| |
| |||||||
Log-Analyse und Auswertung: Brauche Hilfe bei der Log FileWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.07.2008, 20:11
| #1 |
| |  Brauche Hilfe bei der Log File Hallo zusammen, bin neu hier und brauche Hilfe. Meine PC spinnt seit einigen Tagen, habe schon vieles ausprobiert aber leider nichts geholfen. Das Problem sieht wie folgt aus: Wenn ich ins Internet gehe und Internet Explorer starte kommen nach kurzer Zeit PopUp Fenster z.B. CiD aber auch andere die total nerven. Bin mir ziemlich sicher das ich einige Trojaner habe weiss aber nicht wie ich die am besten entfernen kann. Habe AVG Anti Virus programm und Windows Defender. Habe das AVG im abgesicherten Modus gestartet und was gefunden gehabt allerdings ist es danach nicht besser geworden. Ausserdem ist das Windows Schild in der Taskleiste "Windows Sicherheitswarnungen" auf rot und den krieg ich nicht auf grün obwohl ich alles aktieviert habe. Hier meine HijackThis Log-File - wäre nett wenn mir jemand helfen würde und drüber guckt. Logfile of HijackThis v1.99.1 Scan saved at 20:30:44, on 18.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Programme\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\system32\mmrtkrnl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Windows Defender\MSASCui.exe C:\WINDOWS\system32\Rundll32.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\AVG\AVG8\aAvgApi.exe C:\Programme\HijackThis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programme\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Support audio cool poll] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\INTERNET SPAM SUPPORT AUDIO\Win Funk.exe O4 - HKLM\..\Run: [5848b6a2] rundll32.exe "C:\WINDOWS\system32\tveihclm.dll",b O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [BM5b7b853e] Rundll32.exe "C:\WINDOWS\system32\viaijcak.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1 O18 - Protocol: bw+0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: haufereader - (no CLSID) - (no file) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing) O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Danke Gruss Tweety |
|
19.07.2008, 18:27
| #2 |
 | Brauche Hilfe bei der Log File Hallo Tweety und
__________________ Fixe zuerst alle diese Einträge (es müssten über 30 sein): Code:
ATTFilter O18 - Protocol: bw+0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Code:
ATTFilter O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
Code:
ATTFilter C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\INTERNET SPAM SUPPORT AUDIO\Win Funk.exe
C:\WINDOWS\system32\tveihclm.dll
C:\WINDOWS\system32\viaijcak.dll
|
|
20.07.2008, 17:22
| #3 |
| | Brauche Hilfe bei der Log File Hallo SilverDragon,
__________________danke für deine Antwort habe es soweit hoffe ich alles richtig gemacht und ist folgendes rausgekommen: HijackThis Log File Logfile of HijackThis v1.99.1 Scan saved at 18:09:33, on 20.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Programme\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\system32\mmrtkrnl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Windows Defender\MSASCui.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\winhlp32.exe C:\Programme\HijackThis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programme\AVG\AVG8\avgtoolbar.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programme\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [5848b6a2] rundll32.exe "C:\WINDOWS\system32\tveihclm.dll",b O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BM5b7b853e] Rundll32.exe "C:\WINDOWS\system32\viaijcak.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1 O18 - Protocol: haufereader - (no CLSID) - (no file) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing) O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Mit dem Virustotal hebe ich nur eine Datei überprüft die anderen sind nicht mehr im Verzeichnis drin, ist das Schlimm? Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.7.17.0 2008.07.18 - AntiVir 7.8.1.11 2008.07.20 - Authentium 5.1.0.4 2008.07.20 W32/Swizzor.D.gen!Eldorado Avast 4.8.1195.0 2008.07.20 Win32:Swizzor AVG 8.0.0.130 2008.07.20 - BitDefender 7.2 2008.07.20 - CAT-QuickHeal 9.50 2008.07.18 - ClamAV 0.93.1 2008.07.20 - DrWeb 4.44.0.09170 2008.07.20 - eSafe 7.0.17.0 2008.07.20 - eTrust-Vet 31.6.5966 2008.07.18 - Ewido 4.0 2008.07.20 - F-Prot 4.4.4.56 2008.07.20 W32/Swizzor.D.gen!Eldorado F-Secure 7.60.13501.0 2008.07.20 - Fortinet 3.14.0.0 2008.07.20 - GData 2.0.7306.1023 2008.07.20 Win32:Swizzor Ikarus T3.1.1.34.0 2008.07.20 - Kaspersky 7.0.0.125 2008.07.20 - McAfee 5342 2008.07.18 - Microsoft 1.3704 2008.07.20 - NOD32v2 3282 2008.07.19 - Norman 5.80.02 2008.07.18 - Panda 9.0.0.4 2008.07.20 - Prevx1 V2 2008.07.20 - Rising 20.53.62.00 2008.07.20 - Sophos 4.31.0 2008.07.20 - Sunbelt 3.1.1536.1 2008.07.18 - Symantec 10 2008.07.20 - TheHacker 6.2.96.385 2008.07.19 - TrendMicro 8.700.0.1004 2008.07.18 - VBA32 3.12.8.1 2008.07.20 - VirusBuster 4.5.11.0 2008.07.19 - Webwasher-Gateway 6.6.2 2008.07.20 - weitere Informationen File size: 4905472 bytes MD5...: 09c29e7fbed345b3b296c3f4eb041e28 SHA1..: 911d15521c0b56f93c8d4e9d57500b6c8ec7c311 SHA256: 893c896831f7334f6aeb143e1bad5a37c8c24903fd3b67d3e04fc95c4a6bef31 