| |
| |||||||
Log-Analyse und Auswertung: Probleme mit der AuswertungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.10.2005, 21:14
| #3 |
| |  Probleme mit der Auswertung Hallo,
__________________erstmal danke für die schnelle Hilfe. Hab hier jetzt die Logfiles von HijackThis und escan. Logfile of HijackThis v1.99.1 Scan saved at 22:06:21, on 28.10.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\System32\wdfmgr.exe C:\Programme\Browser MOUSE\mouse32a.exe C:\Programme\Motherboard Monitor 5\MBM5.EXE C:\Programme\Winamp\winampa.exe C:\WINDOWS\System32\rundll32.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\phonostar\ps_agent.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\FRITZ!DSL\FritzDsl.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\explorer.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Benji\LOKALE~1\Temp\Rar$EX00.453\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [MBM 5] "C:\Programme\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [rdirector] C:\WINDOWS\System32\rdirector.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: FRITZ!web DSL.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{D464DC66-6CF0-4D7D-9C36-A42B670FC959}: NameServer = 192.168.122.252,192.168.122.253 O20 - Winlogon Notify: st3i - C:\WINDOWS\q766250.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe E-Scan alt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Thu Oct 27 21:35:16 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. Thu Oct 27 21:35:16 2005 => File C:\WINDOWS\System32\OLEEXT.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. Thu Oct 27 21:35:48 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken. Thu Oct 27 21:35:49 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. Thu Oct 27 21:35:49 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:35:49 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:35:49 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:35:52 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Thu Oct 27 21:35:53 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken. Thu Oct 27 21:35:53 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Thu Oct 27 21:40:22 2005 => Total Disinfected Files: 0 Thu Oct 27 21:45:21 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. Thu Oct 27 21:45:21 2005 => File C:\WINDOWS\System32\OLEEXT.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. Thu Oct 27 21:45:57 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken. Thu Oct 27 21:45:57 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. Thu Oct 27 21:45:57 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:45:57 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:45:57 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:46:01 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Thu Oct 27 21:46:02 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken. Thu Oct 27 21:46:02 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Thu Oct 27 21:59:50 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77604A52.class infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. Thu Oct 27 21:59:51 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77AB1000.class infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. Thu Oct 27 21:59:51 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77C909DF.class infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. Thu Oct 27 22:12:59 2005 => File C:\WINDOWS\system32\oleext.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. Thu Oct 27 22:13:45 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. Thu Oct 27 22:20:10 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000522.exe tagged as "not-a-virus:AdWare.Win32.WebHancer.351". Action Taken: No Action Taken. Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000524.dll tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken. Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000538.EXE tagged as "not-a-virus:AdWare.Win32.WebHancer". Action Taken: No Action Taken. Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000543.EXE tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Statisktiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Thu Oct 27 21:35:50 2005 => Offending Key found: HKLM\Software\edonkey2000 !!! Thu Oct 27 21:35:50 2005 => Offending Key found: HKCU\Software\gnu !!! Thu Oct 27 21:35:52 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Thu Oct 27 21:35:53 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat Thu Oct 27 21:35:53 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Thu Oct 27 21:40:22 2005 => Total Virus(es) Found: 12 Thu Oct 27 21:45:58 2005 => Offending Key found: HKLM\Software\edonkey2000 !!! Thu Oct 27 21:45:58 2005 => Offending Key found: HKCU\Software\gnu !!! Thu Oct 27 21:46:01 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Thu Oct 27 21:46:02 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat Thu Oct 27 21:46:02 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Thu Oct 27 22:20:10 2005 => Total Virus(es) Found: 21 Thu Oct 27 21:40:22 2005 => Total Errors: 48 Thu Oct 27 22:20:10 2005 => Total Errors: 49 Thu Oct 27 21:40:22 2005 => Time Elapsed: 00:05:15 Thu Oct 27 22:20:10 2005 => Time Elapsed: 00:34:37 Thu Oct 27 21:40:22 2005 => Total Objects Scanned: 23861 Thu Oct 27 22:20:10 2005 => Total Objects Scanned: 55804 Thu Oct 27 21:34:52 2005 => Virus Database Date: 2005/10/21 Thu Oct 27 21:40:22 2005 => Virus Database Date: 2005/10/21 Thu Oct 27 21:40:25 2005 => Virus Database Date: 2005/10/21 Thu Oct 27 21:44:55 2005 => Virus Database Date: 2005/10/21 Thu Oct 27 22:20:10 2005 => Virus Database Date: 2005/10/21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ E-Scan neu: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Fri Oct 28 14:48:41 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. Fri Oct 28 14:48:41 2005 => File C:\WINDOWS\System32\OLEEXT.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. Fri Oct 28 14:49:19 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken. Fri Oct 28 14:49:19 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. Fri Oct 28 14:49:22 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Fri Oct 28 14:49:22 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken. Fri Oct 28 14:49:22 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Fri Oct 28 15:18:03 2005 => File C:\WINDOWS\system32\oleext.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. Fri Oct 28 15:19:08 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. Fri Oct 28 15:26:39 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Fri Oct 28 15:06:17 2005 => File C:\RECYCLER\NPROTECT\00000522.exe tagged as "not-a-virus:AdWare.Win32.WebHancer.351". Action Taken: No Action Taken. Fri Oct 28 15:06:17 2005 => File C:\RECYCLER\NPROTECT\00000524.dll tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken. Fri Oct 28 15:06:17 2005 => File C:\RECYCLER\NPROTECT\00000543.EXE tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Fri Oct 28 14:49:20 2005 => Offending Key found: HKCU\Software\gnu !!! Fri Oct 28 14:49:22 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Fri Oct 28 14:49:22 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat Fri Oct 28 14:49:22 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Fri Oct 28 15:26:39 2005 => Total Virus(es) Found: 13 Fri Oct 28 15:26:39 2005 => Total Errors: 21 Fri Oct 28 15:26:39 2005 => Time Elapsed: 00:37:55 Fri Oct 28 15:26:39 2005 => Total Objects Scanned: 56065 Fri Oct 28 14:48:21 2005 => Virus Database Date: 2005/10/21 Fri Oct 28 15:26:39 2005 => Virus Database Date: 2005/10/21 Fri Oct 28 15:27:18 2005 => Virus Database Date: 2005/10/21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ Gruß Benjamin |
| Themen zu Probleme mit der Auswertung |
| .dll, antivirus, auswertung, c:\windows, client, dateien, einstellungen, fifa, file, files, gen, helfen, infected, norton, not-a-virus, probleme, programme, quara, recycler, recycler\, scan, software, symantec, system, system32, total, windows |
Baum-Darstellung