|
Log-Analyse und Auswertung: HJT-Log - wo ist der Hijacker?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.08.2005, 17:27 | #16 |
| HJT-Log - wo ist der Hijacker? "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{F367BD78-D2B5-459A-B775-9C14E06FCC3D}"="Miranda Contact" "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice Property Sheet Handler" "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.5 Context Menu Shell Extension" "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.5 DragDrop Shell Extension" "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.5 Context Menu Shell Extension" "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.5 Property Sheet Shell Extension" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" "{499962A8-6533-4B3D-B3BA-68F18F371C8C}"="" "{D4987A42-7593-491B-884A-3CDB7C847364}"="" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{79253DD6-3E8F-4B61-8FCD-CF2BE9B0D935}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{499962A8-6533-4B3D-B3BA-68F18F371C8C}] @="" "IDEx"="ST115" [HKEY_CLASSES_ROOT\CLSID\{499962A8-6533-4B3D-B3BA-68F18F371C8C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{499962A8-6533-4B3D-B3BA-68F18F371C8C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{499962A8-6533-4B3D-B3BA-68F18F371C8C}\InprocServer32] @="C:\\WINDOWS\\system32\\Addio3D.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{D4987A42-7593-491B-884A-3CDB7C847364}] @="" [HKEY_CLASSES_ROOT\CLSID\{D4987A42-7593-491B-884A-3CDB7C847364}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{D4987A42-7593-491B-884A-3CDB7C847364}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{D4987A42-7593-491B-884A-3CDB7C847364}\InprocServer32] @="C:\\WINDOWS\\system32\\npmsevt.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{79253DD6-3E8F-4B61-8FCD-CF2BE9B0D935}] @="" [HKEY_CLASSES_ROOT\CLSID\{79253DD6-3E8F-4B61-8FCD-CF2BE9B0D935}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{79253DD6-3E8F-4B61-8FCD-CF2BE9B0D935}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{79253DD6-3E8F-4B61-8FCD-CF2BE9B0D935}\InprocServer32] @="C:\\WINDOWS\\system32\\kcdhe319.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ umpnpmgr.dll Thu 30 Jun 2005 4:05:34 A.... 119.296 116,50 K tapisrv.dll Fri 8 Jul 2005 18:28:24 A.... 249.344 243,50 K kerberos.dll Wed 15 Jun 2005 19:49:56 A.... 295.936 289,00 K tvflog.dll Mon 22 Aug 2005 19:06:34 ..S.R 417.792 408,00 K dp7vb.dll Mon 22 Aug 2005 20:23:54 ..S.R 417.792 408,00 K olengl32.dll Mon 22 Aug 2005 20:52:50 ..S.R 417.792 408,00 K kcdhe319.dll Mon 22 Aug 2005 20:28:52 ..S.R 417.792 408,00 K wininet.dll Sun 3 Jul 2005 4:15:28 A.... 664.064 648,50 K urlmon.dll Sun 3 Jul 2005 4:15:28 A.... 605.696 591,50 K shlwapi.dll Sun 3 Jul 2005 4:15:28 A.... 474.112 463,00 K shdocvw.dll Sun 3 Jul 2005 4:15:28 A.... 1.484.288 1,41 M npmsevt.dll Tue 23 Aug 2005 16:21:50 ..S.R 417.792 408,00 K pngfilt.dll Sun 3 Jul 2005 4:15:28 A.... 39.424 38,50 K msrating.dll Sun 3 Jul 2005 4:15:28 A.... 146.432 143,00 K mshtmled.dll Sun 3 Jul 2005 4:15:28 A.... 448.512 438,00 K mshtml.dll Wed 20 Jul 2005 4:04:36 A.... 3.012.096 2,87 M inseng.dll Sun 3 Jul 2005 4:15:24 A.... 96.768 94,50 K iepeers.dll Sun 3 Jul 2005 4:15:24 A.... 251.392 245,50 K cdfview.dll Sun 3 Jul 2005 4:15:24 