| |
| |||||||
Log-Analyse und Auswertung: Logfile sauber???Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
29.11.2005, 13:23
| #1 |
 |  Logfile sauber??? Liebe Gemeinde, kann mir jemand sagen, ob dieses Logfile sauber von Trojanern und Viren ist. Besten Dank, Oli Logfile: Logfile of HijackThis v1.99.1 Scan saved at 09:18:39, on 29.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\IBM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\Fast.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\fast.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\oli\LOKALE~1\Temp\Rar$EX00.515\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [BMMLREF] C:\Programme\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [QCWLICON] C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [PRONoMgrWired] C:\Programme\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\IBM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\IBM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\IBM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\IBM\Bluetooth Software\bin\btwdins.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
29.11.2005, 13:26
| #2 |
   | Logfile sauber??? Servus!
__________________Nein, nicht sauber! Arbeite mal diese Anleitung durch http://www.trojaner-board.de/showthread.php?t=21709 und poste anschließend die logfiles stupormundi
__________________ Geändert von stupormundi (29.11.2005 um 13:43 Uhr) |
|
29.11.2005, 13:50
| #3 |
| | Logfile sauber??? Hallo stupormondi,
__________________Danke erstmal für deine Antwort. spybot findet nichts. Escan habe ich nicht noch mal drüberlaufen lassen. Meinst du das reicht? Gibt es eigentlich irgendwelche bekannten Konflikte zwischen Spybot, meiner ZoneLabs Firewall und dem AV-Virensschutz. Kann das alles problemlos zusammen laufen? |
|
29.11.2005, 13:54
| #4 |
| | Logfile sauber??? Lies bitte die ganze Anleitung von Anfang bis zum Ende und handle danach (smitrem.zip) etc.. Um die Programme brauchst Du dir keine Sorgen machen, die spielen in verschiedenen Klassen! stupormundi
__________________ Unsichtbare Dateien suchen: Sehr gute Anleitung von Rene-gad: WICHTIG: Alle aktiven links editieren (http-->h**p) und persönliche Informationen aus den Logfiles entfernen Kein Support via PN - sorry! |
|
29.11.2005, 15:28
| #5 |
| | Logfile sauber??? Hallo stupormondi, hier also die Logfiles, zuerst das von HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 15:19:22, on 29.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\IBM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\PROGRA~1\eScan\TRAYSSER.EXE C:\WINDOWS\system32\Fast.exe C:\PROGRA~1\eScan\avpm.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\fast.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\eScan\AVPMWrap.EXE C:\PROGRA~1\eScan\MAILDISP.EXE C:\PROGRA~1\eScan\MAILSCAN.EXE C:\PROGRA~1\eScan\SPOOLER.EXE C:\PROGRA~1\eScan\kavss.exe C:\PROGRA~1\eScan\AvpM.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Microsoft Office\Office10\WINWORD.EXE C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\oli\LOKALE~1\Temp\Rar$EX01.836\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [BMMLREF] C:\Programme\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [PRONoMgrWired] C:\Programme\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\IBM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\IBM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\IBM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'mwtsp.dll' missing O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\IBM\Bluetooth Software\bin\btwdins.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Als nächstes das eScan: Object "eDonkey2000 Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eDonkey2000 Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "IncrediFind Browser Hijacker" found in File System! Action Taken: No Action Taken. Object "RedV Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "CWS.LoadAdv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\cddvdint.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\AdobeRGB1998.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ahead\NeroDigital\settings.xml". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "%JavaDir%\QTJava.zip". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\AdobePDF.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\2.10" refers to invalid object "C:\ArchiCAD 6.0-E\2.10". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\system32\cmmgr32.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe" refers to invalid object "C:\DOKUME~1\oli\LOKALE~1\Temp\Rar$EX00.515\hijackthis.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Installer.exe" refers to invalid object "C:\Programme\IBM\Wireless\Installer.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Programme\ATI Technologies\ATI Control Panel\setup.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe" refers to invalid object "C:\Programme\GenesysLogic\Genesys USB Mass Storage Device\YourApp.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 6.0\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 6.0\Acrobat\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000001}\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 7.0\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 7.0\ActiveX\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".001". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/out/". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".deq". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DS_Store". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".efc". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IFO". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sitx". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VIR". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "._501". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "CTDVDAudio Plugin". