| |
| |||||||
Log-Analyse und Auswertung: Hijack Log auswerten (Homesearch Problem)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.08.2004, 19:11
| #1 |
| |  Hijack Log auswerten (Homesearch Problem) Vielen dank schonmal im Vorraus, für eure Hilfe  - So hier die Log:Logfile of HijackThis v1.98.2 Scan saved at 20:02:10, on 23.08.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CTsvcCDA.EXE C:\Programme\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\appjg.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Creative\SBLive\AudioHQ\AHQTB.EXE C:\Programme\Creative\SBLive\Program\CTAvTray.EXE C:\programme\powerstrip\pstrip.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\WINDOWS\System32\rundll32.exe C:\Programme\ISTsvc\istsvc.exe C:\Programme\CursorXP\CursorXP.exe C:\Programme\Gemeinsame Dateien\GMT\GMT.exe C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\sdkbj32.exe C:\WINDOWS\System32\devldr32.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\blubber\Desktop\HijackThis.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.info/ R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\piysx.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\piysx.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\piysx.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\piysx.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\piysx.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\piysx.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ls0.net/srchasst.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://ls0.net/srchasst.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\piysx.dll/sp.html#29126 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ls0.net/srchasst.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://ls0.net/srchasst.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ls0.net/home.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://aifind.info/ R3 - Default URLSearchHook is missing F1 - win.ini: run=fntldr.exe O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: (no name) - {927AE5BC-41C7-D01F-8143-D23525B82F67} - C:\WINDOWS\ntgo32.dll O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [AHQInit] C:\Programme\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [LogonStudio] "C:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [AudioHQ] C:\Programme\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [CTAvTray] C:\Programme\Creative\SBLive\Program\CTAvTray.EXE O4 - HKLM\..\Run: [PowerStrip] c:\programme\powerstrip\pstrip.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" O4 - HKLM\..\Run: [mfcqf32.exe] C:\WINDOWS\system32\mfcqf32.exe O4 - HKLM\..\Run: [sdkbj32.exe] C:\WINDOWS\sdkbj32.exe O4 - HKLM\..\RunOnce: [CTAVTray] C:\Programme\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI O4 - HKCU\..\Run: [CursorXP] C:\Programme\CursorXP\CursorXP.exe O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\ICQ\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\ICQ\ICQ\ICQ.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/ger_nopop.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/200...Inc/bridge.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll O19 - User stylesheet: C:\WINDOWS\color.css O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM) |
|
23.08.2004, 19:15
| #2 |
  | Hijack Log auswerten (Homesearch Problem) Hallo kYrbY
__________________Bitte 1. Board-Suche benutzen: http://www.trojaner-board.com/search.php?searchid=29626 2. Dein , sorry, vor Kurzem dein PC musst du neu aufsetzen, da seeeehr viel Müll drin steckt. |
|
| Themen zu Hijack Log auswerten (Homesearch Problem) |
| antivirus, auswerten, bho, desktop, dll, einstellungen, excel, explorer, hijack, hijackthis, hilfe, icq, internet, internet explorer, log, log auswerten, microsoft, obfuscated, object, problem, programme, rundll, software, studio, symantec, system, urlsearchhook, vielen dank, windows, windows xp |
Linear-Darstellung
