| |
| |||||||
Log-Analyse und Auswertung: Bitte um prüfung meines LogfileWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
| |
15.11.2004, 16:31
| #1 |
| |  Bitte um prüfung meines Logfile Logfile of HijackThis v1.98.2 Scan saved at 16:09:28, on 15.11.04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\ATIPTAAA.EXE C:\WINDOWS\STARTER.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\TEMP\BJKA3G.EXE C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\TOADIMON.EXE C:\PROGRAMME\GEMEINSAME DATEIEN\REAL\UPDATE_OB\REALSCHED.EXE C:\PROGRAMME\INTEL\INTEL PSNCU\CPUNUMBER.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\ANWENDUNGSDATEN\EUBR.EXE C:\PROGRAMME\MICROSOFT OFFICE\OFFICE\OSA.EXE C:\PROGRAMME\MSWORKS\KALENDER\WKCALREM.EXE C:\PROGRAMME\MICROSOFT HARDWARE\GAME DEVICES\SIDEWINDER GDP.EXE C:\PROGRAMME\T-COM\T-COM WLAN MANAGER T-SINUS 154DATA\INSTALLER\WIN9X\DTUSB11GMONITOR.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\EIGENE DATEIEN\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_hp.html R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_hp.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.t-online.de;localhost;<local> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: (no name) - {7CEF556E-369F-11D9-8404-00304318B118} - C:\WINDOWS\SYSTEM\IPLEKA.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe O4 - HKLM\..\Run: [AtiPTA] Atiptaaa.exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [X] C:\WINDOWS\TEMP\X.EXE O4 - HKLM\..\Run: [Bjka3g] C:\WINDOWS\TEMP\BJKA3G.EXE O4 - HKLM\..\Run: [Key2] C:\WINDOWS\SYSTEM\serve.exe O4 - HKLM\..\Run: [ywejevkgr] C:\WINDOWS\SYSTEM\pllzaw.exe O4 - HKLM\..\Run: [Upload Htm] C:\PROGRA~1\BOOKSA~1\deadopen.exe O4 - HKLM\..\Run: [ToADiMon.exe] C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Programme\Intel\Intel PSNCU\CPUNumber.exe" /nosplash O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [T-Online_Software_5\WLAN-Access Finder] C:\PROGRAMME\T-ONLINE\WLAN-ACCESS FINDER\TOWLAACF.EXE /StartMinimized O4 - HKCU\..\Run: [Fvshw] C:\WINDOWS\SYSTEM\axoct.exe O4 - HKCU\..\Run: [Seod] C:\WINDOWS\Anwendungsdaten\eubr.exe O4 - Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE O4 - Startup: Microsoft Works Kalender Erinnerungen.lnk = C:\Programme\MSWorks\Kalender\WKCALREM.EXE O4 - Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: SideWinder Spielgeräte-Profiler.lnk = C:\Programme\Microsoft Hardware\Game Devices\SideWinder GDP.exe O4 - Startup: T-COM WLAN Manager T-Sinus 154data.lnk = C:\Programme\T-COM\T-COM WLAN Manager T-Sinus 154data\Installer\WIN9X\DTUSB11GMonitor.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de/service/redir/ie_t-online.htm O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.skoobidoo.com O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26fbc801...dxIE601_de.cab O18 - Filter: text/html - {54F7986D-36EA-11D9-8404-003097D5F2EC} - C:\WINDOWS\SYSTEM\IPLEKA.DLL O18 - Filter: text/plain - {54F7986D-36EA-11D9-8404-003097D5F2EC} - C:\WINDOWS\SYSTEM\IPLEKA.DLL O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file) |
| Themen zu Bitte um prüfung meines Logfile |
| .inf, askbar, bho, boot, cpu, dateien, explorer, ftp, hijack, hijackthis, internet, internet explorer, logfile, messenger, microsoft, msn, msn messenger, programme, registry, rundll32.exe, software, system, t-online, temp, update, usb, windows, windows\temp, wlan |
Baum-Darstellung