| |
| |||||||
Log-Analyse und Auswertung: Bitte Mal Log File CheckenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.11.2004, 13:00
| #1 |
| |  Bitte Mal Log File Checken R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtraffic.com/search....protect1&term= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchtraffic.com/search....protect1&term= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchtraffic.com/search....protect1&term= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.areabasar.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://E:\WINDOWS\system32\ordts.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\system32\ordts.dll/sp.html#29126 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchtraffic.com/search....protect1&term= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Maggot666 Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.btx.dtag.de:80;ftp=ftp-proxy.btx.dtag.de:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - Default URLSearchHook is missing O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - (no file) O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - E:\Programme\NewDotNet\newdotnet4_85.dll O2 - BHO: E:\WINDOWS\lbbho.dll - {AC123CED-5343-4716-BE0F-C6F4BCA90FDF} - E:\WINDOWS\lbbho.dll O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - E:\Programme\NavExcel Search Toolbar\NavExcelBar.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Programme\MSN Toolbar\01.01.1629.0\de\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O3 - Toolbar: (no name) - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - (no file) O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - E:\Programme\NavExcel Search Toolbar\NavExcelBar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programme\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [PPMemCheck] F:\Programme\PestPatrol\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] F:\Programme\PestPatrol\CookiePatrol.exe O4 - HKLM\..\Run: [ccApp] "E:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "E:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "E:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] E:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [ICQ Lite] H:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [TkBellExe] "E:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [FLMTRUSTMOUSE] H:\Programme\mouse32a.exe O4 - HKLM\..\Run: [FLMTRUSTKB] H:\Programme\KbdAp32A.exe O4 - HKLM\..\Run: [mwavscan] "E:\DOKUME~1\MAGGOT~1.COR\LOKALE~1\Temp\mwavscan.com" /s O4 - HKLM\..\Run: [snpstd] E:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [VaCtrl] E:\Programme\VoiceAge\Common\VaCtrl.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup O4 - HKLM\..\Run: [AVGCtrl] E:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\RunServices: [DJSNetCN] E:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "E:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "E:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Mozilla Quick Launch] "F:\Programme\Mozilla1.6\Mozilla.exe" -turbo O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: WinZip Quick Pick.lnk = E:\Programme\WinZip\WZQKPICK.EXE O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &iSearch The Web - res://E:\WINDOWS\System32\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\MSMSGS.EXE O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab28177.cab O16 - DPF: {0DF86CB3-1923-11D5-B470-0050BA1B3C6F} (JpegServerPushControl Class) - http://217.6.17.16/ConvisionVideo.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab28177.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.1mal1.com/flatcast/NpFv412.dll O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13cddc19...dxIE601_de.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28177.cab O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - E:\Programme\HP\hpcoretech\comp\hpuiprot.dll |
| Themen zu Bitte Mal Log File Checken |
| .inf, adobe, antivirus, antivirus scan, askbar, avgnt.exe, bho, ctfmon.exe, drivers, explorer, file, ftp, helper, internet, internet explorer, launch, log, log file, microsoft, monitor, mozilla, object, programme, registry, rundll, security, security center, skype.exe, software, sun java, symantec, system, temp, urlsearchhook, windows, windows messenger, yahoo |
Baum-Darstellung