| |
| |||||||
Log-Analyse und Auswertung: msn virus/trojaner eingefangWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.11.2008, 17:59
| #1 |
| |  msn virus/trojaner eingefang guten tag ich breuchte hilfe!!! es handelt sich um folgendes, ich habe gestern über msn ein link beckom und drauf geklickt, nun habe ich problemme. Mein arbeitsplatz schließt sich immer wieder nach 5 sic. und mein msn schickt den link auch an jedem weiter in meiner liste! mein Betriebsystem is Vista 32bit Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:15:38, on 04.11.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16757) Boot mode: Normal Running processes: I:\Windows\system32\csrss.exe I:\Windows\system32\wininit.exe I:\Windows\system32\csrss.exe I:\Windows\system32\services.exe I:\Windows\system32\lsass.exe I:\Windows\system32\lsm.exe I:\Windows\system32\svchost.exe I:\Windows\system32\winlogon.exe I:\Windows\system32\nvvsvc.exe I:\Windows\system32\svchost.exe I:\Windows\System32\svchost.exe I:\Windows\System32\svchost.exe I:\Windows\System32\svchost.exe I:\Windows\system32\svchost.exe I:\Windows\system32\AUDIODG.EXE I:\Windows\system32\SLsvc.exe I:\Windows\system32\svchost.exe I:\Windows\system32\svchost.exe I:\Windows\System32\spoolsv.exe I:\Windows\system32\svchost.exe I:\Windows\system32\rundll32.exe I:\Program Files\Bonjour\mDNSResponder.exe I:\Windows\system32\svchost.exe I:\Windows\system32\PnkBstrA.exe I:\Windows\system32\svchost.exe I:\Windows\System32\PAStiSvc.exe I:\Windows\system32\svchost.exe I:\Windows\System32\svchost.exe I:\Windows\system32\SearchIndexer.exe I:\Windows\system32\Dwm.exe I:\Windows\Explorer.EXE I:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe I:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe I:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe I:\Program Files\Common Files\Logitech\LCD Manager\Applets\NGists\NGists.exe I:\Windows\system32\taskeng.exe I:\Windows\system32\taskeng.exe I:\Program Files\Skype\Phone\Skype.exe I:\Program Files\ICQ6\ICQ.exe I:\Program Files\Windows Media Player\wmpnscfg.exe I:\Program Files\Windows Media Player\wmpnetwk.exe I:\Program Files\Skype\Plugin Manager\skypePM.exe I:\Program Files\Windows Live\Messenger\usnsvc.exe I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe I:\Windows\system32\wuauclt.exe I:\Windows\system32\wbem\wmiprvse.exe I:\Program Files\AxBx\Clean Virus MSN\CleanVirusMSN.exe I:\Program Files\Internet Explorer\iexplore.exe I:\Windows\system32\taskeng.exe I:\Program Files\Trend Micro\HijackThis\HijackThis.exe I:\Windows\system32\SearchProtocolHost.exe I:\Windows\system32\SearchFilterHost.exe I:\Windows\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\PROGRA~1\ICQTOO~1\0356\toolbaru.dll O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - I:\PROGRA~1\ICQTOO~1\0356\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {538E8D9D-AFA1-41DD-8104-3E1B7493EAD0} - I:\Windows\system32\efcBusqn.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - I:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: GMX Toolbar - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - I:\Program Files\GMX\GMX Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\PROGRA~1\ICQTOO~1\0356\toolbaru.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - I:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [amd_dc_opt] I:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [Launch LCDMon] "I:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "I:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [Skype] "I:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ICQ] "I:\Program Files\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [igndlm.exe] I:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [WMPNSCFG] I:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] I:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; .NET CLR 1.1.4322; FDM) O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Alles mit FDM herunterladen - file://I:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://I:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://I:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Videos mit FDM herunterladen - file://I:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - I:\WinHTTrack\WinHTTrackIEBar.dll (file missing) O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - I:\WinHTTrack\WinHTTrackIEBar.dll (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - k:\partypoker\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - k:\partypoker\PartyPoker\RunApp.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8DC98D4E-AAF6-4716-959A-80DA06241E1D}: NameServer = 85.255.112.229;85.255.112.156 O17 - HKLM\System\CCS\Services\Tcpip\..\{90F47557-4FA1-4310-87F8-4978DCABDC07}: NameServer = 85.255.112.229;85.255.112.156 O17 - HKLM\System\CCS\Services\Tcpip\..\{947832C7-51BC-4BA5-B91E-FF5111044533}: NameServer = 85.255.112.229;85.255.112.156 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - I:\Windows\System32\DreamScene.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - I:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - I:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - I:\Windows\system32\PnkBstrA.exe O23 - Service: Scramby Server (ScrambyServer) - RapidSolution Software AG - K:\soundfehrzerrerScramby\ScrambyServer.exe O23 - Service: STI Simulator - Unknown owner - I:\Windows\System32\PAStiSvc.exe O23 - Service: Windows Tribute Service - Unknown owner - I:\Windows\system32\kdjfa.exe -- End of file - 10567 bytes |
|
| Themen zu msn virus/trojaner eingefang |
| 1.exe, adobe, bho, bonjour, browser, clean, computer, dll, download, explorer, free download, handel, hijack, hijackthis, hilfe!!, icq, immer wieder, internet, internet explorer, launch, media center, microsoft, object, pdf, plug-in, rundll, software, symantec, urlsearchhook, virus, virus/trojaner, vista, windows, windows sidebar, wmp |
Linear-Darstellung
