Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bitte um Hilfe bei Auswertung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.05.2005, 11:59   #1
miranda74
 
Bitte um Hilfe bei Auswertung - Standard

Bitte um Hilfe bei Auswertung



Hallo,

seit gut 2 Wochen läuft mein Rechner nicht mehr sauber!
Wer kann mir genau sagen woran es liegen könnte??

Logfile of HijackThis v1.99.1
Scan saved at 11:45:03, on 30.05.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Dokumente und Einstellungen\hakim\Desktop\exeknut\exeknut.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\lbxt.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Meaya\Popup Ad Filter\PopFilter.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\SpamPal\spampal.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\hakim\LOKALE~1\Temp\mwavscan.com
C:\DOKUME~1\hakim\LOKALE~1\Temp\kavss.exe
C:\PROGRA~1\ANTI-L~1\ALIE_1~1.9\alhlp.exe
C:\Dokumente und Einstellungen\hakim\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [exe knut] C:\Dokumente und Einstellungen\hakim\Desktop\exeknut\exeknut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\System32\lbxt.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Programme\Meaya\Popup Ad Filter\PopFilter.exe
O4 - Startup: SpamPal.lnk = C:\Programme\SpamPal\spampal.exe
O4 - Global Startup: CAPIControl.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.versatel.de/internet-cd/
O16 - DPF: Win32 Classes -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/31dd9f84...dxIE601_de.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B370999-70CF-4B98-8102-8137CECD1E1C}: NameServer = 62.72.64.241 62.72.64.237
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B370999-70CF-4B98-8102-8137CECD1E1C}: NameServer = 62.72.64.241 62.72.64.237
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe

eScan_Logfile:

