Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: My Log.... Having problems.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.01.2005, 22:44   #1
sinuZ
 
My Log.... Having problems. - Standard

My Log.... Having problems.



Hello, my log here:

Logfile of HijackThis v1.99.0
Scan saved at 23:35:06, on 14.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programme\SED\SED.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\msupd5.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Pulse\Pulse.exe
C:\Dokumente und Einstellungen\Scotty69\Eigene Dateien\pr0gz\mIRC\mirc.exe
C:\Dokumente und Einstellungen\Scotty69\Eigene Dateien\pr0gz\_ ZFDown203\mirc32.exe
C:\WINDOWS\System32\rsguqrzr.exe
C:\Dokumente und Einstellungen\Scotty69\Eigene Dateien\pr0gz\FlashFXPv21924.dLs\FlashFXP.exe
C:\Dokumente und Einstellungen\Scotty69\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://arcor.de/login
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {029629AD-283E-CBBE-BC89-9D4666ADC3C5} - C:\WINDOWS\System32\hkaxsbel.dll
O2 - BHO: (no name) - {DF6E4D57-260F-491F-219D-B344911C9251} - C:\WINDOWS\System32\vpgezlny.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SESync] "C:\Programme\SED\SED.exe"
O4 - HKLM\..\Run: [rsguqrzr] C:\WINDOWS\System32\rsguqrzr.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Pulse] C:\Programme\Pulse\Pulse.exe -splash
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: klamm.de - {EB52F380-B8AE-11d5-AE8E-52544025AABB} - http://www.klamm.de/?id=150826 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: klamm.de - {EB52F380-B8AE-11d5-AE8E-52544025AABB} - http://www.klamm.de/?id=150826 (file missing) (HKCU)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1104787459484
O17 - HKLM\System\CCS\Services\Tcpip\..\{C71697A1-AB9B-4B69-B26C-6F3C1544F465}: NameServer = 217.237.150.141 217.237.150.97
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\WINDOWS\System32\msupd5.exe


Problems are advertising from... I don't know... Mediabuy or so,
I'm a noob, sorry, please help me.

/edit: For a few seconds, this page run: http://www.northernarizonamls.com/sc...757910,-AS,-N1

Alt 16.01.2005, 00:35   #2
sinuZ
 
My Log.... Having problems. - Standard

My Log.... Having problems.



Nobody here who could help?
__________________


Alt 16.01.2005, 10:36   #3
MountainKing
 
My Log.... Having problems. - Standard

My Log.... Having problems.



Hi,

you should update your system to Service Pack 2. Get E-Scan:

http://www.trojaner-board.de/42731-escan-anleitung.html

create the directory c:\bases and unzip (!) the mwav.exe into that directory. Use kavupd.exe to get the latest signatures. Start a full scan (all files) in safe mode (!). Search the logfile and post everything E-Scan flagged as "infected".
Youre definitely infected with a hijacker but I´m afraid theres a real backdoor too. thats why you should check everything before we proceed.
__________________

Alt 16.01.2005, 15:30   #4
sinuZ
 
My Log.... Having problems. - Standard

My Log.... Having problems.



Thank you for your answer, here's the result:

