bitte logfile prüfen

gereon · 21.02.2005, 14:22

Hallo, ich habe probleme mit der Startseite und dauernd popups, ausserdem bekomme ich jedememge müllmails. kann mir jemand helfen?
Gruss Gereon
wenn möglich antwort per email club.senior@muselheem.lu

hier mein logfile
ogfile of HijackThis v1.99.0
Scan saved at 14:26:19, on 21.02.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Programme\Network Associates\VirusScan\VsStat.exe
C:\Programme\Network Associates\VirusScan\Vshwin32.exe
C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
C:\Programme\Network Associates\VirusScan\Avconsol.exe
C:\Programme\Network Associates\VirusScan\Webscanx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\prvdi.exe
C:\Program Files\InterMute\AdSubtract\AdSub.exe
C:\WINNT\system32\wuauclt.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\CLUBSE~1.000\LOKALE~1\Temp\Rar$EX00.943\HijackThis.exe
C:\DOKUME~1\CLUBSE~1.000\LOKALE~1\Temp\Rar$EX00.263\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0000_ho
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0000_ho
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programme\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1748
O2 - BHO: Name - {0367A40F-3CF9-4FC9-A9F1-0E8C5C81925C} - C:\WINNT\system32\mszml.dll
O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:\Programme\STHomePage\STHomePage2.dll
O2 - BHO: Name - {33525196-7126-4D17-B181-F840A3A60388} - C:\WINNT\system32\mszml.dll
O2 - BHO: STLinksCtrl Class - {B54BFA47-D897-49CA-9657-05EC9F80A32B} - C:\Programme\STLinks\STLinks2.dll
O2 - BHO: STIEbarBHO Class - {D797AD6C-6447-4DB4-91D0-090344408E72} - C:\Programme\0CAT YellowPages\STIEbar2.dll
O3 - Toolbar: 0CAT Yellow Pages - {679695BC-A811-4A9D-8CDF-BA8C795F261A} - C:\Programme\0CAT YellowPages\STIEbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Windows Service] C:\WINNT\system32\prvdi.exe
O4 - HKLM\..\Run: [sysobj.exe] sysobj.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINNT\system32\prvdi.exe
O4 - Startup: AdSubtract.lnk = C:\Program Files\InterMute\AdSubtract\AdSub.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
O9 - Extra button: My button - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Programme\0CAT YellowPages\STIEbar2.dll
O9 - Extra 'Tools' menuitem: My menu - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Programme\0CAT YellowPages\STIEbar2.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...18/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E68AF65-EA50-4F5E-80F5-7F86E2B23804}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E68AF65-EA50-4F5E-80F5-7F86E2B23804}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E68AF65-EA50-4F5E-80F5-7F86E2B23804}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,195.225.176.31
O23 - Service: AVSync Manager - Unknown - C:\Programme\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McShield - Unknown - C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

chaosman · 21.02.2005, 20:55

@gereon
lade escan
download
anleitung
überprüfe Deinen Rechner zunächst mit dem eScan: lade den eScan runter, erstelle dafür einen Ordner (=Verzeichnis) c:\bases, update den eScan online und führe ihn offline im abgesicherten Modus aus. Beachte, dass der eScan ab Version 4.5.1 gefundene Malware nicht löscht. Das wird von Hand auf Anweisung durch uns gemacht.

Teile uns dann das Ergebnis des eScan mit: welche Viren wurden auf Deinem Rechner gefunden: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." (Zitat Cidre)

