| |
| |||||||
Log-Analyse und Auswertung: HijackThis virusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.09.2004, 15:08
| #1 |
| |  HijackThis virus Please help me. I got a virus my scanner can't fix. This is my HijackThis log file. Which ones should I fix?  Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\atievxx.exe C:\WINDOWS\System32\CTsvcCDA.exe F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\Atiptaxx.exe F:\PROGRA~2\NORTON~1\NORTON~1\navapw32.exe C:\WINDOWS\System32\svchost.exe F:\PROGRA~2\NORTON~1\WinFax\WFXSWTCH.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\wfxsnt40.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\Program Files\Common Files\CMEII\CMESys.exe F:\Program Files\Pinnacle\Studio PCTV\Remote\Remoterm.exe F:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe F:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe C:\WINDOWS\System32\CTHELPER.EXE F:\Program Files\PopUp Killer\popupkiller.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\windows\services.exe C:\WINDOWS\System32\twink64.exe C:\Program Files\Winad Client\Winad.exe C:\Program Files\Internet Optimizer\optimize.exe C:\temp\msbb.exe C:\Program Files\Winad Client\WinClt.exe C:\Program Files\Common Files\GMT\GMT.exe C:\Program Files\Internet Optimizer\actalert.exe F:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Documents and Settings\Administrator\Application Data\woet.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cleanmgr.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\saF.tmp.exe D:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\WINDOWS\EliteBar\EliteBar version 50.dll O2 - BHO: (no name) - {4BB0C1DA-341A-4CB0-A6E6-6EAB31281A5B} - C:\WINDOWS\System32\nndab.dll O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:\WINDOWS\EliteBar\EliteBar version 50.dll O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [NAV Agent] F:\PROGRA~2\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [WFXSwtch] F:\PROGRA~2\NORTON~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe" O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [PCTVRemote] f:\Program Files\Pinnacle\Studio PCTV\Remote\Remoterm.exe O4 - HKLM\..\Run: [CTSysVol] f:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] f:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WinampAgent] "f:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PopUpKiller] F:\Program Files\PopUp Killer\popupkiller.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows] C:\WINDOWS\System32\windows\services.exe O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winjel32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [RemoteCenter] f:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [dfrgui] C:\WINDOWS\System32\dfrgui.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE O4 - HKCU\..\Run: [Reep] C:\Documents and Settings\Administrator\Application Data\woet.exe O4 - HKCU\..\Run: [AbsoluteControl] F:\Program Files\AbsoluteControl\\AbsoluteControl.exeU O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: SideFind (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...4f880889783bc3 O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...998.2348032407 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C50D29E8-93EB-4063-AE36-A2DE3D97A2BD}: NameServer = 213.51.129.168,213.51.144.168 |
|
13.09.2004, 15:20
| #2 |
  | HijackThis virus Hello Bach,
__________________could you please edit your post by : Logfile of HijackThis v Version? Scan saved at Platform: MSIE: thank you SD |
|
13.09.2004, 15:47
| #3 |
 | HijackThis virus Youve got A LOT of malware on your system, Spy/Adware and even Trojan Horses/Backdoors and keyloggers. To be honest, the best you could do is a clean reinstall of Windows because your systems has been compromised and a potential attacker could have done alot of damage and manipulate your systemfiles. Get Service Pack 2 (in case youre using XP) on CD or by downloading it and burning it to a Disc and install it too BEFORE you go online for the first time. Change ALL your passwords.
__________________ |
|
13.09.2004, 20:14
| #4 |
| | HijackThis virus So, this is much better, yes?  Logfile of HijackThis v1.97.7 Scan saved at 21.01.56 , on 9/13/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\atievxx.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\Program Files\Common Files\Symantec Shared\NMain.exe D:\HJT\HijackThis.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\..\{292DA5E0-D19F-4CBD-B688-F4A896B2D55F}: NameServer = 213.51.129.170,213.51.144.170 |
|
13.09.2004, 22:34
| #5 |
| | HijackThis virus Your Version of HijackThis is outdated, heres the latest one: http://www.hijackthis.de/hijackthis_198.zip This logfile looks much better indeed and clear, did you reinstall? You should visit windowsupdate and get ALL updates or install Service Pack 2 (which contains all patches til now) immediately though, otherwise your system still has some built in security risks that are well known to and used by attackers on outdated systems. |
|
| Themen zu HijackThis virus |
| administrator, adobe, antivirus, application, bho, excel, google, help, hijack, hijackthis, hijackthis log, internet, internet explorer, log, messenger, microsoft, monitor, object, please help, popup, rundll, scan, shockwave, software, studio, symantec, system, tcpip, temp, urlsearchhook, virus, windows |
Linear-Darstellung
