brauche hilfe beim auswerten von hijackthis

doedel · 09.04.2005, 14:56

Logfile of HijackThis v1.99.0
Scan saved at 14:23:03, on 09.04.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\EIGENE DATEIEN\DENIS\HIJACKTHIS199\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deep-ass.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O1 - Hosts: 3506967828 thehun.net
O1 - Hosts: 3506967828 www.thehun.net
O1 - Hosts: 3506967828 thehun.com
O1 - Hosts: 3506967828 www.thehun.com
O1 - Hosts: 3506967828 worldsex.com
O1 - Hosts: 3506967828 www.worldsex.com
O1 - Hosts: 3506967828 al4a.com
O1 - Hosts: 3506967828 www.al4a.com
O1 - Hosts: 3506967828 elephantlist.com
O1 - Hosts: 3506967828 www.elephantlist.com
O1 - Hosts: 3506967828 sleazydream.com
O1 - Hosts: 3506967828 www.sleazydream.com
O1 - Hosts: 3506967828 lumberjack-links.com
O1 - Hosts: 3506967828 www.lumberjack-links.com
O1 - Hosts: 3506967828 book-mark.net
O1 - Hosts: 3506967828 www.book-mark.net
O1 - Hosts: 3506967828 freeones.com
O1 - Hosts: 3506967828 www.freeones.com
O1 - Hosts: 3506967828 thumbzilla.com
O1 - Hosts: 3506967828 www.thumbzilla.com
O1 - Hosts: 3506967828 pinkworld.com
O1 - Hosts: 3506967828 www.pinkworld.com
O1 - Hosts: 3506967828 call-kelly.com
O1 - Hosts: 3506967828 www.call-kelly.com
O1 - Hosts: 3506967828 mmm100.com
O1 - Hosts: 3506967828 www.mmm100.com
O1 - Hosts: 3506967828 bunnyteens.com
O1 - Hosts: 3506967828 www.bunnyteens.com
O1 - Hosts: 3506967828 vidsvidsvids.com
O1 - Hosts: 3506967828 www.vidsvidsvids.com
O1 - Hosts: 3506967828 youngerbabes.com
O1 - Hosts: 3506967828 www.youngerbabes.com
O1 - Hosts: 3506967828 mature-post.com
O1 - Hosts: 3506967828 www.mature-post.com
O1 - Hosts: 3506967828 pornno.com
O1 - Hosts: 3506967828 www.pornno.com
O1 - Hosts: 3506967828 x-ho.com
O1 - Hosts: 3506967828 www.x-ho.com
O1 - Hosts: 3506967828 catlist.com
O1 - Hosts: 3506967828 www.catlist.com
O1 - Hosts: 3506967828 teenax.com
O1 - Hosts: 3506967828 www.teenax.com
O1 - Hosts: 3506967828 google.com
O1 - Hosts: 3506967828 www.google.com
O1 - Hosts: 3506967828 buldog.com
O1 - Hosts: 3506967828 www.buldog.com
O1 - Hosts: 3506967828 persiankitty.com
O1 - Hosts: 3506967828 www.persiankitty.com
O1 - Hosts: 3506967828 jizzhut.com
O1 - Hosts: 3506967828 www.jizzhut.com
O1 - Hosts: 3506967828 alexmovies.com
O1 - Hosts: 3506967828 www.alexmovies.com
O1 - Hosts: 3506967828 moviesarena.com
O1 - Hosts: 3506967828 www.moviesarena.com
O1 - Hosts: 3506967828 freepicturepage.com
O1 - Hosts: 3506967828 www.freepicturepage.com
O1 - Hosts: 3506967828 ultradonkey.com
O1 - Hosts: 3506967828 www.ultradonkey.com
O1 - Hosts: 3506967828 amplandmovies.com
O1 - Hosts: 3506967828 www.amplandmovies.com
O1 - Hosts: 3506967828 yahoo.com
O1 - Hosts: 3506967828 www.yahoo.com
O1 - Hosts: 3506967828 grannypictures.com
O1 - Hosts: 3506967828 www.grannypictures.com
O1 - Hosts: 3506967828 jamies-galleries.com
