HiJack-Log

Shadow21 · 23.05.2005, 15:06

Ich hoffe, dass ich das Log richtig bearbeitet habe. Sprich alle Links gegen

Code:

ATTFilter

http:www.trojaner-board.de

ersetzt.

Code:

ATTFilter

Logfile of HijackThis v1.99.1
Scan saved at 15:52:08, on 23.05.2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\Programme\Netscape\Netscape\Netscp.exe
C:\Programme\irc\TECHNICS\MIRC32.EXE
C:\WINDOWS\system32\mfcas32.exe
C:\WINDOWS\addyv32.exe
C:\Download\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = h**p://trojaner-board.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ggwvw.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ggwvw.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ggwvw.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ggwvw.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ggwvw.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ggwvw.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = h**p://trojaner-board.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://trojaner-board.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ggwvw.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://trojaner-board.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = h**p://trojaner-board.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WESTWOOD\ALARM\INSTICON.EXE C:\WESTWOOD\ALARM\INSTICON.EXE
O2 - BHO: (no name) - {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C} - C:\WINDOWS\ntjb32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [mfcas32.exe] C:\WINDOWS\system32\mfcas32.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\RunOnce: [addyv32.exe] C:\WINDOWS\addyv32.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O13 - WWW. Prefix: http://
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.db105.com
O15 - Trusted Zone: *.tl81.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.db105.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.tl81.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 81.222.131.50
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096811358136
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - h**p://trojaner-board.de
O21 - SSODL: dRcjIeWo - {116C19FC-BBC6-B356-3889-48B8524C0FD0} - C:\WINDOWS\System32\hjkt.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sdkop32.exe (file missing)
O23 - Service: AntiVir Service (AntiVirService) - Unknown owner - C:\Programme\AVPersonal\AVGUARD.EXE (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Programme\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: CHIPDRIVESCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE

HiJack-Log

Log-Analyse und Auswertung: HiJack-Log

HiJack-Log

Ähnliche Themen: HiJack-Log