chaosman

gereon · 22.02.2005, 14:46

3. Versuch hier was zu posten. Dies ist hoffenlich das richtige logfile oder wie immer man das nennt.
Gruss Gereon
Tue Feb 22 09:43:59 2005 => File C:\WINNT\system32\msvcrta.dll infected by "Trojan.Win32.Agent.q" Virus. Action Taken: No Action Taken.
Tue Feb 22 09:43:59 2005 => File C:\WINNT\system32\prvdi.exe infected by "Trojan-Dropper.Win32.Small.rd" Virus. Action Taken: No Action Taken.
ue Feb 22 09:44:02 2005 => File C:\WINNT\system32\msvcrta.dll infected by "Trojan.Win32.Agent.q" Virus. Action Taken: No Action Taken.
Tue Feb 22 09:44:08 2005 => File C:\WINNT\system32\prvdi.exe infected by "Trojan-Dropper.Win32.Small.rd" Virus. Action Taken: No Action Taken.
Tue Feb 22 09:44:19 2005 => File C:\WINNT\sys734.exe infected by "Trojan.Win32.Dialer.fv" Virus. Action Taken: No Action Tak
ue Feb 22 09:44:19 2005 => File C:\WINNT\sys746.exe infected by "Trojan.Win32.Favadd.f" Virus. Action Taken: No Action Taken.
NT\system32\ADV.dll infected by "not-a-virus:AdWare.ToolBar.Tubby.b" Virus. Action Taken: No Action Taken
\system32\connmie.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Tue Feb 22 09:44:42 2005 => File C:\WINNT\system32\dxconf.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
ue Feb 22 09:45:06 2005 => File C:\WINNT\system32\msgh.dll infected by "Trojan-Downloader.Win32.Agent.fy" Virus. Action Taken: No Action Taken.
Tue Feb 22 09:45:08 2005 => File C:\WINNT\system32\msmn.dll infected by "Trojan-Downloader.Win32.Agent.fy" Virus. Action Taken: No Action Taken.
T\system32\msqr.dll infected by "Trojan-Downloader.Win32.Agent.fy" Virus. Action Taken: No Action Taken.
Tue Feb 22 09:45:12 2005 => File C:\WINNT\system32\msxy.dll infected by "Trojan-Downloader.Win32.Agent.fy" Virus. Action Taken: No Action Taken.
Tue Feb 22 09:45:17 2005 => File C:\WINNT\system32\ntosv.dll infected by "Trojan-Downloader.Win32.Small.ahh" Virus. Action Taken: No Action Taken.Tue Feb 22 09:45:39 2005 => C:\WINNT\system32\truettf.exe possibly infected and removed by background antivirus packageTue Feb 22 09:45:39 2005 => File C:\WINNT\system32\truettf.exe infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
Tue Feb 22 09:45:49 2005 => File C:\DOKUME~1\CLUBSE~1.000\LOKALE~1\Temp\prvdi.exe infected by "Trojan-Dropper.Win32.Small.rd" Virus. Action Taken: No Action Taken.
Tue Feb 22 10:10:54 2005 => File C:\WINNT\system32\msvcrta.dll infected by "Trojan.Win32.Agent.q" Virus. Action Taken: No Act
Tue Feb 22 10:10:55 2005 => File C:\WINNT\system32\prvdi.exe infected by "Trojan-Dropper.Win32.Small.rd" Virus. Action Taken: No Action Taken.
Tue Feb 22 10:10:59 2005 => File C:\WINNT\system32\connmie.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken
Tue Feb 22 10:10:59 2005 => File C:\WINNT\system32\dxconf.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Tue Feb 22 10:11:00 2005 => File C:\WINNT\system32\msvcrta.dll infected by "Trojan.Win32.Agent.q" Virus. Action Taken: No Act
Tue Feb 22 10:11:04 2005 => File C:\WINNT\system32\prvdi.exe infected by "Trojan-Dropper.Win32.Small.rd" Virus. Action Taken: No Action Taken.
Tue Feb 22 10:11:15 2005 => File C:\WINNT\sys734.exe infected by "Trojan.Win32.Dialer.fv" Virus. Action Taken: No Action Taken.
Tue Feb 22 10:11:15 2005 => File C:\WINNT\sys746.exe infected by "Trojan.Win32.Favadd.f" Virus. Action Taken: No Action Taken.
Tue Feb 22 10:11:20 2005 => File C:\WINNT\system32\ADV.dll infected by "not-a-virus:AdWare.ToolBar.Tubby.b" Virus. Action Taken: No Action Taken.
Tue Feb 22 10:11:27 2005 => File C:\WINNT\system32\connmie.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken
Tue Feb 22 10:11:36 2005 => File C:\WINNT\system32\dxconf.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken:
