| |
| |||||||
Log-Analyse und Auswertung: Könnte jemand mein HJT Log file durschauen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.12.2005, 18:40
| #2 |
 |  Könnte jemand mein HJT Log file durschauen? Hallo
__________________anbei mein escan logfile,mit find.rar ausgelesen. Könnte sich das jemand anschauen? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sat Dec 17 21:40:09 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. Sat Dec 17 21:40:13 2005 => System found infected with zipitpro Spyware/Adware (iun6002.exe)! Action taken: No Action Taken. Sat Dec 17 21:40:13 2005 => System found infected with abetterinternet Spyware/Adware (bi.ini)! Action taken: No Action Taken. Sat Dec 17 21:40:13 2005 => System found infected with whenu/savenow Spyware/Adware (wuinst.dll)! Action taken: No Action Taken. Sat Dec 17 21:40:13 2005 => System found infected with cydoor Spyware/Adware (im64.dll)! Action taken: No Action Taken. Sat Dec 17 21:40:13 2005 => System found infected with 007guard.com hijacker Spyware/Adware (plugin.dll)! Action taken: No Action Taken. Sat Dec 17 21:40:13 2005 => System found infected with cydoor Spyware/Adware (cd_clint.dll)! Action taken: No Action Taken. Sat Dec 17 21:40:17 2005 => System found infected with clientman Spyware/Adware (firstrun.log)! Action taken: No Action Taken. Sat Dec 17 21:40:21 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken. Sat Dec 17 21:40:21 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken. Sat Dec 17 21:40:21 2005 => System found infected with zipitpro Spyware/Adware (C:\WINNT\iun6002.exe)! Action taken: No Action Taken. Sat Dec 17 23:33:47 2005 => Scanning Folder: D:\Programme\AVPersonal\INFECTED\*.* Sat Dec 17 23:33:47 2005 => Scanning File D:\Programme\AVPersonal\INFECTED\AUDIOCONVERTER_SETUP.EXE.VIR Sun Dec 18 00:01:50 2005 => File D:\*\wcamdog4.exe infected by "Trojan-Spy.Win32.Delf.jx" Virus! Action Taken: No Action Taken. Sun Dec 18 00:18:09 2005 => File D:\*\Verlorene Dateien\Anwendungsdaten\Thunderbird\Profiles\seco08dx.default\Mail\Local Folders\*-Roland *.sbd\Posteingang infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken. Sun Dec 18 01:02:46 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sat Dec 17 21:45:21 2005 => File C:\WINNT\system32\SplWbr.dll tagged as "not-a-virus:AdWare.Win32.VirtualBouncer.j". Action Taken: No Action Taken. Sat Dec 17 21:54:56 2005 => File C:\WINNT\Downloaded Program Files\WUInst.dll tagged as "not-a-virus:AdWare.Win32.SaveNow.ab". Action Taken: No Action Taken. Sat Dec 17 22:59:40 2005 => File C:\Programme\RealVNC\WinVNC\winvnc.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.c. No Action Taken. Sat Dec 17 22:59:40 2005 => File C:\Programme\RealVNC\WinVNC\othread2.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.c. No Action Taken. Sat Dec 17 22:59:40 2005 => File C:\Programme\RealVNC\WinVNC\vnchooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.c. No Action Taken. Sat Dec 17 23:25:27 2005 => File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken. Sun Dec 18 00:00:55 2005 => File D:\*\vnc-3.3.7-x86_win32.