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{3CB41017-F5CA-4C56-934C-ED02156251E6}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Yahoo! Companion". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{00000407-78E1-11D2-B60F-006097C998E7}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0873D5C6-F318-409F-9516-FFE0F863B929}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2F45729F-FD6C-4D67-A675-8BF01BE8F1E7}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3860F6E7-F4BB-4443-A4D8-AC44396E98EE}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4428635E-C0CB-43C7-B383-9717EAD014F6}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4757E865-0292-4E04-940D-9C51052A5DD6}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A1F78920-D074-41B3-B244-77FE9E83F081}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-1033-F400-7760-000000000001}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B6F867E8-F092-4C5E-ACA0-F30547DC3874}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{BB6F8001-A8C5-41A1-9EE0-E5B245A500AA}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{BE898464-0D40-4794-AB7D-6AF9DB730211}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FC062842-3318-4897-800F-F5CBBDDCC775}". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Shell\psicon.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{5ED1B70D-E6F6-4572-8C01-3D13429D2281}" refers to invalid object "C:\PROGRA~1\Adobe\ACROBA~1.0\ACROBA~1\ACROBA~1.EXE". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}" refers to invalid object "C:\Programme\Adobe\Acrobat 6.0\Acrobat\plug_ins\Accessibility.api". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{0272F85F-ED91-43DE-B277-22E78B01DEF4}" refers to invalid object "C:\DOKUME~1\oli\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{12CF33BB-CF08-43B6-AD9D-DD1BFFE7F5A9}" refers to invalid object "C:\DOKUME~1\oli\LOKALE~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{1E38E0CA-0D15-453C-BFD6-173EFC99FCF4}" refers to invalid object "C:\DOKUME~1\oli\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{2FC0D85C-F1EC-442D-B334-32551523F526}" refers to invalid object "C:\DOKUME~1\Katja\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{38621105-225E-4716-964C-A9AC8804F989}" refers to invalid object "C:\Programme\Gemeinsame Dateien\InterVideo\DVD6\InterActual\IAManager.dll". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{3E1FFB50-C586-4808-B66B-B7DE020D0F57}" refers to invalid object "C:\DOKUME~1\oli\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{678DAB0F-D44D-419A-B503-1D5C877D9793}" refers to invalid object "C:\DOKUME~1\oli\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{7028B2D6-CBCF-452E-A52E-616C9AFE7281}" refers to invalid object "C:\DOKUME~1\oli\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{90D10F2F-9D4E-474F-B609-07DA0354A946}" refers to invalid object "C:\DOKUME~1\oli\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{97802895-C912-4C70-8F97-D6756F3A8BAB}" refers to invalid object "C:\DOKUME~1\oli\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{A93EFE56-8531-407C-9420-C42CEA8509B1}" refers to invalid object "C:\DOKUME~1\oli\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{AF1E7A27-7642-4BF0-87FD-11336067483E}" refers to invalid object "C:\DOKUME~1\oli\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{BB54ACE4-C04F-4054-BB21-85DFC5CEECAF}" refers to invalid object "C:\DOKUME~1\oli\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{C523F390-9C83-11D3-9094-00104BD0D535}" refers to invalid object "C:\Programme\Adobe\Acrobat 6.0\Acrobat\plug_ins\Accessibility.api". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{CB72AE61-C1AD-4BCD-B901-DB66DFD7B6F3}" refers to invalid object "C:\DOKUME~1\oli\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{CF09E3AF-906D-47E4-AA2A-E65A3CABCC46}" refers to invalid object "C:\DOKUME~1\oli\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{D6005B81-7098-470C-B6F9-CBEABF2EC841}" refers to invalid object "C:\DOKUME~1\oli\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{EAC2C314-A765-4319-AB07-FDA5165F5885}" refers to invalid object "C:\DOKUME~1\Katja\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. Entry "HKCR\.rep" refers to invalid object "ArchiCAD.repFile". Action Taken: No Action Taken. Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken. Entry "HKCR\.xfd" refers to invalid object "AcroExch.XFDDoc". Action Taken: No Action Taken. Entry "HKCR\Adobe.ogg.3" refers to invalid object "{D6D56089-7C5F-3853-C5B4-8DBBA6D5DE48}". Action Taken: No Action Taken. Entry "HKCR\Adobe.workflow.files\shell\open\command" refers to invalid object ""C:\Programme\Gemeinsame Dateien\Adobe\WorkFlow\AdobeWorkGroupHelper.exe "%1""". Action Taken: No Action Taken. Entry "HKCR\BCA.DABbox3.2" refers to invalid object "{FCBE9991-3776-42ED-F57D-1F26B6C59271}". Action Taken: No Action Taken. Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\system32\CMMGR32.EXE "%1"". Action Taken: No Action Taken. Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\PDF.PdfCtrl.5" refers to invalid object "{CA8A9780-280D-11CF-A24D-444553540000}". Action Taken: No Action Taken. File C:\WINDOWS\kl.exe infected by "Trojan-Spy.Win32.Small.dg" Virus! Action Taken: File Deleted. Und nun smitrem: smitRem © log file version 2.7 by noahdfear Microsoft Windows XP [Version 5.1.2600] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ logfiles ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN!  OK, was meinst du? Vielen Dank im Voraus für deine Zeit und deine Bemühungen. Beste Grüße, oli |
|
29.11.2005, 18:00
| #6 |
| | Logfile sauber??? Clean or not clean, that is the question... |
|
| Themen zu Logfile sauber??? |
| adobe, antivir, bho, computer, dll, dsl, excel, explorer, hijack, hijackthis, hotkey, internet, internet explorer, lenovo, logfile, microsoft, programme, rundll, senden, software, system, temp, trojaner, viren, windows, windows xp |
Hybrid-Darstellung
