswertung: please help.....Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.12.2004, 16:51 | #1 |
| please help..... Der Logfile ist schon so lang, passt nichtmal in eine post, lol! Bitte schau doch mal wer mit plan und sagt mir was geht.... Logfile of HijackThis v1.99.0 Scan saved at 16:29:15, on 23.12.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\0190 Warner\w0svc.exe C:\WINDOWS\System32\alg.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\VeriSign\NAVI\naviagent.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\VeriSign\NAVI\NAVICL~1.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\PEntms.exe C:\Programme\Winamp\winampa.exe C:\PROGRA~1\0190WA~1\WARN0190.EXE C:\Programme\WEB.DE\FreePhone\SIPPS.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\64SPPEPEhh.exe C:\WINDOWS\system32\64or.exe C:\WINDOWS\System\MSMSGSVC.exe C:\Dokumente und Einstellungen\glasow\Anwendungsdaten\tnpr.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\Programme\WEB.DE\FreePhone\AddOn.bin C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\93b9023ce74cc2dad700644c5dc522ef\update\update.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\glasow\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe |
23.12.2004, 16:51 | #2 |
| please help..... R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2
__________________R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.14/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.14/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.14/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = www.aol.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.14/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_0.dll R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll R3 - URLSearchHook: Search - {00F001B1-F6C9-43B0-8BF8-57CBD00DB168} - C:\WINDOWS\System32\Q5718803.dll R3 - URLSearchHook: Search - {F155DDA4-F474-4C25-A778-21F89474C44F} - C:\WINDOWS\System32\Q5718803.dll O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Search - {FD354888-8890-463A-A5F3-CE9C9F248AF5} - C:\WINDOWS\System32\Q5718803.dll O3 - Toolbar: Search - {3CE61486-9440-402F-8727-F33E76CF2340} - C:\WINDOWS\System32\Q5718803.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ScanRegistry] C:\W O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile O4 - HKLM\..\Run: [PEntms] C:\WINDOWS\system32\PEntms.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [A13264EE] C:\WINDOWS\system32\3xpt85wbb27.exe O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE O4 - HKLM\..\Run: [SIPPS] C:\Programme\WEB.DE\FreePhone\SIPPS.exe O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [monitor] Explorer.exe monitor.exe O4 - HKCU\..\Run: [PEntms] C:\WINDOWS\system32\PEntms.exe O4 - HKCU\..\Run: [64SPPEPEhh] C:\WINDOWS\64SPPEPEhh.exe O4 - HKCU\..\Run: [64or] C:\WINDOWS\system32\64or.exe O4 - HKCU\..\Run: [A13264EE] C:\WINDOWS\system32\3xpt85wbb27.exe O4 - HKCU\..\Run: [MSMsgSvc] C:\WINDOWS\System\MSMSGSVC.exe O4 - HKCU\..\Run: [Rawo] C:\Dokumente und Einstellungen\glasow\Anwendungsdaten\tnpr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: Search - {3CE61486-9440-402F-8727-F33E76CF2340} - C:\WINDOWS\System32\Q5718803.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Hilfe zu i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra 'Tools' menuitem: Hilfe zu i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_0.dll O9 - Extra 'Tools' menuitem: Optionen für i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_0.dll O9 - Extra button: Search - {FD354888-8890-463A-A5F3-CE9C9F248AF5} - C:\WINDOWS\System32\Q5718803.dll O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll O13 - WWW. Prefix: http://ehttp.cc/? O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted IP range: 67.19.185.246 O15 - Trusted IP range: 67.19.185.246 (HKLM) O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:C:\warxsp.chm::/on-line.exe O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DA0CC9DC-3FBE-4E2B-9474-9EEFD47AA49E}: NameServer = 217.237.150.97 217.237.149.161 O18 - Filter: text/plain - {A965AA92-37C7-45E1-9412-CC91CB376A23} - C:\WINDOWS\System32\Q5718803.dll O23 - Service: 0190/0900 Warner Überwachungsdienst - Mirko Böer - C:\Programme\0190 Warner\w0svc.exe O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: VeriSign Updater - VeriSign, Inc. - C:\Programme\VeriSign\NAVI\naviagent.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Danke & Frohes Fest an alle! |
23.12.2004, 16:59 | #3 |
Gast | please help..... Da ist viel Müll drauf.
__________________Scanne mal hiermit im abg. Modus: http://www.trojaner-board.de/42731-escan-anleitung.html Was wird gefunden? |
Themen zu please help..... |
avi, dokumente, download, einstellungen, explorer, hijack, hijackthis, interne, internet, internet explorer, logfile, lokale, navi, please, profil, programme, realplayer, s-1-5-18, software, system, system32, t-online, temp, update, warner, web.de, windows, windows xp |