File C:\Programme\CSBB\CSBB.DLL tagged as "not-a-virus:AdWare.ClearSearch.p". Action Taken: No Action Taken.
File C:\WINDOWS\System32\lbxt.exe infected by "Backdoor.Win32.Agent.ec" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\lbxt.exe infected by "Backdoor.Win32.Agent.ec" Virus! Action Taken: No Action Taken.
Object "Alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MyBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MyBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AdDestroyer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "PerfectNav Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "my way speedbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Claria Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "altnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AdDestroyer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AdDestroyer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AdDestroyer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AdDestroyer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.smartsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\danim.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\ddrawex.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\quartz.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSOWS407.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PUBPLACE.HTT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM32\AXDist.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\WinTV\hcwdlg.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\hakim\LOKALE~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\MARXDEV3.SYS". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\MARXDEV2.SYS". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\MARXDEV1.SYS". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\TDLPT.SYS". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\ASPI32.NT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\WINASPI.NT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\WNASPI32.NT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\WOWPOST.NT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\mmrtkrnl.sys". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\mmrtkrnl.inf". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\CBUSB.inf". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\CBUSB.sys". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Mmrtkrnl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Mmrtkrnl.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\TypeSpt\MojiKumi\Photoshop6MojiKumi". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Photoshop 7.0\Msvcrt10.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\hakim\LOKALE~1\Temp\closedbgout.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\hakim\LOKALE~1\Temp\enableirsocketutil.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\pxwma.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\ac_usb.inf". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FTD2XX.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FTD2XX.SYS". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FTD2XXUN.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\TDUSB.INF". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\TDUSB.SYS". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0A6CCD87-4028-4802-9F20-5CB5311C87B2}" refers to invalid object "C:\DOKUME~1\hakim\Desktop\mp3SorT\AUDIOG~1.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0B627186-D013-4E4E-A1E4-09A1F43BDB2E}" refers to invalid object "C:\PROGRA~1\WinTV\hcwdlg.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BB79661-3906-4688-B005-A80B8F8AE007}" refers to invalid object "C:\WINDOWS\System32\ExpBar1.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1651F1A6-2ACE-4A40-8808-3C48E216419E}" refers to invalid object "C:\WINDOWS\System32\ActiveWizard.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{17DF8209-2EE7-4599-A8DD-CE5FE2D916C1}" refers to invalid object "C:\WINDOWS\System32\ActiveWizard.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E6EC2EB-7B47-4842-9146-8047943C81EA}" refers to invalid object "C:\WINDOWS\System32\ExpBar1.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{35465706-E211-11d3-8B87-C295F909460A}" refers to invalid object "C:\MAGIX\Media_Manager\WMServerReader.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3836A5BF-51B3-4B37-8E96-9D429C22183C}" refers to invalid object "C:\MAGIX\Media_Manager\CddbControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{38D73E93-BBAB-435F-A03C-BDF5B0AA9FCD}" refers to invalid object "C:\DOKUME~1\hakim\Desktop\mp3SorT\AUDIOG~1.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3D8E41BF-E081-424F-B9CC-29B451026482}" refers to invalid object "C:\Programme\ICQLite\LiteUtil.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4D73287C-D63C-4EC4-966F-EA18D283A810}" refers to invalid object "C:\WINDOWS\System32\ExpBar1.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{52B87208-9CCF-42C9-B88E-069281105805}" refers to invalid object "C:\PROGRA~1\TROJAN~1\Trshlex.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{56336BCA-3D8A-11d6-A00B-0050DA18DE71}" refers to invalid object "C:\DOKUME~1\hakim\LOKALE~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{59352D90-0181-4097-8706-7B637EC926E1}" refers to invalid object "C:\WINDOWS\System32\ActiveWizard.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5A5B6916-ED71-4531-8018-E792DD44156E}" refers to invalid object "C:\WINDOWS\dd.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5DD79FF6-958A-4811-8FE5-EAB0D79E2B14}" refers to invalid object "C:\Programme\ICQLite\LiteUtil.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5E7724B3-1349-4F2D-8946-092E3A28ABC9}" refers to invalid object "C:\WINDOWS\System32\ExpBar1.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{795698C9-E328-4AB3-ACC6-F685635FBF9F}" refers to invalid object "C:\MAGIX\Media_Manager\Hhprend.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8605B833-4D98-4C3E-ACC6-1BAB3A39B135}" refers to invalid object "C:\WINDOWS\System32\ExpBar1.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8722111A-DE20-48ac-832D-0CEDA23212AB}" refers to invalid object "C:\MAGIX\Media_Manager\CDDBUI.