Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Brauche Hilfe bei der Log File

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.07.2008, 20:11   #1
Tweety1512
 
Brauche Hilfe bei der Log File - Standard

Brauche Hilfe bei der Log File



Hallo zusammen,

bin neu hier und brauche Hilfe. Meine PC spinnt seit einigen Tagen, habe schon vieles ausprobiert aber leider nichts geholfen. Das Problem sieht wie folgt aus:

Wenn ich ins Internet gehe und Internet Explorer starte kommen nach kurzer Zeit PopUp Fenster z.B. CiD aber auch andere die total nerven.
Bin mir ziemlich sicher das ich einige Trojaner habe weiss aber nicht wie ich die am besten entfernen kann. Habe AVG Anti Virus programm und Windows Defender. Habe das AVG im abgesicherten Modus gestartet und was gefunden gehabt allerdings ist es danach nicht besser geworden.
Ausserdem ist das Windows Schild in der Taskleiste "Windows Sicherheitswarnungen" auf rot und den krieg ich nicht auf grün obwohl ich alles aktieviert habe.

Hier meine HijackThis Log-File - wäre nett wenn mir jemand helfen würde und drüber guckt.

Logfile of HijackThis v1.99.1
Scan saved at 20:30:44, on 18.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\mmrtkrnl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\AVG\AVG8\aAvgApi.exe
C:\Programme\HijackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programme\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Support audio cool poll] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\INTERNET SPAM SUPPORT AUDIO\Win Funk.exe
O4 - HKLM\..\Run: [5848b6a2] rundll32.exe "C:\WINDOWS\system32\tveihclm.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BM5b7b853e] Rundll32.exe "C:\WINDOWS\system32\viaijcak.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



Danke

Gruss
Tweety

Alt 19.07.2008, 18:27   #2
-SilverDragon-
 
Brauche Hilfe bei der Log File - Standard

Brauche Hilfe bei der Log File



Hallo Tweety und

Fixe zuerst alle diese Einträge (es müssten über 30 sein):

Code:
ATTFilter
O18 - Protocol: bw+0 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
         
Und diese:

Code:
ATTFilter
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
         
Danach suche Virustotal auf und lasse folgende Dateien nacheinander überprüfen:

Code:
ATTFilter
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\INTERNET SPAM SUPPORT AUDIO\Win Funk.exe

C:\WINDOWS\system32\tveihclm.dll

C:\WINDOWS\system32\viaijcak.dll
         
Die Ergebnisse KOMPLETT hier in den Thread posten.
__________________


Alt 20.07.2008, 17:22   #3
Tweety1512
 
Brauche Hilfe bei der Log File - Standard

Brauche Hilfe bei der Log File



Hallo SilverDragon,

danke für deine Antwort habe es soweit hoffe ich alles richtig gemacht und ist folgendes rausgekommen:

HijackThis Log File

Logfile of HijackThis v1.99.1
Scan saved at 18:09:33, on 20.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\mmrtkrnl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\winhlp32.exe
C:\Programme\HijackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programme\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programme\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [5848b6a2] rundll32.exe "C:\WINDOWS\system32\tveihclm.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BM5b7b853e] Rundll32.exe "C:\WINDOWS\system32\viaijcak.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Mit dem Virustotal hebe ich nur eine Datei überprüft die anderen sind nicht mehr im Verzeichnis drin, ist das Schlimm?