O1 - Hosts: 3506967828 www.jamies-galleries.com
O1 - Hosts: 3506967828 freebigmovies.com
O1 - Hosts: 3506967828 www.freebigmovies.com
O1 - Hosts: 3506967828 auntpolly.com
O1 - Hosts: 3506967828 www.auntpolly.com
O1 - Hosts: 3506967828 smashingthumbs.com
O1 - Hosts: 3506967828 www.smashingthumbs.com
O1 - Hosts: 3506967828 freeheaven.com
O1 - Hosts: 3506967828 www.freeheaven.com
O1 - Hosts: 3506967828 smokinmovies.com
O1 - Hosts: 3506967828 www.smokinmovies.com
O1 - Hosts: 3506967828 stickyhole.com
O1 - Hosts: 3506967828 www.stickyhole.com
O1 - Hosts: 3506967828 thumbnailpost.com
O1 - Hosts: 3506967828 www.thumbnailpost.com
O1 - Hosts: 3506967828 shagadelic.com
O1 - Hosts: 3506967828 www.shagadelic.com
O1 - Hosts: 3506967828 localteenies.com
O1 - Hosts: 3506967828 www.localteenies.com
O1 - Hosts: 3506967828 livesexlist.com
O1 - Hosts: 3506967828 www.livesexlist.com
O1 - Hosts: 3506967828 panty-ass.com
O1 - Hosts: 3506967828 www.panty-ass.com
O1 - Hosts: 3506967828 interracialporno.nu
O1 - Hosts: 3506967828 www.interracialporno.nu
O1 - Hosts: 3506967828 thumbco.com
O1 - Hosts: 3506967828 www.thumbco.com
O1 - Hosts: 3506967828 babes4free.com
O1 - Hosts: 3506967828 www.babes4free.com
O1 - Hosts: 3506967828 madthumbs.com
O1 - Hosts: 3506967828 www.madthumbs.com
O1 - Hosts: 3506967828 teeniefiles.com
O1 - Hosts: 3506967828 www.teeniefiles.com
O1 - Hosts: 3506967828 onlyteenstgp.com
O1 - Hosts: 3506967828 www.onlyteenstgp.com
O1 - Hosts: 3506967828 sublimedirectory.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - C:\WINDOWS\SYSTEM\BHOMOD.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec Core LC] C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKLM\..\Run: [MSUpdSrv] msupdsrv.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKCU\..\Run: [x3yy] C:\WINDOWS\SYSTEM\X3YY\CHENLMGO.EXE
O4 - HKCU\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - Startup: Startleiste.lnk = C:\BISY\LAUNCHER.EXE
O4 - Startup: VR-NetWorld Auftragsprüfung.lnk = C:\Programme\VR-NetWorld\vrtoolcheckorder.exe
O4 - Global Startup: WERBAS-Compact (2).lnk = C:\WALI\WP.EXE
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)

Gigamail · 09.04.2005, 15:56

Hi,

Du bist leider schwer verseucht setze deine Kiste zu Deiner eigenen Sicherheit neu auf.
Du hast unter anderem einen Backdoor on Board

Zitat:

O4 - HKLM\..\RunServices: [ntddetect] WS\SYSTEM\ntddetect.exe

Der hier ist aktiv
Nebeneffekte:
# Ermöglicht Dritten den Zugriff auf den Computer
# Reduziert die Systemsicherheit
# Installiert sich in der Registrierung
# Hinterlässt nicht infizierte Dateien auf dem Computer

Das heisst Du bist Kompromittiert

brauche hilfe beim auswerten von hijackthis

Log-Analyse und Auswertung: brauche hilfe beim auswerten von hijackthis

brauche hilfe beim auswerten von hijackthis

brauche hilfe beim auswerten von hijackthis

Ähnliche Themen: brauche hilfe beim auswerten von hijackthis