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.c. No Action Taken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "offending" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sat Dec 17 21:40:11 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\powersearch !!! Sat Dec 17 21:40:11 2005 => Offending Key found: HKLM\Software\180solutions !!! Sat Dec 17 21:40:11 2005 => Offending Key found: HKLM\Software\dbi !!! Sat Dec 17 21:40:11 2005 => Offending Key found: HKLM\Software\gnu !!! Sat Dec 17 21:40:13 2005 => Offending file found: C:\WINNT\iun6002.exe Sat Dec 17 21:40:13 2005 => Offending file found: C:\WINNT\bi.ini Sat Dec 17 21:40:13 2005 => Offending Folder found: C:\WINNT\DOWNLO~1\conflict.1 Sat Dec 17 21:40:13 2005 => Offending file found: C:\WINNT\DOWNLO~1\wuinst.dll Sat Dec 17 21:40:13 2005 => Offending file found: C:\WINNT\system32\im64.dll Sat Dec 17 21:40:13 2005 => Offending file found: C:\WINNT\system32\plugin.dll Sat Dec 17 21:40:13 2005 => Offending file found: C:\WINNT\system32\cd_clint.dll Sat Dec 17 21:40:14 2005 => Offending Folder found: C:\Programme\powersearch Sat Dec 17 21:40:14 2005 => Offending Folder found: C:\Programme\password-finder Sat Dec 17 21:40:17 2005 => Offending file found: C:\Dokumente und Einstellungen\* *.*1\Lokale Einstellungen\temp\outlook logging\firstrun.log Sat Dec 17 21:40:21 2005 => Offending file found: C:\WINNT\iun6002.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sun Dec 18 01:02:46 2005 => Total Virus(es) Found: 27 Sun Dec 18 01:02:46 2005 => Total Errors: 437 Sun Dec 18 01:02:46 2005 => Time Elapsed: 03:22:56 Sun Dec 18 01:02:46 2005 => Total Objects Scanned: 166285 Sat Dec 17 21:30:47 2005 => Virus Database Date: 2005/12/12 Sat Dec 17 21:32:23 2005 => Virus Database Date: 2005/12/17 Sat Dec 17 21:38:34 2005 => Virus Database Date: 2005/12/17 Sun Dec 18 01:02:46 2005 => Virus Database Date: 2005/12/17 Sun Dec 18 07:06:11 2005 => Virus Database Date: 2005/12/17 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ Ich hab da noch solche komischen Einträge, was haben die zu bedeuten? Entry "HKCR\CLSID\{FEAE0BEA-7182-43EA-B081-0715AD6F42F8}" refers to invalid object "C:\Programme\ICQ\ICQSystemMsgPlugin.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{FF51CB06-15AC-46AB-AEBC-090180B64223}" refers to invalid object "C:\Programme\ICQ\ICQStDlg.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{FF5C8342-F369-406A-8E17-3F97238181C3}" refers to invalid object "C:\PROGRA~1\ICQ\ICQEDI~1.OCX". Action Taken: No Action Taken. Entry "HKCR\CLSID\{FFAE6E5C-1201-4F9C-82B6-F03184714FD2}" refers to invalid object "C:\Programme\ICQ\ICQSMS.dll". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{002E7DA2-BA9E-11D1-B526-0060085C418E}" refers to invalid object "D:\Programme\Norton SystemWorks\Speed Disk\VolumeS.DLL". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{02926246-D3D1-11D1-B545-0060085C418E}" refers to invalid object "D:\Programme\Norton SystemWorks\Speed Disk\SDOptions.DLL". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{307E43ED-E76F-11D3-BCDE-0004AC961EA6}" refers to invalid object "C:\Programme\ICQ\ICQOTLX.dll". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{30C7EED5-DC7A-11D3-BCDD-0004AC961EA6}" refers to invalid object "C:\Programme\ICQ\ICQOutL.dll". Action Taken: No Action Taken. ?????????? |
| Themen zu Könnte jemand mein HJT Log file durschauen? |
| adobe, antivir, bho, computer, ctfmon.exe, downloader, dsl, excel, explorer, firefox, hijack, hijackthis, icqtoolbar, internet, internet explorer, log file, logfile, mozilla, mozilla firefox, pdf, programme, registry, rundll, security center, software, symantec, system, thomas, unknown file in winsock lsp, urlsearchhook, windows |
Baum-Darstellung