| |
| |||||||
Log-Analyse und Auswertung: Hijack This Log + eScan EinträgeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
29.05.2005, 12:43
| #1 |
 |  Hijack This Log + eScan Einträge So, nun hab ich die Anleitung genauestens befolgt und es hat gefunzt!  Die Datei hab ich nun mal angehängt, hätte sie aber auch hier posten können! Naja, schaut euch das bitte mal an! Einige Sachen sind in der Datei aber nicht mit erwähnt, diese hab ich nun mal aus der Virus-Log-Information rauskopiert: Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\W32X86\bvrpwf2000.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\W32X86\bvrpwf2000.gpd". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Grphflt\Wpgimp32.flt". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\SonyCDMAComms.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\EricDAMPSFoneBookComms.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\EricFoneBookComms.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\NokiaGFoneBookDriver.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\NokiaHFoneBookDriver.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\NokiaTDMAComms.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\NullFoneBookComms.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\SmartLynxFoneBookComms.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\07_07FoneBookComms.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\SamCDMAFoneBookDriver.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\CDMA1FoneBookDriver.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\MitsubishiTDMAComms.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Grphflt\PSGIMP32.FLT". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\InstantCD+DVD\SharedFiles\New Starter.dbd". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\SNDefs.dat". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\pxwma.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}" refers to invalid object "C:\Programme\Canon\Easy-WebPrint\Toolband.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}" refers to invalid object "C:\PROGRA~1\ANTI-L~1\ALIE\alie.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Shell\psicon.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{18587FFD-0CAD-4BD6-9861-69A3047AD765}" refers to invalid object "C:\Programme\Canon\Easy-WebPrint\Toolband.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}" refers to invalid object "C:\Programme\Sierra On-Line\gif89.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2BE4D120-6F2E-4B3A-B0BD-E880917238DC}" refers to invalid object "C:\Programme\DaViDeo 4\mcspmpeg.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2BE4D128-6F2E-4B3A-B0BD-E880917238DC}" refers to invalid object "C:\Programme\DaViDeo 4\mcspmpeg.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2BE4D130-6F2E-4B3A-B0BD-E880917238DC}" refers to invalid object "C:\Programme\DaViDeo 4\mcdsmpeg.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2BE4D138-6F2E-4B3A-B0BD-E880917238DC}" refers to invalid object "C:\Programme\DaViDeo 4\mcdsmpeg.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2BE4D140-6F2E-4B3A-B0BD-E880917238DC}" refers to invalid object "C:\Programme\DaViDeo 4\mcdsmpeg.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2BE4D148-6F2E-4B3A-B0BD-E880917238DC}" refers to invalid object "C:\Programme\DaViDeo 4\mcdsmpeg.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2BE4D150-6F2E-4B3A-B0BD-E880917238DC}" refers to invalid object "C:\Programme\DaViDeo 4\mcesmpeg.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2BE4D158-6F2E-4B3A-B0BD-E880917238DC}" refers to invalid object "C:\Programme\DaViDeo 4\mcesmpeg.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2BE4D159-6F2E-4B3A-B0BD-E880917238DC}" refers to invalid object "C:\Programme\DaViDeo 4\mcesmpeg.