bitte logfile auswerten

peda123 · 31.12.2007, 16:54

Hallo!

Das ist das Logfile vom Laptop meiner Freundin. Ich hab ihn vor ca 2 Wochen neu aufgesetzt, mit der ersten Version vom Windows XP. Vor dem Formatieren der Festplatte war schon ein Wurm oben (Sasser) und eine hartnäckige Spyware, die auch nach der Formatierung noch oben war, die ich aber zum Glück mit einer Software entfernen konnte.

Vor paar Tagen hab ich dann Service Pack 3 runtergeladen und hab endlich gedacht, jetzt ist das System wieder sicher

jetzt ist wieder irgendein Virus oben und ich hab keine Ahnung wie ich den beseitigen kann. Mit Antivir kam die Fehlermeldung von einer infizierten Datei A0001086.exe nur im Google hab ich nix darüber gefunden. Ich glaub auch das ist nicht das einzige. Bitte kann sich wer das Logfile ansehen und mir irgendwie helfen? Danke das wäre nett!

Logfile of HijackThis v1.99.1
Scan saved at 4:39:54 PM, on 12/31/2007
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\V0400Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\****************\****************.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\DOKUME~1\***\LOKALE~1\Temp\Temporary Directory 2 for hijackthis_199.zip\HijackThis.exe

O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [V0400Mon.exe] C:\WINDOWS\V0400Mon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [****************] C:\Programme\****************\****************.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\****************\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)

peda123 · 01.01.2008, 16:25

Und hier die Filelist! Frohes neues Jahr!

----- Root -----------------------------
Volume in drive C has no label.
Volume Serial Number is 900F-A2F2

Directory of C:\

01/01/2008 04:13 PM 267,964,416 hiberfil.sys
01/01/2008 04:13 PM 402,653,184 pagefile.sys
12/29/2007 01:23 AM 211 boot.ini
12/29/2007 01:09 AM 47,564 NTDETECT.COM
12/29/2007 01:09 AM 250,048 ntldr
12/04/2007 01:05 PM 0 MSDOS.SYS
12/04/2007 01:05 PM 0 IO.SYS
12/04/2007 01:05 PM 0 CONFIG.SYS
12/04/2007 01:05 PM 0 AUTOEXEC.BAT
08/29/2002 01:00 PM 4,952 bootfont.bin
10 File(s) 670,920,375 bytes
0 Dir(s) 15,201,423,360 bytes free

----- System32 -------------------------
Volume in drive C has no label.
Volume Serial Number is 900F-A2F2

Directory of C:\WINDOWS\system32

12/29/2007 06:22 PM 664 d3d9caps.dat
12/29/2007 01:44 AM 312,172 perfh009.dat
12/29/2007 01:44 AM 40,394 perfc009.dat
12/29/2007 01:44 AM 356,120 PerfStringBackup.INI
12/29/2007 01:44 AM 316,246 perfh007.dat
12/29/2007 01:44 AM 48,036 perfc007.dat
12/29/2007 01:40 AM 13,646 wpa.dbl
12/29/2007 01:39 AM 269 spupdwxp.log
12/29/2007 01:38 AM 91,888 FNTCACHE.DAT
12/24/2007 02:17 PM 0 .exe
12/19/2007 11:20 AM 348,160 MSVCR71.dll
12/19/2007 11:09 AM 13,646 wpa.bak
12/04/2007 01:12 PM 25,065 wmpscheme.xml
12/04/2007 01:09 PM 261 $winnt$.inf
12/04/2007 01:05 PM 2,951 CONFIG.NT
12/04/2007 01:05 PM 16,832 amcompat.tlb
12/04/2007 01:05 PM 23,392 nscompat.tlb
12/04/2007 01:03 PM 488 WindowsLogon.manifest
12/04/2007 01:03 PM 488 logonui.exe.manifest
12/04/2007 01:03 PM 749 cdplayer.exe.manifest
12/04/2007 01:03 PM 749 wuaucpl.cpl.manifest
12/04/2007 01:03 PM 749 ncpa.cpl.manifest
12/04/2007 01:03 PM 749 nwc.cpl.manifest
12/04/2007 01:03 PM 749 sapi.cpl.manifest
12/04/2007 01:00 PM 21,740 emptyregdb.dat
12/04/2007 12:55 PM 0 h323log.txt
12/02/2007 03:00 PM 18,684,536 MRT.exe

1850 File(s) 342,280,409 bytes
0 Dir(s) 15,201,292,288 bytes free

----- Prefetch -------------------------
Volume in drive C has no label.
Volume Serial Number is 900F-A2F2

Directory of C:\WINDOWS\Prefetch

01/01/2008 04:15 PM 11,320 FIND.EXE-0EC32F1E.pf
01/01/2008 04:15 PM 15,896 CMD.EXE-087B4001.pf
01/01/2008 04:15 PM 15,138 VERCLSID.EXE-3667BD89.pf
01/01/2008 04:14 PM 21,012 WUAUCLT.EXE-399A8E72.pf
01/01/2008 04:14 PM 24,580 SSUPDATE.EXE-10135174.pf
01/01/2008 04:14 PM 31,002 SKYPEPM.EXE-03F1BFBD.pf
01/01/2008 04:14 PM 31,266 WMIPRVSE.EXE-28F301A9.pf
01/01/2008 04:14 PM 432,454 NTOSBOOT-B00DFAAD.pf
01/01/2008 04:12 PM 15,810 LOGONUI.EXE-0AF22957.pf
01/01/2008 04:11 PM 15,116 NOTEPAD.EXE-336351A9.pf
01/01/2008 03:59 PM 44,974 FIREFOX.EXE-1D57670A.pf
01/01/2008 03:58 PM 46,090 AVNOTIFY.EXE-0B59FC42.pf
01/01/2008 03:58 PM 34,470 UPDATE.EXE-3A80F1D2.pf
01/01/2008 03:57 PM 13,504 PREUPD.EXE-18CBCD87.pf
01/01/2008 03:56 PM 23,414 ALG.EXE-0F138680.pf
12/31/2007 08:30 PM 15,910 CLEANUP.EXE-21B56F2B.pf
16 File(s) 791,956 bytes
0 Dir(s) 15,201,325,056 bytes free

