| |
| |||||||
Log-Analyse und Auswertung: LogFile bitte.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.10.2004, 13:10
| #1 |
| |  LogFile bitte. Guten Tag können sie mir bitte dieses file auswerten ? Logfile of HijackThis v1.98.2 Scan saved at 13:38:06, on 2004-10-03 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\windows\system32\sysdpt.exe C:\Program\iWare\iWare Mouse\3.2\lwbwheel.exe C:\WINDOWS\System32\RunDll32.exe C:\Program\Winamp\winampa.exe C:\Program\NORTON~1\navapw32.exe C:\Program\D-Tools\daemon.exe C:\Program\Hotbar\bin\4.4.6.0\WeatherOnTray.exe C:\Program\Messenger Plus! 3\MsgPlus.exe C:\Program\Delade filer\CMEII\CMESys.exe C:\Program\Save\Save.exe C:\Program\WHENUS~1\Search.exe C:\Program\WHENUS~1\whse.exe C:\Program\Messenger\msmsgs.exe C:\Program\WeatherCast\Weather.exe C:\Program\ClockSync\Sync.exe c:\program\intern~1\iexplore.exe C:\Program\Delade filer\GMT\GMT.exe C:\Program\PrecisionTime\PrecisionTime.exe C:\Program\WebSecureAlert\WebSecureAlert.exe C:\WINDOWS\System32\wuauclt.exe C:\Program\MediaKey\OSD.EXE C:\Program\MSN Messenger\msnmsgr.exe C:\Program\MediaKey\Versato.exe C:\Program\Internet Explorer\iexplore.exe C:\WINDOWS\System32\rsvp.exe C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\WINDOWS\system32\RDSHOST.exe C:\WINDOWS\system32\sessmgr.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe C:\Documents and Settings\Kamaran\Mina dokument\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.csofnlbfucyuagvzvlwmzz.co.../GieNDRsFQ.jsp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mavnawxjpilovcecnocfxnni.net/...piGGQDfVQM.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar F3 - REG:win.ini: run=c:\windows\system32\sysdpt.exe O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000001} - (no file) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - **¦C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - **¦C:\Program\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Program\DashBar\DashBar17.dll O4 - HKLM\..\Run: [LWBMOUSE] C:\Program\iWare\iWare Mouse\3.2\lwbwheel.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WeatherOnTray] C:\Program\Hotbar\bin\4.4.6.0\WeatherOnTray.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [move multi] C:\Program\GLUESO~1\ProxyMpeg.exe O4 - HKLM\..\Run: [CMESys] "C:\Program\Delade filer\CMEII\CMESys.exe" O4 - HKLM\..\Run: [WhenUSave] "C:\Program\Save\Save.exe" O4 - HKLM\..\Run: [WhenUSearch] C:\Program\WHENUS~1\Search.exe O4 - HKLM\..\Run: [WhenUSearchWHSE] C:\Program\WHENUS~1\whse.exe O4 - HKLM\..\Run: [Sysdpt] c:\windows\system32\sysdpt.exe O4 - HKCU\..\Run: [Versato] C:\Program\MediaKey\MagicRun.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WeatherCast] "C:\Program\WeatherCast\Weather.exe" /q O4 - HKCU\..\Run: [ClockSync] "C:\Program\ClockSync\Sync.exe" /q O4 - HKCU\..\Run: [Sysdpt] c:\windows\system32\sysdpt.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: GStartup.lnk = C:\Program\Delade filer\GMT\GMT.exe O4 - Global Startup: PrecisionTime.lnk = C:\Program\PrecisionTime\PrecisionTime.exe O4 - Global Startup: WebSecureAlert.lnk = C:\Program\WebSecureAlert\WebSecureAlert.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program\Yahoo!\Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binarie...tc32_EN_XP.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {A02780C3-7F77-4E28-855B-28890F3CF37A} - http://akamai.downloadv3.com/binarie...34_pack_XP.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binarie...34_pack_XP.cab O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstWCDT.cab O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab danke erstmal. |
| Themen zu LogFile bitte. |
| acroiehelper.dll, adobe, antivirus, auswerten, bho, boot, dll, excel, explorer, file, file missing, hijack, hijackthis, internet, internet explorer, logfile, messenger, microsoft, msn, msn messenger, nvcpl.dll, office, rundll, software, system, system32, windows, windows messenger, windows xp |
Baum-Darstellung