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{89DC529F-1424-4C93-A77B-9A2FFFF3A3FB}" refers to invalid object "C:\Programme\ICQLite\LiteUtil.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9609D7C1-6B10-4EF6-8CED-64E4056C1E5B}" refers to invalid object "C:\WINDOWS\System32\ActiveWizard.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A4178E50-A793-4B93-8616-1AAC87DF373B}" refers to invalid object "C:\MAGIX\Media_Manager\JWVidRend.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AA9B2BD7-B7AA-4d4a-AF5C-D7B2C8FB6582}" refers to invalid object "C:\MAGIX\Media_Manager\CDDBUI.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AB7AB3FF-EB55-4B40-AE1D-80ECEFA32E17}" refers to invalid object "C:\MAGIX\Media_Manager\CDDBUI.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AF105A16-E3F0-4215-AD2B-B6E78492E4E1}" refers to invalid object "C:\Programme\ICQLite\LiteUtil.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AF1A9404-6CA9-11D3-B053-00C04F4C0826}" refers to invalid object "C:\MAGIX\Media_Manager\CddbControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0528CE4-F67E-11D2-8F8E-00C04F4C3B9F}" refers to invalid object "C:\MAGIX\Media_Manager\CddbControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B144CB7C-13E7-4F05-BBCD-69B886C4F845}" refers to invalid object "C:\WINDOWS\System32\ExpBar1.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B6F03B7A-AD39-4D1E-B150-91BE65DE100B}" refers to invalid object "C:\PROGRA~1\WinTV\hcwdlg.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C7A8D72B-1BBA-4BA2-B29B-B194AFD90861}" refers to invalid object "C:\WINDOWS\System32\ExpBar1.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0}" refers to invalid object "C:\WINDOWS\System32\P2P Networking\MARSHAL2.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D03D101E-1FB9-4E6C-910D-96C2C9389B72}" refers to invalid object "C:\WINDOWS\System32\gsHotkey.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D3B1DE00-6B94-1069-8754-08002B2BD64F}" refers to invalid object "C:\WINDOWS\SYSTEM\disktool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D5CAED65-E654-43CB-949C-C8F26837C34D}" refers to invalid object "C:\WINDOWS\System32\gsFolder.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D734EAE8-0810-4513-99B6-DDAC4BC30E29}" refers to invalid object "C:\MAGIX\Media_Manager\CddbControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DFEF3E96-F1D4-47CE-A429-2CC8C10DFDB6}" refers to invalid object "C:\MAGIX\Media_Manager\CddbControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E3EBE8FF-6E21-4D5E-BABE-A93D106FDFBF}" refers to invalid object "C:\WINDOWS\System32\ExpBar1.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EBAF4BF3-F7AA-4ADA-85B6-0313A273B4FF}" refers to invalid object "C:\WINDOWS\System32\gxCLI_Interface.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4BAFF02-F907-11D2-8F8F-00C04F4C3B9F}" refers to invalid object "C:\MAGIX\Media_Manager\CddbControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F6FD0A00-43F0-11D1-BE58-00A0C90A4335}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F6FD0A01-43F0-11D1-BE58-00A0C90A4335}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F6FD0A0E-43F0-11D1-BE58-00A0C90A4335}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F6FD0A0F-43F0-11D1-BE58-00A0C90A4335}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F6FD0A11-43F0-11D1-BE58-00A0C90A4335}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F6FD0A13-43F0-11D1-BE58-00A0C90A4335}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F808DF6F-6049-11D1-BA20-006097D2898E}" refers to invalid object ""C:\PROGRAMME\WINDOWS MEDIA PLAYER\LAPRXY.DLL"". Action Taken: No Action Taken.
Entry "HKCR\CDDBControl.DirectSoundGargleDMO" refers to invalid object "{CA223F33-4B22-4857-8339-6FF1C12FC06C}". Action Taken: No Action Taken.
Entry "HKCR\CSBB.CSBBCore" refers to invalid object "{00000000-0000-0000-0000-000000002230}". Action Taken: No Action Taken.
Entry "HKCR\CSBB.CSBBCore.1" refers to invalid object "{00000000-0000-0000-0000-000000002230}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Overview.Document" refers to invalid object "{DA23B9C9-6893-11D0-8534-00C04FD7AD0C}". Action Taken: No Action Taken.
Entry "HKCR\WebP2PInstaller.Installer" refers to invalid object "{1D6711C8-7154-40BB-8380-3DEA45B69CBF}". Action Taken: No Action Taken.
Entry "HKCR\WebP2PInstaller.Installer.1" refers to invalid object "{1D6711C8-7154-40BB-8380-3DEA45B69CBF}". Action Taken: No Action Taken.
File C:\WINDOWS\System32\SWLAD2.dll tagged as "not-a-virus:AdWare.VirtualBouncer.g". Action Taken: No Action Taken.
File C:\WINDOWS\System32\SWLAD1.dll tagged as "not-a-virus:AdWare.VirtualBouncer.g". Action Taken: No Action Taken.
File C:\WINDOWS\System32\PopOops2.dll tagged as "not-a-virus:AdWare.VirtualBouncer.g". Action Taken: No Action Taken.
File C:\WINDOWS\System32\PopOops.dll tagged as "not-a-virus:AdWare.VirtualBouncer.g". Action Taken: No Action Taken.
File C:\WINDOWS\COMMAND\EBD\EBD.CAB tagged as not-a-virus:Tool.ZeroedAndDeleted.Restart. No Action Taken.
File C:\WINDOWS\SYSTEM32\SWLAD2.dll tagged as "not-a-virus:AdWare.VirtualBouncer.g". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\SWLAD1.dll tagged as "not-a-virus:AdWare.VirtualBouncer.g". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\PopOops2.dll tagged as "not-a-virus:AdWare.VirtualBouncer.g". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\PopOops.dll tagged as "not-a-virus:AdWare.VirtualBouncer.g". Action Taken: No Action Taken.
File C:\WINDOWS\browserxtras\pn\remove.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus! Action Taken: No Action Taken.
File C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE tagged as "not-a-virus:AdWare.Toolbar.MyWay.b". Action Taken: No Action Taken.
File C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.m". Action Taken: No Action Taken.
File C:\Programme\CSBB\CSBB.DLL tagged as "not-a-virus:AdWare.ClearSearch.p". Action Taken: No Action Taken.
File C:\Programme\CSBB\FNuninstaller.EXE tagged as "not-a-virus:AdWare.ClearSearch.o". Action Taken: No Action Taken.
File C:\Programme\CSBB\csAOLldr.exe tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken.
File C:\Programme\AVPersonal\INFECTED\winagent.VIR infected by "Backdoor.Win32.Webdor.p" Virus! Action Taken: No Action Taken.