A.... 152.064 148,50 K browseui.dll Sun 3 Jul 2005 4:15:24 A.... 1.019.904 996,00 K mscms.dll Wed 29 Jun 2005 3:49:40 A.... 74.240 72,50 K cdm.dll Thu 26 May 2005 4:16:24 A.... 75.544 73,77 K itircl.dll Fri 27 May 2005 4:04:48 A.... 155.136 151,50 K icm32.dll Wed 29 Jun 2005 3:49:40 A.... 254.976 249,00 K iuengine.dll Thu 26 May 2005 4:16:24 A.... 198.424 193,77 K khdru.dll Sun 24 Jul 2005 21:31:44 ..S.R 417.792 408,00 K wuapi.dll Thu 26 May 2005 4:16:22 A.... 466.200 455,27 K wups.dll Thu 26 May 2005 4:16:30 A.... 41.240 40,27 K itss.dll Fri 27 May 2005 4:04:48 A.... 137.216 134,00 K hhsetup.dll Fri 27 May 2005 4:04:48 A.... 41.472 40,50 K wuaueng.dll Thu 26 May 2005 4:16:30 A.... 1.343.768 1,28 M wuaueng1.dll Thu 26 May 2005 4:16:22 A.... 194.840 190,27 K wucltui.dll Thu 26 May 2005 4:16:22 A.... 128.280 125,27 K wups2.dll Thu 26 May 2005 4:16:30 A.... 18.200 17,77 K wuweb.dll Thu 26 May 2005 4:16:30 A.... 173.536 169,47 K cbfgnt.dll Sat 13 Aug 2005 16:21:58 ..S.R 417.792 408,00 K ruched20.dll Sat 13 Aug 2005 22:10:52 ..S.R 417.792 408,00 K dtsetup.dll Sun 14 Aug 2005 14:32:14 ..S.R 417.792 408,00 K mgsap.dll Sun 14 Aug 2005 20:41:04 ..S.R 417.792 408,00 K oztext32.dll Mon 15 Aug 2005 15:12:30 ..S.R 417.792 408,00 K pztorsvc.dll Mon 15 Aug 2005 22:00:14 ..S.R 417.792 408,00 K prgfilt.dll Tue 16 Aug 2005 20:29:32 ..S.R 417.792 408,00 K gwfspi~1.dll Tue 12 Jul 2005 18:04:22 A.... 23.304 22,76 K legitc~1.dll Wed 3 Aug 2005 10:33:42 A.... 520.456 508,26 K 44 items found: 44 files (13 H/S), 0 directories. Total of file sizes: 18.337.456 bytes 17,48 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 380A-5F2F Verzeichnis von C:\WINDOWS\System32 23.08.2005 16:21 417.792 npmsevt.dll 22.08.2005 20:52 417.792 olengl32.dll 22.08.2005 20:28 417.792 kcdhe319.dll 22.08.2005 20:23 417.792 dp7vb.dll 22.08.2005 19:06 417.792 tvflog.dll 16.08.2005 20:29 417.792 PRGFILT.DLL 15.08.2005 22:00 417.792 pztorsvc.dll 15.08.2005 15:12 417.792 oztext32.dll 14.08.2005 20:41 417.792 mgsap.dll 14.08.2005 14:32 417.792 dtsetup.dll 13.08.2005 22:10 417.792 ruched20.dll 13.08.2005 16:21 417.792 cbfgnt.dll 24.07.2005 21:31 417.792 khdru.dll 29.09.2004 19:57 <DIR> Microsoft 29.09.2004 19:31 <DIR> dllcache 24.04.2002 19:29 5.120 Thumbs.db 14 Datei(en) 5.436.416 Bytes 2 Verzeichnis(se), 6.083.215.360 Bytes frei |
24.08.2005, 19:04 | #17 |
| HJT-Log - wo ist der Hijacker? So, also die Dateien von Wildone hab ich alle per Hand gelöscht. E-Scan hat danach nur noch 2 l2m-Dateien gefunden, die hab ich auch gelöscht.
__________________Das l2mfix-Log finde ich auch sehr abschreckend, aber vielleicht kann mir da noch jemand sagen, wie ich mit dem Prog weiter vorgehen muss. Soll ich alle DLLs aus dem unteren Bereich löschen?! Wobei es ja sagt, dass sie nicht unbedingt alle "bad" sind.... *hm Das Hijacken auf dem Rechner ist besser, aber noch nicht weg. Muss also noch irgendwo was versteckt sein. Gruß Yeesha |
Themen zu HJT-Log - wo ist der Hijacker? |
adobe, antivirus, antivirus scan, asus, bho, danke, desktop, dll, download, drivers, dsl, einstellungen, explorer, firefox, hijackthis, home, icqtoolbar, internet, internet explorer, kaspersky, logfile, mozilla, mozilla firefox, programme, rundll, s-1-5-18, scan, symantec, system, urlsearchhook, windows, windows xp |