----- Windows --------------------------
Volume in drive C has no label.
Volume Serial Number is 900F-A2F2

Directory of C:\WINDOWS

01/01/2008 04:13 PM 0 0.log
01/01/2008 04:13 PM 121,920 WindowsUpdate.log
01/01/2008 04:13 PM 2,048 bootstat.dat
01/01/2008 04:12 PM 5,904 SchedLgU.Txt
12/29/2007 06:16 PM 267,316 setupapi.log
12/29/2007 06:09 PM 323 wiadebug.log
12/29/2007 06:05 PM 50 wiaservc.log
12/29/2007 01:42 AM 68,731 spupdsvc.log
12/29/2007 01:42 AM 1,441 wmsetup.log
12/29/2007 01:42 AM 316,640 WMSysPr9.prx
12/29/2007 01:42 AM 1,174 OEWABLog.txt
12/29/2007 01:41 AM 354 DtcInstall.log
12/29/2007 01:41 AM 487 win.ini
12/29/2007 01:41 AM 187 spupdsvc.log.1.log
12/29/2007 01:41 AM 3,920 iis6.log
12/29/2007 01:41 AM 25,390 comsetup.log
12/29/2007 01:41 AM 14,634 ntdtcsetup.log
12/29/2007 01:41 AM 2,563 ocmsn.log
12/29/2007 01:41 AM 20,305 tsoc.log
12/29/2007 01:41 AM 3,920 imsins.log
12/29/2007 01:41 AM 40,406 ocgen.log
12/29/2007 01:41 AM 2,740 msgsocm.log
12/29/2007 01:41 AM 43,549 FaxSetup.log
12/29/2007 01:40 AM 736,493 setuplog.txt
12/29/2007 01:35 AM 490,422 svcpack.log
12/29/2007 01:35 AM 2,711 imsins.BAK
12/29/2007 01:23 AM 200 cmsetacl.log
12/29/2007 01:23 AM 1,330 sessmgr.setup.log
12/29/2007 01:22 AM 87,243 updspapi.log
12/29/2007 01:01 AM 597 medctroc.Log
12/29/2007 12:18 AM 231 system.ini
12/28/2007 10:50 PM 12,756 KB835732.log
12/28/2007 10:50 PM 595 xpsp1hfm.log
12/22/2007 08:56 PM 1,142 mozver.dat
12/22/2007 08:42 PM 2,898 Windows Update.log
12/19/2007 11:10 AM 0 nsreg.dat
12/19/2007 10:33 AM 170,401 setupact.log
12/04/2007 01:10 PM 8,192 REGLOCS.OLD
12/04/2007 01:05 PM 0 control.ini
12/04/2007 01:05 PM 299,552 WMSysPrx.prx
12/04/2007 01:05 PM 4,161 ODBCINST.INI
12/04/2007 01:03 PM 749 WindowsShell.Manifest
12/04/2007 01:00 PM 36 vb.ini
12/04/2007 01:00 PM 37 vbaddin.ini
12/04/2007 12:53 PM 1,920 regopt.log
12/04/2007 12:52 PM 0 Sti_Trace.log
12/04/2007 12:47 PM 0 setuperr.log
12/01/2007 12:26 AM 283,648 winhlp32.exe
12/01/2007 12:26 AM 32,866 slrundll.exe
12/01/2007 12:26 AM 146,432 regedit.exe
12/01/2007 12:26 AM 69,120 notepad.exe
12/01/2007 12:26 AM 10,752 hh.exe
12/01/2007 12:26 AM 1,033,728 explorer.exe
12/01/2007 12:26 AM 50,688 twain_32.dll
08/23/2007 01:02 AM 28,672 V0400Mon.exe

83 File(s) 5,550,002 bytes
0 Dir(s) 15,201,308,672 bytes free

----- Tasks ----------------------------
Volume in drive C has no label.
Volume Serial Number is 900F-A2F2

Directory of C:\WINDOWS\tasks

01/01/2008 04:13 PM 6 SA.DAT
08/29/2002 01:00 PM 65 desktop.ini
2 File(s) 71 bytes
0 Dir(s) 15,201,316,864 bytes free

----- Wintemp --------------------------
Volume in drive C has no label.
Volume Serial Number is 900F-A2F2

Directory of C:\WINDOWS\temp

01/01/2008 04:14 PM 16,384 Perflib_Perfdata_528.dat
1 File(s) 16,384 bytes
0 Dir(s) 15,201,316,864 bytes free

----- Temp -----------------------------
Volume in drive C has no label.
Volume Serial Number is 900F-A2F2

Directory of C:\DOKUME~1\***\LOKALE~1\Temp

01/01/2008 04:15 PM 103,225 filelist.txt
06/21/2007 02:07 PM 146,672 SSUPDATE.EXE
2 File(s) 249,897 bytes
0 Dir(s) 15,201,316,864 bytes free

bitte logfile auswerten

Log-Analyse und Auswertung: bitte logfile auswerten

bitte logfile auswerten

bitte logfile auswerten

Ähnliche Themen: bitte logfile auswerten