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.17.0 2008.07.18 -
AntiVir 7.8.1.11 2008.07.20 -
Authentium 5.1.0.4 2008.07.20 W32/Swizzor.D.gen!Eldorado
Avast 4.8.1195.0 2008.07.20 Win32:Swizzor
AVG 8.0.0.130 2008.07.20 -
BitDefender 7.2 2008.07.20 -
CAT-QuickHeal 9.50 2008.07.18 -
ClamAV 0.93.1 2008.07.20 -
DrWeb 4.44.0.09170 2008.07.20 -
eSafe 7.0.17.0 2008.07.20 -
eTrust-Vet 31.6.5966 2008.07.18 -
Ewido 4.0 2008.07.20 -
F-Prot 4.4.4.56 2008.07.20 W32/Swizzor.D.gen!Eldorado
F-Secure 7.60.13501.0 2008.07.20 -
Fortinet 3.14.0.0 2008.07.20 -
GData 2.0.7306.1023 2008.07.20 Win32:Swizzor
Ikarus T3.1.1.34.0 2008.07.20 -
Kaspersky 7.0.0.125 2008.07.20 -
McAfee 5342 2008.07.18 -
Microsoft 1.3704 2008.07.20 -
NOD32v2 3282 2008.07.19 -
Norman 5.80.02 2008.07.18 -
Panda 9.0.0.4 2008.07.20 -
Prevx1 V2 2008.07.20 -
Rising 20.53.62.00 2008.07.20 -
Sophos 4.31.0 2008.07.20 -
Sunbelt 3.1.1536.1 2008.07.18 -
Symantec 10 2008.07.20 -
TheHacker 6.2.96.385 2008.07.19 -
TrendMicro 8.700.0.1004 2008.07.18 -
VBA32 3.12.8.1 2008.07.20 -
VirusBuster 4.5.11.0 2008.07.19 -
Webwasher-Gateway 6.6.2 2008.07.20 -
weitere Informationen
File size: 4905472 bytes
MD5...: 09c29e7fbed345b3b296c3f4eb041e28
SHA1..: 911d15521c0b56f93c8d4e9d57500b6c8ec7c311
SHA256: 893c896831f7334f6aeb143e1bad5a37c8c24903fd3b67d3e04fc95c4a6bef31
SHA512: e65c013ce947715e22f5bfb3ab88e4c7988132362f76938295ea09c27c54577c
67361011c2bf4692b5ec53643ed4e9ea6947304b88e3022d0561b75c662dc081
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40b865
timedatestamp.....: 0x474eef7c (Thu Nov 29 16:57:32 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2939d 0x29400 6.24 46361fe3d1fea47c7c5eb8c7b8c54412
.rdata 0x2b000 0x73e4 0x2800 5.38 cfdd3de0703c3f673c648f6043eef58f
.data 0x33000 0x47b338 0x480800 8.00 d2fa20ebe6124d1ab1322207d8851e92
.rsrc 0x4af000 0x118a 0x1200 3.44 ec85c737167bc6acc1cae18492a58fcd

( 5 imports )
> SHELL32.dll: DragQueryFileW, SHQueryRecycleBinA, ExtractAssociatedIconExA
> KERNEL32.dll: MultiByteToWideChar, GetModuleHandleW, GetDateFormatA, OpenMutexA, FreeLibrary, TlsGetValue, LeaveCriticalSection, VirtualAlloc, SetUnhandledExceptionFilter, GetStringTypeW, SetFilePointer, WideCharToMultiByte, GetUserDefaultLCID, HeapSize, GlobalFindAtomA, CreateFileA, IsDebuggerPresent, GetTimeFormatA, WaitNamedPipeW, GetEnvironmentStringsW, GetStringTypeA, FlushFileBuffers, GetCPInfo, IsValidLocale, lstrcat, CompareStringW, GetProcAddress, GetModuleHandleA, IsValidCodePage, CreateNamedPipeW, GetStartupInfoA, GetTimeZoneInformation, GetOEMCP, InterlockedDecrement, GetLocaleInfoA, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, FreeEnvironmentStringsW, SetEnvironmentVariableA, GetCurrentThreadId, WriteConsoleA, WriteConsoleW, LoadLibraryA, GetConsoleOutputCP, GetEnvironmentStrings, GetCurrentThread, GetWindowsDirectoryW, ExitProcess, QueryPerformanceCounter, SetComputerNameA, CreateSemaphoreA, InterlockedExchange, ReadFile, VirtualFree, GetCommandLineW, HeapCreate, HeapFree, HeapAlloc, RtlUnwind, GetModuleFileNameW, GetLocaleInfoW, GetModuleFileNameA, EnumSystemLocalesA, VirtualQuery, WriteConsoleInputA, InterlockedIncrement, GetACP, SetLastError, TerminateProcess, TlsAlloc, SetConsoleCtrlHandler, WriteProfileStringA, GetConsoleCP, GetStdHandle, GetCurrentProcess, CompareStringA, Sleep, UnhandledExceptionFilter, GetFileType, WriteFile, GetProcessShutdownParameters, CreateMutexA, GetCommandLineA, TlsSetValue, EnumTimeFormatsW, HeapReAlloc, CloseHandle, GetConsoleMode, HeapDestroy, GetStartupInfoW, GetSystemTimeAsFileTime, LCMapStringA, SetStdHandle, EnterCriticalSection, GetCurrentProcessId, TlsFree, GetLastError, GetTickCount, LCMapStringW, EnumDateFormatsA, SetHandleCount
> USER32.dll: ReuseDDElParam, GetWindowLongW, GetDlgCtrlID, RegisterClassA, CreateIcon, RegisterClassExA, SetCaretPos, GetMenuItemInfoA, DeferWindowPos, AnyPopup, ChangeDisplaySettingsExW, DdeImpersonateClient, EnumChildWindows, DdeGetData, DrawStateA, InsertMenuItemA
> comctl32.dll: InitCommonControlsEx
> comdlg32.dll: ChooseFontA

( 0 exports )

packers (Kaspersky): PE_Patch


Danke im Vorraus für die Antwort.

