![]() |
|
Plagegeister aller Art und deren Bekämpfung: HIJACKTHIS logfile für bloodhound.exploit.6Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() HIJACKTHIS logfile für bloodhound.exploit.6 hier meine log file Logfile of HijackThis v1.99.0 Scan saved at 20:59:54, on 03.01.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\Dokumente und Einstellungen\Hüseyin.AUTO-HF21KQW7Q1\Lokale Einstellungen\Temp\Temporäres Verzeichnis 2 für hijackthis199.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.top-search.us/index.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.top-search.us/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.top-search.us/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.top-search.us/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top-search.us/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.top-search.us/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.top-search.us/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.top-search.us/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.top-search.us/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top-search.us/index.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.top-search.us/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.top-search.us/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.top-search.us/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.top-search.us/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.top-search.us/index.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.top-search.us/index.html R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fuckherthroat.com/popup/popup.html R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: Shell=Explorer.exe monitor.exe O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\System32\mspxs32.dll O2 - BHO: (no name) - {63BA8513-45FE-635C-A805-17943A91D897} - C:\WINDOWS\System32\yygozme.dll O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file) O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file) O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\Internet\T-DSL SpeedManager\SpeedMgr.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Programme\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [WindowsRegKey update] winupdate.exe O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.crazywinnings.com O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.topconverting.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.crazywinnings.com (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.topconverting.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted IP range: 67.19.178.84 O15 - Trusted IP range: 67.19.178.84 (HKLM) O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CF4CE3DE-35C7-4445-B7C8-0D303DA37152}: NameServer = 192.168.121.252,192.168.121.253 O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\PROGRAMME\INTERNET\TELEDAT\de_serv.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\Internet\T-DSL SpeedManager\tsmsvc.exe |
Themen zu HIJACKTHIS logfile für bloodhound.exploit.6 |
antivir update, antivirus, bho, ctfmon.exe, dateien, einstellungen, excel, explorer, helper, hijack, hijackthis, hijackthis logfile, internet, internet explorer, log, logfile, microsoft, programme, settings manager, software, symantec, system, system32, t-online, tcpip, temp, update, urlsearchhook, win32, windows, windows xp |