|
Log-Analyse und Auswertung: Kann mir jemand mit diesem Log weiterhelfenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.02.2008, 17:39 | #1 |
| Kann mir jemand mit diesem Log weiterhelfen Ich habe einen Trojaner gefunden und weis nicht welche log dafür verantwortlich sind und auch welche überflüßig sind. Logfile of HijackThis v1.99.1 Scan saved at 17:14:02, on 16.02.2008 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\p2phost.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\DAEMON Tools SearchBar\Search.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\Explorer.EXE C:\Program Files\Save\Save.exe C:\Program Files\HiJackThis\HijackThis.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\Windows\system32\mysidesearch_sidebar.dll O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\Windows\system32\iebrowserc.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\Windows\system32\nsgE370.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\Windows\system32\spads.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\DAEMON Tools SearchBar\search.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: dcads - {C7C90A5E-BE0A-44DD-83D2-1BE138460BAC} - C:\Windows\system32\nsbDA5B.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [hid_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\gzmrotate.dll" DllVerify O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [spa_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\spads.dll" DllVerify O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S8F63.tmp" /EF "HKCU" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) THX |
17.02.2008, 09:43 | #2 |
/// AVZ-Toolkit Guru | Kann mir jemand mit diesem Log weiterhelfen Halli hallo.
__________________Poste bitte ein neues HJT log. Nutze die im FAQ Bereich verlinkte Version 2.
__________________ |
17.02.2008, 10:43 | #3 |
| Kann mir jemand mit diesem Log weiterhelfen Ok ich habe einen neuen Logfile mit version 2 erstellt.
__________________**** Run Keys **** RUN: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide RUN: [IgfxTray] C:\Windows\system32\igfxtray.exe RUN: [HotKeysCmds] C:\Windows\system32\hkcmd.exe RUN: [Persistence] C:\Windows\system32\igfxpers.exe RUN: [RtHDVCpl] RtHDVCpl.exe RUN: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe RUN: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" RUN: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" RUN: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" RUN: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" RUN: [hid_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\gzmrotate.dll" DllVerify RUN: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" RUN: [spa_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\spads.dll" DllVerify RUN: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" RUN: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun RUN: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe RUN: [CollaborationHost] C:\Windows\system32\p2phost.exe -s RUN: [WhenUSave] "C:\Program Files\Save\Save.exe" RUN: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S8F63.tmp" /EF "HKCU" RUN: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe **** Browser Helper Objects **** BHO: [Adobe PDF Reader] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO: [MySidesearch Search Assistant] C:\Windows\system32\mysidesearch_sidebar.dll BHO: [BrowserCmp] C:\Windows\system32\iebrowserc.dll BHO: [BrowserCmp] c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll BHO: [dcads] C:\Windows\system32\nsgE370.dll BHO: [SSVHelper Class] C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll BHO: [SSVHelper Class] C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll BHO: [browser optimizer superiorads] C:\Windows\system32\spads.dll BHO: [Windows Live Sign-in Helper] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: [Google Toolbar Helper] c:\program files\google\googletoolbar1.dll BHO: [Google Toolbar Notifier BHO] C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll BHO: [WhenUSearch Helper] C:\Program Files\DAEMON Tools SearchBar\search.dll BHO: [Windows Live Toolbar Helper] C:\Program Files\Windows Live Toolbar\msntb.dll BHO: [dcads] C:\Windows\system32\nsbDA5B.dll **** IE Toolbars **** TOOLBAR: [Show Norton Toolbar] c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll TOOLBAR: [&Google] c:\program files\google\googletoolbar1.dll TOOLBAR: [Windows Live Toolbar] C:\Program Files\Windows Live Toolbar\msntb.dll **** IE Extensions **** IEExt: [] IEExt: [Recherchieren] **** Hosts File Entries **** HOSTS: 127.0.0.1 localhost HOSTS: ::1 localhost HOSTS: ::1 localhost **** IE Settings **** Default Page: MSN.com Default Search: Live Search Local Page: C:\Windows\system32\blank.htm Search Bar: Live Search: Search Page: Live Search: **** IE Context Menu (Right click) **** IEContext: [&Windows Live Search] res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm IEContext: [Nach Microsoft &Excel exportieren] res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 **** Layered Service Providers **** LSP: MSAFD-Tcpip [TCP/IP] LSP: MSAFD-Tcpip [UDP/IP] LSP: MSAFD-Tcpip [TCP/IPv6] LSP: MSAFD-Tcpip [UDP/IPv6] LSP: RSVP-TCPv6-Dienstanbieter LSP: RSVP-TCP-Dienstanbieter LSP: RSVP-UDPv6-Dienstanbieter LSP: RSVP-UDP-Dienstanbieter LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3597A8C8-9474-48C7-AC19-81D5F26136EB}] SEQPACKET 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3597A8C8-9474-48C7-AC19-81D5F26136EB}] DATAGRAM 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4056EA75-D0E6-47B7-BE49-9480BDC7FF76}] SEQPACKET 4 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4056EA75-D0E6-47B7-BE49-9480BDC7FF76}] DATAGRAM 4 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3597A8C8-9474-48C7-AC19-81D5F26136EB}] SEQPACKET 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3597A8C8-9474-48C7-AC19-81D5F26136EB}] DATAGRAM 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4056EA75-D0E6-47B7-BE49-9480BDC7FF76}] SEQPACKET 5 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4056EA75-D0E6-47B7-BE49-9480BDC7FF76}] DATAGRAM 5 **** Blocked Control Panel Items **** **** Downloaded Program Files **** {8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.6.0/jin...dows-i586.cab] {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [http://fpdownload.macromedia.com/get...ultrashim.cab] {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jin...dows-i586.cab] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jin...dows-i586.cab] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jin...dows-i586.cab] **** Windows Services **** [AeLookupSvc] %systemroot%\system32\svchost.exe -k netsvcs [ALG] %SystemRoot%\System32\alg.exe [Appinfo] %SystemRoot%\system32\svchost.exe -k netsvcs [AudioEndpointBuilder] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted [Audiosrv] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted [Automatisches LiveUpdate - Scheduler] "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [BFE] %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork [BITS] %SystemRoot%\System32\svchost.exe -k netsvcs [Browser] %SystemRoot%\System32\svchost.exe -k netsvcs [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [CertPropSvc] %SystemRoot%\system32\svchost.exe -k netsvcs [clr_optimization_v2.0.50727_32] %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [CLTNetCnService] "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [comHost] "c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" [COMSysApp] %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [CryptSvc] %SystemRoot%\system32\svchost.exe -k NetworkService [DcomLaunch] %SystemRoot%\system32\svchost.exe -k DcomLaunch [DFSR] %SystemRoot%\system32\DFSR.exe [Dhcp] %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService [dot3svc] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [DPS] %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork [EapHost] %SystemRoot%\System32\svchost.exe -k netsvcs [EMDMgmt] %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted [Eventlog] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted [EventSystem] %SystemRoot%\system32\svchost.exe -k LocalService [fdPHost] %SystemRoot%\system32\svchost.exe -k LocalService [FDResPub] %SystemRoot%\system32\svchost.exe -k LocalService [FontCache3.0.0.0] %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [gpsvc] %systemroot%\system32\svchost.exe -k netsvcs [gusvc] "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [hidserv] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [hkmsvc] %SystemRoot%\System32\svchost.exe -k netsvcs [idsvc] "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [IKEEXT] %systemroot%\system32\svchost.exe -k netsvcs [IPBusEnum] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [iphlpsvc] %SystemRoot%\System32\svchost.exe -k NetSvcs [ISPwdSvc] "c:\Program Files\Norton Internet Security\isPwdSvc.exe" [KeyIso] %SystemRoot%\system32\lsass.exe [KtmRm] %SystemRoot%\System32\svchost.exe -k NetworkService [LanmanServer] %SystemRoot%\system32\svchost.exe -k netsvcs [LanmanWorkstation] %SystemRoot%\System32\svchost.exe -k LocalService [LiveUpdate] "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [LiveUpdate Notice Ex] "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [LiveUpdate Notice Service] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" [lltdsvc] %SystemRoot%\System32\svchost.exe -k LocalService [lmhosts] %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [MMCSS] %SystemRoot%\system32\svchost.exe -k netsvcs [MpsSvc] %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork [MSDTC] %SystemRoot%\System32\msdtc.exe [MSiSCSI] %systemroot%\system32\svchost.exe -k netsvcs [msiserver] %systemroot%\system32\msiexec /V [napagent] %SystemRoot%\System32\svchost.exe -k NetworkService [Netlogon] %systemroot%\system32\lsass.exe [Netman] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted [netprofm] %SystemRoot%\System32\svchost.exe -k LocalService [NetTcpPortSharing] "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [NlaSvc] %SystemRoot%\System32\svchost.exe -k NetworkService [nsi] %systemroot%\system32\svchost.exe -k LocalService [ose] "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [p2pimsvc] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted [p2psvc] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted [PcaSvc] %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted [pla] %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork [PlugPlay] %SystemRoot%\system32\svchost.exe -k DcomLaunch [PNRPAutoReg] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted [PNRPsvc] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted [PolicyAgent] %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted [ProfSvc] %systemroot%\system32\svchost.exe -k netsvcs [ProtectedStorage] %SystemRoot%\system32\lsass.exe [QWAVE] %windir%\system32\svchost.exe -k LocalService [RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs [RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs [RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs [RemoteRegistry] %SystemRoot%\system32\svchost.exe -k regsvc [RpcLocator] %SystemRoot%\system32\locator.exe [RpcSs] %SystemRoot%\system32\svchost.exe -k rpcss [SamSs] %SystemRoot%\system32\lsass.exe [SCardSvr] %SystemRoot%\system32\svchost.exe -k LocalService [Schedule] %systemroot%\system32\svchost.exe -k netsvcs [SCPolicySvc] %SystemRoot%\system32\svchost.exe -k netsvcs [SDRSVC] %SystemRoot%\system32\svchost.exe -k SDRSVC [seclogon] %windir%\system32\svchost.exe -k netsvcs [SENS] %SystemRoot%\system32\svchost.exe -k netsvcs [SessionEnv] %SystemRoot%\System32\svchost.exe -k netsvcs [SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs [ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs [slsvc] %SystemRoot%\system32\SLsvc.exe [SLUINotify] %SystemRoot%\system32\svchost.exe -k LocalService [SNMPTRAP] %SystemRoot%\System32\snmptrap.exe [Spooler] %SystemRoot%\System32\spoolsv.exe [SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService [stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc [swprv] %SystemRoot%\System32\svchost.exe -k swprv [Symantec Core LC] "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" [SymAppCore] "c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe" [SysMain] %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted [TabletInputService] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted [TapiSrv] %SystemRoot%\System32\svchost.exe -k NetworkService [TBS] %SystemRoot%\System32\svchost.exe -k LocalService [TermService] %SystemRoot%\System32\svchost.exe -k NetworkService [TestHandler] C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [Themes] %SystemRoot%\System32\svchost.exe -k netsvcs [THREADORDER] %SystemRoot%\system32\svchost.exe -k LocalService [TrkWks] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted [TrustedInstaller] %SystemRoot%\servicing\TrustedInstaller.exe [UI0Detect] %SystemRoot%\system32\UI0Detect.exe [upnphost] %SystemRoot%\system32\svchost.exe -k LocalService [usnjsvc] "C:\Program Files\MSN Messenger\usnsvc.exe" [UxSms] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted [vds] %SystemRoot%\System32\vds.exe [VSS] %systemroot%\system32\vssvc.exe [W32Time] %SystemRoot%\system32\svchost.exe -k LocalService [wcncsvc] %SystemRoot%\System32\svchost.exe -k LocalService [WcsPlugInService] %SystemRoot%\system32\svchost.exe -k wcssvc [WdiServiceHost] %SystemRoot%\System32\svchost.exe -k wdisvc [WdiSystemHost] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted [WebClient] %SystemRoot%\system32\svchost.exe -k LocalService [Wecsvc] %SystemRoot%\system32\svchost.exe -k NetworkService [wercplsupport] %SystemRoot%\System32\svchost.exe -k netsvcs [WerSvc] %SystemRoot%\System32\svchost.exe -k WerSvcGroup [WinDefend] %SystemRoot%\System32\svchost.exe -k secsvcs [WinHttpAutoProxySvc] %SystemRoot%\system32\svchost.exe -k LocalService [Winmgmt] %systemroot%\system32\svchost.exe -k netsvcs [WinRM] %SystemRoot%\System32\svchost.exe -k NetworkService [Wlansvc] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [wmiApSrv] %systemroot%\system32\wbem\WmiApSrv.exe [WMPNetworkSvc] "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" [WPCSvc] %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [WPDBusEnum] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [wscsvc] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted [WSearch] %systemroot%\system32\SearchIndexer.exe /Embedding [wuauserv] %systemroot%\system32\svchost.exe -k netsvcs [wudfsvc] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted **** Custom IE Search Items **** **** Complete IE Options **** IEOPT: [Disable Script Debugger] yes IEOPT: [Anchor Underline] yes IEOPT: [Cache_Update_Frequency] Once_Per_Session IEOPT: [Display Inline Images] yes IEOPT: [Do404Search] IEOPT: [Local Page] C:\Windows\system32\blank.htm IEOPT: [Save_Session_History_On_Exit] no IEOPT: [Show_FullURL] no IEOPT: [Show_StatusBar] yes IEOPT: [Show_ToolBar] yes IEOPT: [Show_URLinStatusBar] yes IEOPT: [Show_URLToolBar] yes IEOPT: [Use_DlgBox_Colors] yes IEOPT: [Search Page] Live Search: IEOPT: [XMLHTTP] IEOPT: [NoUpdateCheck] IEOPT: [UseClearType] no IEOPT: [Enable Browser Extensions] yes IEOPT: [Play_Background_Sounds] yes IEOPT: [Play_Animations] yes IEOPT: [Start Page] Google IEOPT: [CompatibilityFlags] IEOPT: [FullScreen] no IEOPT: [SearchMigrated] IEOPT: [Window_Placement] , IEOPT: [RunOnceHasShown] IEOPT: [RunOnceComplete] IEOPT: [StartPageCache] IEOPT: [Use FormSuggest] yes IEOPT: [NotifyDownloadComplete] yes IEOPT: [Error Dlg Displayed On Every Error] no IEOPT: [Error Dlg Details Pane Open] no IEOPT: [Use Search Asst] no IEOPT: [Use Custom Search URL] IEOPT: [Search Bar] Live Search: IEOPT: [ShowedCheckBrowser] Yes IEOPT: [Check_Associations] no IEOPT: [Start Page] MSN.com IEOPT: [AutoHide] yes IEOPT: [Default_Page_URL] MSN.com IEOPT: [Default_Secondary_Page_URL] IEOPT: [Default_Search_URL] Live Search IEOPT: [Search Page] Live Search Geändert von itgnom (17.02.2008 um 10:48 Uhr) |
17.02.2008, 20:48 | #4 |
/// AVZ-Toolkit Guru | Kann mir jemand mit diesem Log weiterhelfen Hast du die Anleitung gelesen? Das ist kein log mit dem wir hier was anfangen können. Lies bitte nochmal ganz genau die Anleitung aus unserem FAQ Bereich.
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
Themen zu Kann mir jemand mit diesem Log weiterhelfen |
adobe, bho, c:\windows\system32\rundll32.exe, c:\windows\temp, defender, downloader, drivers, excel, explorer, firefox, google, hijack, hijackthis, internet, internet explorer, internet security, log, mozilla, mozilla firefox, pdf, photoshop, rojaner gefunden, rundll, security, software, svchost.exe, symantec, system, temp, trojaner, trojaner gefunden, unknown file in winsock lsp, windows, windows defender, windows sidebar, windows\temp |