|
Log-Analyse und Auswertung: was muss ich in meiner logfile fixen???Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.01.2005, 18:47 | #1 |
| surfsidekick2 & co??? wie ist damit umzugehen??? wäre wirklich nett, wenn sich mal jemand meine logfile anschaut und mir mit rat zur seite steht. vorab schonmal ein riesiges DANKE! hier jetzt meine logfile: Logfile of HijackThis v1.99.0 Scan saved at 18:22:00, on 19.01.2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAMME\T-DSL SPEEDMANAGER\SPEEDMGR.EXE C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE C:\PROGRAMME\TROJANCHECK 6\TCGUARD.EXE C:\PROGRAMME\MICROSOFT MONEY\SYSTEM\REMINDER.EXE C:\WINDOWS\RunDLL.exe C:\PROGRAMME\TELEDAT\IWATCH.EXE C:\PROGRAMME\FINEPIXVIEWER\QUICKDCF.EXE C:\WINDOWS\PROFILES\TOBIAS\DESKTOP\ENTZIPPEN\WINZIP\WZQKPICK.EXE C:\PROGRAMME\T-DSL SPEEDMANAGER\TSMSVC.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAMME\ADOBE\ACROBAT 4.0\READER\ACRORD32.EXE C:\T-Online\BSW3\ONLINE.EXE C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\PROFILES\TOBIAS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.vroomsearch.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vroomsearch.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.vroomsearch.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.vroomsearch.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.vroomsearch.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAMME\SURFSIDEKICK 2\SSKBHO.DLL (file missing) O2 - BHO: Advertiser Class - {53D3C442-8FEE-4784-9A21-6297D39613F0} - C:\WINDOWS\SYSTEM\WINAD2.DLL (file missing) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL (file missing) O2 - BHO: (no name) - {5D4D2A59-2CE3-4863-92C4-D088A597A13B} - C:\WINDOWS\SYSTEM\PHM.DLL (file missing) O2 - BHO: (no name) - {CB7E4545-86A0-895B-843E-8C4DF7A772C6} - C:\WINDOWS\SYSTEM\RIHF.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\YSB.DLL O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:\PROGRAMME\IEMENUEXTENSION\TBEXTN.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRAMME\T-DSL SPEEDMANAGER\SPEEDMGR.EXE" O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB O4 - HKLM\..\Run: [ErrorGuard] C:\PROGRAMME\ERRORGUARD\ERRORGUARD.Exe O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\PROGRAMME\TROJANCHECK 6\TCGUARD.EXE O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAMME\SURFSIDEKICK 2\Ssk.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKCU\..\Run: [Reminder] C:\Programme\Microsoft Money\System\reminder.exe O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAMME\SURFSIDEKICK 2\Ssk.exe O4 - HKCU\..\RunServices: [Reminder] C:\Programme\Microsoft Money\System\reminder.exe O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\RunServices: [SurfSideKick 2] C:\PROGRAMME\SURFSIDEKICK 2\Ssk.exe O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Startup: ISDNWatch.lnk = C:\Programme\Teledat\IWatch.exe O4 - Startup: Exif Launcher.lnk = C:\Programme\FinePixViewer\QuickDCF.exe O4 - Startup: WinZip Quick Pick.lnk = C:\WINDOWS\Profiles\Tobias\Desktop\entzippen\WinZip\WZQKPICK.EXE O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - User Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - User Startup: ISDNWatch.lnk = C:\Programme\Teledat\IWatch.exe O4 - User Startup: Exif Launcher.lnk = C:\Programme\FinePixViewer\QuickDCF.exe O4 - User Startup: WinZip Quick Pick.lnk = C:\WINDOWS\Profiles\Tobias\Desktop\entzippen\WinZip\WZQKPICK.EXE O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAMME\YAHOO!\MESSENGER\YPAGER.EXE (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAMME\YAHOO!\MESSENGER\YPAGER.EXE (file missing) O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de O15 - Trusted IP range: 213.159.117.202 (HKLM) O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab O16 - DPF: {52290B25-D07A-43B5-84D8-493116D50FA0} (WebPlugin Class) - http://webinstall.tscash.com/webinstall.cab O16 - DPF: {6D53CD8D-A3DE-41AF-806E-CAA00336AE1B} (acceler8or) - http://www.clubhardcore.de/wlpopup/acceler8or.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.serviceurl.de/StarInstall.ocx O16 - DPF: {00000000-5555-0704-0B53-2C8830E9FAEC} - http://install.questnet.de/soft/ieloader.cab O16 - DPF: {13258718-B804-4092-8496-55F80AEDBF1F} (TSCPlugin Class) - http://download.tscash.com/static/TSCash3noS.cab O16 - DPF: {8699D723-6DC6-47D3-B55C-489BA006B917} - http://www.tanja.nu/mullekken/webinstall.cab O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://iframedollars.biz/dl/adv480/x.chm::/load.exe O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=2732 O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int4.exe O16 - DPF: {EEF29D20-9A47-4657-ADF7-283EC2504001} - http://download.bigwebportal.com/toolbar2/winenc32.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://www.globalphon.com/dialer/internazionale_ver4.CAB O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) - http://www9.advnt01.com/dialer/win98_P.CAB O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.121.252,192.168.121.253 O18 - Filter: text/html - {6B18EC62-8B55-4D66-A42E-47390756FBEC} - C:\WINDOWS\SYSTEM\PHM.DLL O18 - Filter: text/plain - {6B18EC62-8B55-4D66-A42E-47390756FBEC} - C:\WINDOWS\SYSTEM\PHM.DLL O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - C:\WINDOWS\SYSTEM\child.dll (file missing) aktive Links deaktiviert wegen => http://www.trojaner-board.de/showthread.php?t=31832 12.09.2006 Shadow Geändert von Shadow (12.09.2006 um 18:54 Uhr) |
19.01.2005, 19:35 | #2 | ||||||||||
| was muss ich in meiner logfile fixen??? Hallo tobstarr
__________________Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
.... Sorry, ich habe meine Analyse gestoppt. Und das aus einem einzigen Grund: du musst deine Kiste sowieso Platt machen, Win neu installieren, alle Passwörter wechseln, Update-Seite von Microsoft unbedingt besuchen. Die Seite auch: http://faq.underflow.de/ aktive schädliche Links deaktiviert wegen => http://www.trojaner-board.de/showthread.php?t=31832 Shadow 12.09.2006 Geändert von Shadow (12.09.2006 um 18:56 Uhr) |
Themen zu was muss ich in meiner logfile fixen??? |
.inf, adobe, askbar, button, check, danke, dateien, desktop, explorer, file missing, hijack, hijackthis, internet, internet explorer, links, logfile, messenger, microsoft, msn, msn messenger, programme, registry, rundll32.exe, seite, software, system, t-online, temp, urlsearchhook, windows, windows\temp, yahoo |