SHA512: e65c013ce947715e22f5bfb3ab88e4c7988132362f76938295ea09c27c54577c 67361011c2bf4692b5ec53643ed4e9ea6947304b88e3022d0561b75c662dc081 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x40b865 timedatestamp.....: 0x474eef7c (Thu Nov 29 16:57:32 2007) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2939d 0x29400 6.24 46361fe3d1fea47c7c5eb8c7b8c54412 .rdata 0x2b000 0x73e4 0x2800 5.38 cfdd3de0703c3f673c648f6043eef58f .data 0x33000 0x47b338 0x480800 8.00 d2fa20ebe6124d1ab1322207d8851e92 .rsrc 0x4af000 0x118a 0x1200 3.44 ec85c737167bc6acc1cae18492a58fcd ( 5 imports ) > SHELL32.dll: DragQueryFileW, SHQueryRecycleBinA, ExtractAssociatedIconExA > KERNEL32.dll: MultiByteToWideChar, GetModuleHandleW, GetDateFormatA, OpenMutexA, FreeLibrary, TlsGetValue, LeaveCriticalSection, VirtualAlloc, SetUnhandledExceptionFilter, GetStringTypeW, SetFilePointer, WideCharToMultiByte, GetUserDefaultLCID, HeapSize, GlobalFindAtomA, CreateFileA, IsDebuggerPresent, GetTimeFormatA, WaitNamedPipeW, GetEnvironmentStringsW, GetStringTypeA, FlushFileBuffers, GetCPInfo, IsValidLocale, lstrcat, CompareStringW, GetProcAddress, GetModuleHandleA, IsValidCodePage, CreateNamedPipeW, GetStartupInfoA, GetTimeZoneInformation, GetOEMCP, InterlockedDecrement, GetLocaleInfoA, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, FreeEnvironmentStringsW, SetEnvironmentVariableA, GetCurrentThreadId, WriteConsoleA, WriteConsoleW, LoadLibraryA, GetConsoleOutputCP, GetEnvironmentStrings, GetCurrentThread, GetWindowsDirectoryW, ExitProcess, QueryPerformanceCounter, SetComputerNameA, CreateSemaphoreA, InterlockedExchange, ReadFile, VirtualFree, GetCommandLineW, HeapCreate, HeapFree, HeapAlloc, RtlUnwind, GetModuleFileNameW, GetLocaleInfoW, GetModuleFileNameA, EnumSystemLocalesA, VirtualQuery, WriteConsoleInputA, InterlockedIncrement, GetACP, SetLastError, TerminateProcess, TlsAlloc, SetConsoleCtrlHandler, WriteProfileStringA, GetConsoleCP, GetStdHandle, GetCurrentProcess, CompareStringA, Sleep, UnhandledExceptionFilter, GetFileType, WriteFile, GetProcessShutdownParameters, CreateMutexA, GetCommandLineA, TlsSetValue, EnumTimeFormatsW, HeapReAlloc, CloseHandle, GetConsoleMode, HeapDestroy, GetStartupInfoW, GetSystemTimeAsFileTime, LCMapStringA, SetStdHandle, EnterCriticalSection, GetCurrentProcessId, TlsFree, GetLastError, GetTickCount, LCMapStringW, EnumDateFormatsA, SetHandleCount > USER32.dll: ReuseDDElParam, GetWindowLongW, GetDlgCtrlID, RegisterClassA, CreateIcon, RegisterClassExA, SetCaretPos, GetMenuItemInfoA, DeferWindowPos, AnyPopup, ChangeDisplaySettingsExW, DdeImpersonateClient, EnumChildWindows, DdeGetData, DrawStateA, InsertMenuItemA > comctl32.dll: InitCommonControlsEx > comdlg32.dll: ChooseFontA ( 0 exports ) packers (Kaspersky): PE_Patch Danke im Vorraus für die Antwort. Gruss Tweety |
|
20.07.2008, 23:12
| #4 |
| | Brauche Hilfe bei der Log File Lade dir The Avenger Kopiere dann folgenden Text in die weiße Textbox: Code:
ATTFilter Files to delete:
C:\WINDOWS\system32\tveihclm.dll
C:\WINDOWS\system32\viaijcak.dll
registry keys to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BM5b7b853e
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\5848b6a2
Poste nach dem Neustart den Inhalt den erscheinenden Editorfensters in [code]-Tags Anschließend neues HijackThis Logfile. |
|
21.07.2008, 15:57
| #5 |
| | Brauche Hilfe bei der Log File Hallo SilverDragon, anbei die Avenger Log File: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\system32\tveihclm.dll" not found! Deletion of file "C:\WINDOWS\system32\tveihclm.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\viaijcak.dll" not found! Deletion of file "C:\WINDOWS\system32\viaijcak.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BM5b7b853e" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BM5b7b853e" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\5848b6a2" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\5848b6a2" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. Und die Hijack Log File: Logfile of HijackThis v1.99.1 Scan saved at 16:18:04, on 21.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programme\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Programme\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\ESET\ESET Smart Security\egui.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\HijackThis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [egui] "C:\Programme\ESET\ESET Smart Security\egui.exe" /hide /waitservice O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1 O18 - Protocol: haufereader - (no CLSID) - (no file) O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programme\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Programme\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing) O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Gruss Tweety |
|
| Themen zu Brauche Hilfe bei der Log File |
| abgesicherten modus, avg security toolbar, bonjour, brauche hilfe, cid, computer, desktop, e-mail, entfernen, excel, helfen, hijack, hijackthis, internet, internet explorer, log file, magix, popup, problem, programm, rundll, security, software, symantec, system, trojaner, unknown file in winsock lsp, virus, windows, windows xp |
Linear-Darstellung