Tue Feb 22 10:11:59 2005 => File C:\WINNT\system32\msgh.dll infected by "Trojan-Downloader.Win32.Agent.fy" Virus. Action Taken: No Action Taken.
Tue Feb 22 10:12:01 2005 => File C:\WINNT\system32\msmn.dll infected by "Trojan-Downloader.Win32.Agent.fy" Virus. Action Taken: No Action Taken.
Tue Feb 22 10:12:02 2005 => File C:\WINNT\system32\msqr.dll infected by "Trojan-Downloader.Win32.Agent.fy" Virus. Action Take
Tue Feb 22 10:12:04 2005 => File C:\WINNT\system32\msxy.dll infected by "Trojan-Downloader.Win32.Agent.fy" Virus. Action Taken: No Action Taken.
Tue Feb 22 10:12:09 2005 => File C:\WINNT\system32\ntosv.dll infected by "Trojan-Downloader.Win32.Small.ahh" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:42:34 2005 => File C:\WINNT\system32\msvcrta.dll infected by "Trojan.Win32.Agent.q" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:42:40 2005 => File C:\WINNT\system32\prvdi.exe infected by "Trojan-Dropper.Win32.Small.rd" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:42:56 2005 => File C:\WINNT\sys734.exe infected by "Trojan.Win32.Dialer.fv" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:42:56 2005 => File C:\WINNT\sys746.exe infected by "Trojan.Win32.Favadd.f" Virus. Action Taken: No Action Taken.
ue Feb 22 11:43:01 2005 => File C:\WINNT\system32\ADV.dll infected by "not-a-virus:AdWare.ToolBar.Tubby.b" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:43:11 2005 => File C:\WINNT\system32\connmie.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:43:26 2005 => File C:\WINNT\system32\dxconf.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:43:59 2005 => File C:\WINNT\system32\msgh.dll infected by "Trojan-Downloader.Win32.Agent.fy" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:44:02 2005 => File C:\WINNT\system32\msmn.dll infected by "Trojan-Downloader.Win32.Agent.fy" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:44:04 2005 => File C:\WINNT\system32\msqr.dll infected by "Trojan-Downloader.Win32.Agent.fy" Virus. Action Take
ue Feb 22 11:44:08 2005 => File C:\WINNT\system32\msxy.dll infected by "Trojan-Downloader.Win32.Agent.fy" Virus. Action
Tue Feb 22 11:44:15 2005 => File C:\WINNT\system32\ntosv.dll infected by "Trojan-Downloader.Win32.Small.ahh" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:48:33 2005 => File C:\WINNT\Downloaded Program Files\user.exe infected by "Trojan-Dropper.Win32.Small.jp" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:55:39 2005 => File C:\WINNT\sys734.exe infected by "Trojan.Win32.Dialer.fv" Virus. Action Taken: No Action Taken.
ue Feb 22 11:55:39 2005 => File C:\WINNT\sys746.exe infected by "Trojan.Win32.Favadd.f" Virus. Action Taken: No Action Taken.
ue Feb 22 11:55:44 2005 => File C:\WINNT\system32\ADV.dll infected by "not-a-virus:AdWare.ToolBar.Tubby.b" Virus. Action
ue Feb 22 11:55:59 2005 => File C:\WINNT\system32\connmie.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:58:42 2005 => File C:\WINNT\system32\dxconf.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:59:17 2005 => File C:\WINNT\system32\msgh.dll infected by "Trojan-Downloader.Win32.Agent.fy" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:59:21 2005 => File C:\WINNT\system32\msmn.dll infected by "Trojan-Downloader.Win32.Agent.fy" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:59:22 2005 => File C:\WINNT\system32\msqr.dll infected by "Trojan-Downloader.Win32.Agent.fy" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:59:27 2005 => File C:\WINNT\system32\msxy.dll infected by "Trojan-Downloader.Win32.Agent.fy" Virus. Action Taken: No Action Taken.
Tue Feb 22 11:59:36 2005 => File C:\WINNT\system32\ntosv.dll infected by "Trojan-Downloader.Win32.Small.ahh" Virus. Action Taken: No Action Taken.

bitte logfile prüfen

Log-Analyse und Auswertung: bitte logfile prüfen