|
Log-Analyse und Auswertung: Bitte dieses HJT-Log auswertenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.07.2005, 15:26 | #1 |
| Bitte dieses HJT-Log auswerten Hallo, könnt ihr damit was anfangen? Logfile of HijackThis v1.99.1 Scan saved at 16:17:28, on 04.07.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\PROGRA~1\Serv-U\SERVUD~1.EXE C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\system32\rdpclip.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\S3apphk.exe C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programme\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe C:\PROGRA~1\WinFax\WFXSWTCH.exe C:\WINDOWS\System32\wfxsnt40.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\intel32.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\WinFax\WFXCTL32.EXE D:\Daten\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O1 - Hosts: 62.75.224.159 www.bns1.net O1 - Hosts: 62.75.224.159 www.bns2.net O1 - Hosts: 62.75.224.159 www.bns3.net O1 - Hosts: 62.75.224.159 www.bns4.net O1 - Hosts: 62.75.224.159 www.bns5.net O1 - Hosts: 62.75.224.159 www.bns6.net O1 - Hosts: 62.75.224.159 www.bns7.net O1 - Hosts: 62.75.224.159 www.bns8.net O1 - Hosts: 62.75.224.159 www.cms1.net O1 - Hosts: 62.75.224.159 www.cms2.net O1 - Hosts: 62.75.224.159 www.cms3.net O1 - Hosts: 62.75.224.159 www.cms4.net O1 - Hosts: 62.75.224.159 www.cms5.net O1 - Hosts: 62.75.224.159 www.cms6.net O1 - Hosts: 62.75.224.159 www.cms7.net O1 - Hosts: 62.75.224.159 www.cms8.net O1 - Hosts: 62.75.224.159 www.rg1.com O1 - Hosts: 62.75.224.159 www.rg2.com O1 - Hosts: 62.75.224.159 www.rg3.com O1 - Hosts: 62.75.224.159 www.rg4.com O1 - Hosts: 62.75.224.159 www.rg5.com O1 - Hosts: 62.75.224.159 www.rg6.com O1 - Hosts: 62.75.224.159 www.rg7.com O1 - Hosts: 62.75.224.159 www.rg8.com O1 - Hosts: 62.75.224.159 jcms.cydoor.com O1 - Hosts: 62.75.224.159 cydoor.com O1 - Hosts: 62.75.224.159 jnova.cjt1.net O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net O1 - Hosts: 62.75.224.159 j.2004CMS.com O1 - Hosts: 62.75.224.159 2004CMS.com O1 - Hosts: 62.75.224.159 bns1.m7z.net O1 - Hosts: 62.75.224.159 m7z.net O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [S3apphk] S3apphk.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe O4 - HKLM\..\Run: [Microsoft Windows Security Patch] C:\WINDOWS\System32\mspatchsec.exe O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Controller.LNK = C:\Programme\WinFax\WFXCTL32.EXE O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{10DFC9A8-53D3-44BC-B404-D661A852925D}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{1128B0A3-02C2-4D00-89DC-2F2869F26114}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{90FEA03D-E009-434F-BA51-BB50250E4D77}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{B4C9582B-3FEF-45C3-8DCD-E49837EF4F96}: NameServer = 192.168.0.1,0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\..\{D118189D-5F23-47E6-8CD2-D692E61A2A03}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{10DFC9A8-53D3-44BC-B404-D661A852925D}: NameServer = 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{10DFC9A8-53D3-44BC-B404-D661A852925D}: NameServer = 192.168.0.1 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: DvISE ClipInc 001 (DavidClipInc001) - Unknown owner - C:\David\APPS\CLIPINC\CODE\CLIPINC.EXE (file missing) O23 - Service: DvISE Discussion Server (DavidDiscussionServer) - Unknown owner - C:\David\APPS\DSERVER\CODE\DSERVER.EXE (file missing) O23 - Service: DvISE Grabbing Server (DavidGrabbingServer) - Unknown owner - C:\David\APPS\DVGRAB\CODE\DVGRAB.EXE (file missing) O23 - Service: DvISE Host (DavidHost) - Unknown owner - C:\David\APPS\DVHOST\CODE\DVHOST.EXE (file missing) O23 - Service: DvISE Mail Access Server (DavidMailAccessServer) - Unknown owner - C:\PROGRA~1\DAVID\APPS\MASERVER\CODE\MASERVER.EXE (file missing) O23 - Service: DvISE PBXpense (DavidPBXpense) - Unknown owner - C:\David\APPS\PBXPENSE\CODE\PBXPENSE.EXE (file missing) O23 - Service: DvISE PCL Conversion Server (DavidPCL) - Unknown owner - C:\PROGRA~1\DAVID\APPS\FAXWARE\CONVERT\PCL\PCL.EXE (file missing) O23 - Service: DvISE PostMan (DavidPostMan) - Unknown owner - C:\David\APPS\POSTMAN\CODE\POSTMAN.EXE (file missing) O23 - Service: DvISE Replica (DavidReplica) - Unknown owner - C:\David\APPS\REPLICA\CODE\REPLICA.EXE (file missing) O23 - Service: DvISE Service Layer (DavidServiceLayer) - Unknown owner - C:\David\CODE\SL.EXE (file missing) O23 - Service: DvISE TLD 001 (DavidTLD001) - Unknown owner - C:\David\tld\code\CAPI\tld.exe (file missing) O23 - Service: DvISE TVIndex (DavidTVIndex) - Unknown owner - C:\David\APPS\TVINDEX\TVINDEX.EXE (file missing) O23 - Service: DvISE VideoCapture (DavidVideoCapture) - Unknown owner - C:\David\APPS\VIDEOCPT\CODE\VIDEOC~1.EXE (file missing) O23 - Service: DvISE WebBox (DavidWebBox) - Unknown owner - C:\PROGRA~1\DAVID\APPS\WEBBOX\CODE\WEBBOX.EXE (file missing) O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\PROGRA~1\Serv-U\SERVUD~1.EXE O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe |
04.07.2005, 20:41 | #2 |
| Bitte dieses HJT-Log auswerten @killerbirke
__________________überprüfe dein rechner mit escan http://www.trojaner-board.de/showthread.php?t=17492 chaosman
__________________ |
Themen zu Bitte dieses HJT-Log auswerten |
.com, antivir, antivir update, auswerten, button, code, document, explorer, ftp, hijack, hijackthis, hjt-log, internet, internet explorer, mail, microsoft, monitor, office, programme, security, software, start, system, system32, update, windows, windows security, windows xp |