![]() |
|
Log-Analyse und Auswertung: Mich hat es auch erwischt mit Nail.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Mich hat es auch erwischt mit Nail.exe hab hier endlich mal etwas Hilfe gesehen und hab auch so eine Hijack-log-datei erstellt. hab die nail.exe gelöscht und in Papierkorb auch habe sie unter G: gefunden. 2 weiter sind in Qarantäne in AnitivirGuard drinnen (SVCPROC.exe+DRPMON.dll) Hier mein Log-File Logfile of HijackThis v1.99.1 Scan saved at 23:23:23, on 28.05.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: G:\WINDOWS\System32\smss.exe G:\WINDOWS\system32\winlogon.exe G:\WINDOWS\system32\services.exe G:\WINDOWS\system32\lsass.exe G:\WINDOWS\system32\svchost.exe G:\WINDOWS\System32\svchost.exe G:\WINDOWS\system32\spoolsv.exe G:\WINDOWS\Explorer.exe G:\Programme\AVPersonal\AVGUARD.EXE G:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe G:\Programme\AVPersonal\AVWUPSRV.EXE G:\PROGRA~1\CACHEM~1\CachemanXP.exe G:\WINDOWS\System32\CTSvcCDA.exe G:\WINDOWS\SYSTEM32\GEARSEC.EXE G:\WINDOWS\System32\nvsvc32.exe G:\WINDOWS\System32\svchost.exe G:\WINDOWS\System32\devldr32.exe G:\Programme\AVPersonal\AVGNT.EXE D:\programme\steam\steam.exe G:\Programme\AOL 9.0\waol.exe G:\Programme\AOL 9.0\shellmon.exe G:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe G:\Programme\Trojancheck 6\tcguard.exe D:\Lili\yahoo\Messenger\YPager.exe G:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe G:\Programme\WinSweep\WSPopup.exe G:\Programme\MSN Messenger\msnmsgr.exe D:\Software\Wincomander\WINCMD400\WINCMD32.EXE G:\DOKUME~1\ASSSSS~1\LOKALE~1\Temp\$wc\HIJACK~1.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Anni is da R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://G:\Programme\WinSweep\ws.js F2 - REG:system.ini: Shell=Explorer.exe G:\WINDOWS\Nail.exe O1 - Hosts: 69.50.188.82 yahoo.com O1 - Hosts: 69.50.188.82 askjeeves.com O1 - Hosts: 69.50.188.82 www.askjeeves.com O1 - Hosts: 69.50.188.82 www.directhit.com O1 - Hosts: 69.50.188.82 directhit.com O1 - Hosts: 69.50.188.82 www.excite.com O1 - Hosts: 69.50.188.82 excite.com O1 - Hosts: 69.50.188.82 www.alltheweb.com O1 - Hosts: 69.50.188.82 go.com O1 - Hosts: 69.50.188.82 www.go.com O1 - Hosts: 69.50.188.82 goto.com O1 - Hosts: 69.50.188.82 www.goto.com O1 - Hosts: 69.50.188.82 lycos.com O1 - Hosts: 69.50.188.82 dmoz.org O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\LILI\yahoo\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - G:\WINDOWS\System32\rsyncmon.dll O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - G:\Programme\ShopperReports\Bin\1.0.0.1\SmrtShpr.dll O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - G:\WINDOWS\Bolger.dll O2 - BHO: (no name) - {3434911C-5EA9-41B4-188E-EE7422C38E13} - (no file) O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - G:\WINDOWS\System32\winb2s32.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Lili\yahoo\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - D:\Lili\yahoo\Common\YIeTagBm.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {6FEA1108-02DF-0FF0-2BDE-5D0AB02931B5} - (no file) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\LILI\yahoo\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &WINSWEEP Toolbar - {E915E62E-41DA-40D0-8106-3438B4D24394} - G:\Programme\WinSweep\SurfBar.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - G:\WINDOWS\System32\winb2s32.dll O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RSync] G:\WINDOWS\System32\netsync.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVGCtrl] G:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [fiookh] g:\windows\system32\rkxaxk.exe O4 - HKCU\..\Run: [Steam] "d:\programme\steam\steam.exe" -silent O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Lili\yahoo\Messenger\ypager.exe" -quiet O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS O8 - Extra context menu item: &Yahoo! Search - file:///D:\Lili\yahoo\Common/ycsrch.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://G:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Lili\yahoo\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Lili\yahoo\Common/ycmap.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Lili\yahoo\Common\yiesrvc.dll O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - G:\Programme\ShopperReports\Bin\1.0.0.1\SmrtShpr.dll O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - G:\Dokumente und Einstellungen\All Users\Desktop\Glophone.lnk (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - G:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - G:\Programme\ShopperReports\Bin\1.0.0.1\SmrtShpr.dll O10 - Broken Internet access because of LSP provider 'rpc32vm.dll' missing O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted IP range: 67.19.178.84 O15 - Trusted IP range: 67.19.178.84 (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab O16 - DPF: {DA511858-B44C-439E-A0EA-704ED20035E7} (EphoxEditLive4.EditLive) - http://www.beepworld.de/hp/activexeditor/editlive4.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{97CE0744-DA8D-4D8A-A379-50F69AEACB52}: NameServer = 205.188.146.145 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - G:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - G:\PROGRA~1\CACHEM~1\CachemanXP.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\SYSTEM32\GEARSEC.EXE O23 - Service: McAfee Firewall - Unknown owner - G:\Programme\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - G:\WINDOWS\svcproc.exe (file missing) ![]() danke mal für Hilfe!!! Anmerkung: Aktive Links editiert. Bitte zukünftig beachten: Posten von HijackThis-Logs Gruß, Lutz Geändert von Lutz (29.05.2005 um 10:38 Uhr) |
Themen zu Mich hat es auch erwischt mit Nail.exe |
.dll, adobe, antivir, antivir update, bho, compare, danke, desktop, einstellungen, excel, explorer, file missing, firewall, heulen, hijackthis, hilfe!!, internet, internet explorer, logfile, mcafee firewall, nvidia, obfuscated, object, programme, rundll, scan, software, system, temp, windows, windows xp, yahoo |