Gruss
Tweety
__________________

Alt 20.07.2008, 23:12   #4
-SilverDragon-
 
Brauche Hilfe bei der Log File - Standard

Brauche Hilfe bei der Log File



Lade dir The Avenger
Kopiere dann folgenden Text in die weiße Textbox:

Code:
ATTFilter
Files to delete:
C:\WINDOWS\system32\tveihclm.dll
C:\WINDOWS\system32\viaijcak.dll

registry keys to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BM5b7b853e
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\5848b6a2
         
Klick danach auf Execute
Poste nach dem Neustart den Inhalt den erscheinenden Editorfensters in [code]-Tags

Anschließend neues HijackThis Logfile.

Alt 21.07.2008, 15:57   #5
Tweety1512
 
Brauche Hilfe bei der Log File - Standard

Brauche Hilfe bei der Log File



Hallo SilverDragon,

anbei die Avenger Log File:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\tveihclm.dll" not found!
Deletion of file "C:\WINDOWS\system32\tveihclm.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\viaijcak.dll" not found!
Deletion of file "C:\WINDOWS\system32\viaijcak.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BM5b7b853e" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BM5b7b853e" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\5848b6a2" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\5848b6a2" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


Und die Hijack Log File:

Logfile of HijackThis v1.99.1
Scan saved at 16:18:04, on 21.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programme\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\ESET\ESET Smart Security\egui.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\HijackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Programme\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1124BAB2-ABE7-43A2-8F5D-98DE32A29625}: NameServer = 192.168.1.1
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {11E9E25E-87B5-42EF-A145-2A80586A640D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programme\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programme\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Gruss
Tweety


Antwort

Themen zu Brauche Hilfe bei der Log File
abgesicherten modus, avg security toolbar, bonjour, brauche hilfe, cid, computer, desktop, e-mail, entfernen, excel, hijack, hijackthis, internet, internet explorer, log file, magix, popup, problem, programm, rundll, security, software, symantec, system, trojaner, unknown file in winsock lsp, virus, windows, windows xp



Ähnliche Themen: Brauche Hilfe bei der Log File


  1. HiJackThis Log-File! Ich brauche Hilfe :(2
    Mülltonne - 01.01.2009 (0)
  2. Brauche Hilfe mit HijackThis Log-File
    Log-Analyse und Auswertung - 25.10.2008 (0)
  3. Brauche Hilfe bei HiJackThis Log-File
    Log-Analyse und Auswertung - 19.06.2008 (0)
  4. Brauche Hilfe bei Log-File Auswertung
    Log-Analyse und Auswertung - 29.03.2008 (2)
  5. Brauche Hilfe beim Log File
    Log-Analyse und Auswertung - 15.02.2008 (2)
  6. Brauche Hilfe - Trojaner gefunden HJT Log-File
    Log-Analyse und Auswertung - 26.01.2008 (0)
  7. Ich Brauche Hilfe (log File)
    Log-Analyse und Auswertung - 07.01.2008 (10)
  8. Brauche Hilfe bei meinem Log-File
    Log-Analyse und Auswertung - 08.09.2007 (2)
  9. Log-File, brauche hilfe
    Mülltonne - 21.08.2007 (0)
  10. HiJackThis Log-File--- Brauche Hilfe!
    Log-Analyse und Auswertung - 04.06.2007 (1)
  11. Brauche Hilfe - Hab den Log File angepasst
    Log-Analyse und Auswertung - 20.03.2007 (20)
  12. ich brauche hilfe mit nem log-file plz ...
    Mülltonne - 22.08.2006 (1)
  13. Brauche Hilfe zu Log File RootkitRevealer
    Log-Analyse und Auswertung - 18.07.2006 (11)
  14. Brauche Hilfe beim Log-File....
    Log-Analyse und Auswertung - 15.04.2006 (1)
  15. brauche hilfe bei meinem log-file
    Log-Analyse und Auswertung - 03.01.2006 (5)
  16. HiJack Log-File - brauche Hilfe
    Log-Analyse und Auswertung - 21.04.2005 (2)
  17. brauche Hilfe Log File HijackThis
    Plagegeister aller Art und deren Bekämpfung - 03.03.2004 (4)

Zum Thema Brauche Hilfe bei der Log File - Hallo zusammen, bin neu hier und brauche Hilfe. Meine PC spinnt seit einigen Tagen, habe schon vieles ausprobiert aber leider nichts geholfen. Das Problem sieht wie folgt aus: Wenn ich - Brauche Hilfe bei der Log File...
Archiv
Du betrachtest: Brauche Hilfe bei der Log File auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.