Alt 30.05.2005, 12:06   #2
Rene-gad
 
Bitte um Hilfe bei Auswertung - Standard

Bitte um Hilfe bei Auswertung



@miranda74
Zitat:
seit gut 2 Wochen läuft mein Rechner nicht mehr sauber!
Wer kann mir genau sagen woran es liegen könnte??
Die Ursache deines Problems liegt hier:
Zitat:
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Service Pack 2 fehlt.

Das Problem selbst heißt:
Zitat:
File C:\WINDOWS\System32\lbxt.exe infected by "Backdoor.Win32.Agent.ec" Virus! Action Taken: No Action Taken.
Du musst deinen PC nach Anleitung (Link in meiner Signatur) punktgenau neu aufsetzen.
Eine andere Möglichkeit bei einem Backdoor gibt es leider nicht.
__________________


Antwort

Themen zu Bitte um Hilfe bei Auswertung
adobe, adobe reader, antivir update, antivirus, antivirus scan, avg, bho, bitte um hilfe, c:\windows\temp, computer, desktop, drivers, einstellungen, excel, explorer, hijack, hijackthis, internet, internet explorer, magix, msvcrt, photoshop, popup, programme, software, symantec, system, temp, trojan, urlsearchhook, usb, windows, windows xp, windows\temp



Ähnliche Themen: Bitte um Hilfe bei Auswertung


  1. Bitte um hilfe bei Auswertung von HJT
    Log-Analyse und Auswertung - 27.12.2007 (12)
  2. Viren??Würmer..HILFE! Bitte um Hilfe bei der Auswertung meines hijackthis-log
    Mülltonne - 14.11.2007 (0)
  3. Bitte um Hilfe bei der Auswertung
    Mülltonne - 11.08.2007 (0)
  4. Bitte um Hilfe bei der Auswertung
    Log-Analyse und Auswertung - 28.04.2007 (5)
  5. Bitte um Hilfe für Auswertung
    Log-Analyse und Auswertung - 31.10.2006 (7)
  6. Bitte um Hilfe bei der Auswertung
    Log-Analyse und Auswertung - 17.10.2006 (1)
  7. Bitte um Auswertung und ggf. Hilfe
    Log-Analyse und Auswertung - 27.07.2006 (3)
  8. bitte um Auswertung und Hilfe
    Mülltonne - 28.06.2006 (1)
  9. Bitte um Auswertung bzw Hilfe :)
    Log-Analyse und Auswertung - 27.03.2006 (1)
  10. Bitte um HJT-Auswertung und Hilfe
    Log-Analyse und Auswertung - 30.08.2005 (2)
  11. Auswertung...bitte um Hilfe !
    Log-Analyse und Auswertung - 20.06.2005 (5)
  12. Bitte um Hilfe bei Auswertung
    Log-Analyse und Auswertung - 11.02.2005 (4)
  13. Bitte um Hilfe bei Auswertung
    Log-Analyse und Auswertung - 11.02.2005 (3)
  14. Bitte um Hilfe bei der Auswertung
    Log-Analyse und Auswertung - 10.12.2004 (2)
  15. bitte um Hilfe bei Auswertung
    Log-Analyse und Auswertung - 17.11.2004 (15)
  16. Bitte um Hilfe bei der Auswertung
    Log-Analyse und Auswertung - 19.09.2004 (1)
  17. Bitte um Hilfe bei log-auswertung
    Log-Analyse und Auswertung - 20.07.2004 (4)

Zum Thema Bitte um Hilfe bei Auswertung - Hallo, seit gut 2 Wochen läuft mein Rechner nicht mehr sauber! Wer kann mir genau sagen woran es liegen könnte?? Logfile of HijackThis v1.99.1 Scan saved at 11:45:03, on 30.05.2005 - Bitte um Hilfe bei Auswertung...
Archiv
Du betrachtest: Bitte um Hilfe bei Auswertung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.