Sun Jan 16 15:51:30 2005 => File C:\WINDOWS\system32\guard.tmp infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Sun Jan 16 15:51:58 2005 => File C:\WINDOWS\mm15201518.Stub.exe infected by "not-a-virus:AdWare.EZula.ah" Virus. Action Taken: No Action Taken.
Sun Jan 16 15:52:01 2005 => File C:\WINDOWS\sahagent-1002.exe infected by "not-a-virus:AdWare.Sahat.h" Virus. Action Taken: No Action Taken.
Sun Jan 16 15:52:03 2005 => File C:\WINDOWS\unstall.exe infected by "not-a-virus:AdWare.MediaMotor.a" Virus. Action Taken: No Action Taken.
Sun Jan 16 15:52:06 2005 => File C:\WINDOWS\system32\akcore.dll infected by "not-a-virus:AdWare.Coreak" Virus. Action Taken: No Action Taken.
Sun Jan 16 15:52:34 2005 => File C:\WINDOWS\system32\guard.tmp infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Sun Jan 16 15:52:42 2005 => File C:\WINDOWS\system32\jtpm0771e.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Sun Jan 16 15:53:48 2005 => File C:\DOKUME~1\Scotty69\LOKALE~1\Temp\Del6.tmp infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
Sun Jan 16 15:53:48 2005 => File C:\DOKUME~1\Scotty69\LOKALE~1\Temp\SskUpdater.exe infected by "not-a-virus:AdWare.SurfSide.c" Virus. Action Taken: No Action Taken.
Sun Jan 16 15:54:02 2005 => File C:\DOKUME~1\Scotty69\LOKALE~1\Temp\uninstall.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.q" Virus. Action Taken: No Action Taken.
Sun Jan 16 15:58:17 2005 => File C:\Dokumente und Einstellungen\Scotty69\Lokale Einstellungen\Temp\Del6.tmp infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
Sun Jan 16 15:58:18 2005 => File C:\Dokumente und Einstellungen\Scotty69\Lokale Einstellungen\Temp\SskUpdater.exe infected by "not-a-virus:AdWare.SurfSide.c" Virus. Action Taken: No Action Taken.
Sun Jan 16 15:58:34 2005 => File C:\Dokumente und Einstellungen\Scotty69\Lokale Einstellungen\Temp\uninstall.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.q" Virus. Action Taken: No Action Taken.
Sun Jan 16 16:14:22 2005 => File C:\WINDOWS\mm15201518.Stub.exe infected by "not-a-virus:AdWare.EZula.ah" Virus. Action Taken: No Action Taken.
Sun Jan 16 16:14:54 2005 => File C:\WINDOWS\sahagent-1002.exe infected by "not-a-virus:AdWare.Sahat.h" Virus. Action Taken: No Action Taken.
Sun Jan 16 16:19:15 2005 => File C:\WINDOWS\system32\akcore.dll infected by "not-a-virus:AdWare.Coreak" Virus. Action Taken: No Action Taken.
Sun Jan 16 16:20:11 2005 => File C:\WINDOWS\system32\guard.tmp infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Sun Jan 16 16:20:17 2005 => File C:\WINDOWS\system32\jtpm0771e.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Sun Jan 16 16:21:15 2005 => File C:\WINDOWS\Temp\akcore.dll infected by "not-a-virus:AdWare.Coreak" Virus. Action Taken: No Action Taken.
Sun Jan 16 16:21:15 2005 => File C:\WINDOWS\Temp\nsdtmp09.dll infected by "not-a-virus:AdWare.MetaDirect.a" Virus. Action Taken: No Action Taken.
Sun Jan 16 16:21:16 2005 => File C:\WINDOWS\Temp\suicidetb.exe infected by "not-a-virus:AdWare.ToolBat.EliteBar.z" Virus. Action Taken: No Action Taken.
Sun Jan 16 16:21:23 2005 => File C:\WINDOWS\unstall.exe infected by "not-a-virus:AdWare.MediaMotor.a" Virus. Action Taken: No Action Taken.


I do nothing until now, because I'm waiting for your help.

Alt 16.01.2005, 19:35   #5
MountainKing
 
My Log.... Having problems. - Standard

My Log.... Having problems.



Did you check to scan all files?
The reason I wanted the test is:

O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\WINDOWS\System32\msupd5.exe

Thats definitely malware (it says miscrosoft instead of microsoft) and its running as a service and I need to know what it is. If its not a backdoor and only belongs to some hijacker/Adware we can avoid e new install and fix it. Buy I need to know exactly what it is before.