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2BE4D15A-6F2E-4B3A-B0BD-E880917238DC}" refers to invalid object "C:\Programme\DaViDeo 4\mcesmpeg.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2BE4D15B-6F2E-4B3A-B0BD-E880917238DC}" refers to invalid object "C:\Programme\DaViDeo 4\mcesmpeg.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2BE4D160-6F2E-4B3A-B0BD-E880917238DC}" refers to invalid object "C:\Programme\DaViDeo 4\mcevmpeg.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2BE4D168-6F2E-4B3A-B0BD-E880917238DC}" refers to invalid object "C:\Programme\DaViDeo 4\mcevmpeg.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2BE4D169-6F2E-4B3A-B0BD-E880917238DC}" refers to invalid object "C:\Programme\DaViDeo 4\mcevmpeg.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2BE4D170-6F2E-4B3A-B0BD-E880917238DC}" refers to invalid object "C:\Programme\DaViDeo 4\mceampeg.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2BE4D178-6F2E-4B3A-B0BD-E880917238DC}" refers to invalid object "C:\Programme\DaViDeo 4\mceampeg.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{38D79E3E-B562-4F85-ADF3-409E50F156CC}" refers to invalid object "C:\WINDOWS\system32\system32.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{43918f8f-f3be-4760-b4bb-6c89d9d91487}" refers to invalid object "C:\Programme\Winamp3\Wacs\CDDBControlWinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{44b09a5f-5dee-4539-8001-d4b2d45c2876}" refers to invalid object "C:\Programme\Winamp3\Wacs\CDDBControlWinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{44BE1747-DC65-4261-904F-17CA43E212B4}" refers to invalid object "G:\launch.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{567DB2D4-9B01-4EBF-9FFA-543491BF3379}" refers to invalid object "F:\PJStream.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{58589305-4A67-48CF-92EC-B6A9DBAFAB8A}" refers to invalid object "C:\Programme\Canon\Easy-WebPrint\Toolband.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{6E5526E3-4B91-11d4-876F-005004BCDA99}" refers to invalid object "F:\PJStream.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{6E5526E4-4B91-11d4-876F-005004BCDA99}" refers to invalid object "F:\PJStream.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{853C0203-F823-4342-B9B3-DF209F48FDF1}" refers to invalid object "C:\Programme\Canon\Easy-WebPrint\Toolband.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A5DD666E-8ABD-411A-9E5F-D324B94D42A7}" refers to invalid object "C:\Programme\Canon\Easy-WebPrint\Toolband.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A6616B31-4860-41E2-98E3-CA7649AF172F}" refers to invalid object "G:\launch.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A68C7B88-B81C-41CA-AE4E-670BFC7A74BD}" refers to invalid object "C:\DOKUME~1\Alle\Desktop\Projekte\NEUERO~1\gconv.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{AAF61759-CA88-482D-B92E-826FD2BCF188}" refers to invalid object "C:\Programme\Canon\Easy-WebPrint\Toolband.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{BCEF60D2-7D13-4DBE-9DE2-AA22DE32110C}" refers to invalid object "C:\Programme\Canon\Easy-WebPrint\Toolband.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{d4387178-98ca-4929-b8e3-a11cd2f333a6}" refers to invalid object "C:\Programme\Winamp3\Wacs\CDDBControlWinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "F:\player\WMMP.EXE". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "F:\player\WMMP.EXE". Action Taken: No Action Taken. Entry "HKCR\CLSID\{fba38bcf-e23d-4979-811e-1326bbadb8c8}" refers to invalid object "C:\Programme\Winamp3\Wacs\CDDBControlWinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "F:\player\WMMP.EXE". Action Taken: No Action Taken. Entry "HKCR\AudioVis.AudioVisual" refers to invalid object "{305F718E-620B-11D3-B484-008029659E91}". Action Taken: No Action Taken. Entry "HKCR\AudioVis.AudioVisual.1" refers to invalid object "{305F718E-620B-11D3-B484-008029659E91}". Action Taken: No Action Taken. Entry "HKCR\Automap.Map.EU" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken. Entry "HKCR\Automap.Map.EU.8" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken. Entry "HKCR\Automap.Template.EU.8" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken. Entry "HKCR\Chat.Chat.1" refers to invalid object "{4DD3BAF5-7579-11D1-B1C6-006097176556}". Action Taken: No Action Taken. Entry "HKCR\Chat2.Chat2.1" refers to invalid object "{8B938191-EF3F-11D1-9808-00609706FA0C}". Action Taken: No Action Taken. Entry "HKCR\Download.Download.1" refers to invalid object "{BF6EA206-9E55-11D1-9DC6-006097C54321}". Action Taken: No Action Taken. Entry "HKCR\ICQ.IEToolbar" refers to invalid object "{855F3B16-6D32-4fe6-8A56-BBB695989046}". Action Taken: No Action Taken. Entry "HKCR\ICQ.IEToolbar.1" refers to invalid object "{855F3B16-6D32-4fe6-8A56-BBB695989046}". Action Taken: No Action Taken. Entry "HKCR\IGROptions.IGROptions.1" refers to invalid object "{ABF6FC8F-1344-46de-84C9-8371118DC3FF}". Action Taken: No Action Taken. Entry "HKCR\NetUtil.NetUtil.1" refers to invalid object "{B832B0AB-A7D3-11D1-97C3-00609706FA0C}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\RTPatcher.RTPatcher.1" refers to invalid object "{925CDEDF-71B9-11D1-B1C5-006097176556}". Action Taken: No Action Taken. Entry "HKCR\Toolband.TBToolband" refers to invalid object "{327C2873-E90D-4c37-AA9D-10AC9BABA46C}". Action Taken: No Action Taken. Entry "HKCR\Toolband.TBToolband.1" refers to invalid object "{327C2873-E90D-4c37-AA9D-10AC9BABA46C}". Action Taken: No Action Taken. Entry "HKCR\ToolbarICQToolbar.ICQToolbarObject" refers to invalid object "{855F3B16-6D32-4fe6-8A56-BBB695989046}". Action Taken: No Action Taken. Entry "HKCR\ToolbarICQToolbar.ICQToolbarObject.1" refers to invalid object "{855F3B16-6D32-4fe6-8A56-BBB695989046}". Action Taken: No Action Taken. Entry "HKCR\Westwood.WOLBrowser" refers to invalid object "{E6F33E57-C630-4EAF-AA4A-43F3A59EA608}". Action Taken: No Action Taken. Entry "HKCR\Westwood.WOLBrowser.1" refers to invalid object "{E6F33E57-C630-4EAF-AA4A-43F3A59EA608}". Action Taken: No Action Taken. Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Alle\Desktop\Neuer Ordner\DaVideo 2\davideo_2_german\system\codecs\DivX502Bundle.exe tagged as not-a-virus:Tool.WinCap.Reboot. No Action Taken. File C:\PROGRAM FILES\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken. File C:\Programme\DaViDeo2\davideo_2_german\system\codecs\DivX502Bundle.exe tagged as not-a-virus:Tool.WinCap.Reboot. No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\62654733 infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Spiele\Patches für Spiele\sf_180_win.exe tagged as not-a-virus:Tool.WinCap.Reboot. No Action Taken. File D:\Sicherung_Dateien\Allgemeine Programme\DivXPro5.exe tagged as not-a-virus:Tool.WinCap.Reboot. No Action Taken. File D:\Sicherung_Dateien\Musik\Progrämmchen\davideo_2_german.exe tagged as not-a-virus:Tool.WinCap.Reboot. No Action Taken. Bin gespannt, was ich als nächstes tun darf/sollte!  P.S.: Habe auch nochmal eine "Startuplist" von HijackThis rangehängt! Vielleicht ist daraus auch etwas ersichtlich?! Thx schonma! Geändert von Exploitz (29.05.2005 um 12:49 Uhr) |
|
| Themen zu Hijack This Log + eScan Einträge |
| ad-aware, antivirus, antivirus scan, auswerten, bho, c:\hiberfil.sys, canon, control center, desktop, downloader, fehler, file missing, gefährlich?, handel, helfen, hiberfil.sys, hijack, hijack this, hijackthis, icqtoolbar, internet, internet explorer, internet security, logfile, mehrere, object, proxy, registry, security, security center, server, software, symantec, system, trojan, trojan downloader, trojan.downloader, träge, unnütz, viren, virus, windows |
Hybrid-Darstellung