Get http://www.clearprog.de/index.php?lang=en

You can already deactivate system recovery, boot into to safe mode and fix with HJT:

O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {029629AD-283E-CBBE-BC89-9D4666ADC3C5} - C:\WINDOWS\System32\hkaxsbel.dll
O2 - BHO: (no name) - {DF6E4D57-260F-491F-219D-B344911C9251} - C:\WINDOWS\System32\vpgezlny.dll
O4 - HKLM\..\Run: [SESync] "C:\Programme\SED\SED.exe"
O4 - HKLM\..\Run: [rsguqrzr] C:\WINDOWS\System32\rsguqrzr.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Clean your temporary files with clearprog.
Delete the files in that entries as well as the other things E-Scan has found. Start into normal mode and activate the system recovery. Post a new logfile of HJT.

We might need this program later if we cant fix it that way:
http://forums.subratam.org/index.php?showtopic=1725


Antwort

Themen zu My Log.... Having problems.
antivir, antivir update, avg, bho, dateien, desktop, dll, einstellungen, explorer, file missing, help, hijack, hijackthis, hotkey, icq, internet, internet explorer, log, microsoft, noob, please help, programme, rundll, software, sun java, system, system32, tcpip, windows, windows xp



Ähnliche Themen: My Log.... Having problems.


  1. Herzlichsten Dank an Schrauber für die schnelle Lösung eines alten Problems
    Lob, Kritik und Wünsche - 07.12.2014 (0)
  2. Vielen vielen Dank an deeprybka für die Hilfe beim Beseitigen meines Problems
    Lob, Kritik und Wünsche - 26.07.2014 (1)
  3. Beheben eines Problems bei your computer's hard disk?
    Log-Analyse und Auswertung - 01.05.2014 (3)
  4. Super Lösung meines Problems von Schrauber, vielen Dank!
    Lob, Kritik und Wünsche - 16.12.2013 (0)
  5. Fortführung des Problems mit der Windows 7 Firewall
    Alles rund um Windows - 26.04.2013 (1)
  6. Rundll32 wird aufgrund eines Problems nicht mehr richtig ausgeführt
    Log-Analyse und Auswertung - 21.08.2012 (2)
  7. Windows Problems Stopper entfernen
    Anleitungen, FAQs & Links - 18.03.2012 (2)
  8. Entfernen des Mediashifting Problems was kann ich tun?
    Plagegeister aller Art und deren Bekämpfung - 31.01.2012 (17)
  9. Windows Problems Protector entfernen
    Anleitungen, FAQs & Links - 02.02.2011 (2)
  10. Windows Problems Remover entfernen
    Anleitungen, FAQs & Links - 02.02.2011 (2)
  11. Meine Lösung des Problems 20 Tans eingeben bei der Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 29.12.2010 (1)
  12. Angehen eines Problems bei Firefox | Firefox arbeitet nicht mehr ordnungsgemäß.
    Alles rund um Windows - 23.06.2010 (4)
  13. ordner lässt sich absolut nicht löschen (neue art des problems)
    Alles rund um Windows - 20.03.2010 (9)
  14. Trojaner entfernt - trozdem keiner Verbesserung des Problems?!
    Plagegeister aller Art und deren Bekämpfung - 01.02.2009 (1)
  15. Auswertung von meinen Logfile und Hilfestellung beim beheben des Problems
    Mülltonne - 29.06.2008 (0)
  16. Warning, you´re in danger - extended problems
    Plagegeister aller Art und deren Bekämpfung - 20.03.2005 (5)
  17. Such Hilfe beim fixen eines Problems!
    Plagegeister aller Art und deren Bekämpfung - 21.08.2004 (4)

Zum Thema My Log.... Having problems. - Hello, my log here: Logfile of HijackThis v1.99.0 Scan saved at 23:35:06, on 14.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe - My Log.... Having problems....
Archiv
Du betrachtest: My Log.... Having problems. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.