hilfe habe auch den trojaner TR/VB.qn.C

crosser · 29.01.2005, 18:29

ich habe hier schon mal mein log file. es währe nett, wenn ihr mal einen blick drauf werfen könntet.

Logfile of HijackThis v1.99.0
Scan saved at 18:26:51, on 29.01.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\Mixer.exe
C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe
F:\Programme\antivir\AVSched32.EXE
F:\Programme\antivir\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\prutmct.exe
F:\Programme\antivir\AVWUPSRV.EXE
C:\Programme\Ulead Systems\Ulead Photo Express 2\CalCheck.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\prutmct.exe
C:\WINDOWS\System32\wuauclt.exe
F:\Programme\antivir\AVGUARD.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
c:\Programme\ClearProg\ClearProg.exe
F:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Mario&Martina\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.searchv.com/1/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchv.com/1/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.searchv.com/1/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.searchv.com/1/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.searchv.com/1/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://www.searchv.com/1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.searchv.com/1/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://www.searchv.com/1/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://www.searchv.com/1/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {C4F5E343-9494-47E4-8E35-440B49E25FD5} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\programme\AcrobatReader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\E2G\IeBHOs.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TeenSex] C:\WINDOWS\Dialer\pdialer.exe !m ln=WMP200000001650} sl=sx000055} dn=TeenSex} sn=TeenSex} tu=hxxp://63.66.136.123/m/} ru=} pl=837} nu=216}
O4 - HKLM\..\Run: [TeenSex(1)] C:\WINDOWS\Dialer\pdialer.exe !m ln=WMP200000000454} sl=sx000813} dn=TeenSex} sn=TeenSex} tu=hxxp://63.66.136.123/m/} ru=} pl=535} nu=372}
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [WinampAgent] "F:\Programme\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT] C:\Programme\Ulead Systems\Ulead Photo Express 2\ChkFont.exe
O4 - HKLM\..\Run: [AVSCHED32] F:\Programme\antivir\AVSched32.EXE /min
O4 - HKLM\..\Run: [websx] C:\Programme\websx\int129365.exe -auto
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] F:\Programme\antivir\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] F:\PROGRA~1\YAHOOM~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [prutmct] C:\WINDOWS\System32\prutmct.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 2\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C05F7956B1} - hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/find.html (file missing)
O9 - Extra button: ANTIVIRUS - {0B5F1910-F111-11d2-BB9E-00C05F7956B2} - hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/antivirus.html (file missing)
O9 - Extra button: ENTERTAINMENT - {0B5F1910-F111-11d2-BB9E-00C05F7956B3} - hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/ggo.html (file missing)
O9 - Extra button: SECURITY - {0B5F1910-F111-11d2-BB9E-00C05F7956B4} - hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/warning.htm (file missing)
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C05F7956B5} - hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/topsearch.html (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\YAHOOM~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\YAHOOM~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O13 - DefaultPrefix: hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/c/c.pl?url=
O16 - DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - hxxp://software-dl.real.com/133f5e1ce05306fc2805/netzip/RdxIE601_de.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - hxxp://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - hxxp://pluginaccess.com/Browser_Plugin.cab
O16 - DPF: {B09B1D8B-88D6-4C91-BB62-378625E8C73E} ({B09B1D8B-88D6-4C91-BB62-378625E8C73E}) - hxxp://www.popup.to/connect/PremiumConnectLoad.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - hxxp://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C4F5E343-9494-47E4-8E35-440B49E25FD5} - hxxp://www.fehlerpage.de/cab/fehlerpage.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - hxxp://www.download-url.de/install/StarInstall.ocx
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - hxxp://xbs.mtreexxx.nl/mt/dialers/fc/UniDist.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - hxxp://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEF37ADD-8207-420F-9629-38E2214137DE}: NameServer = 217.237.149.161 217.237.151.225
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - F:\Programme\antivir\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - F:\Programme\antivir\AVWUPSRV.EXE
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - F:\Programme\speedmanager\tsmsvc.exe

hilfe habe auch den trojaner TR/VB.qn.C

Plagegeister aller Art und deren Bekämpfung: hilfe habe auch den trojaner TR/VB.qn.C

hilfe habe auch den trojaner TR/VB.qn.C

Ähnliche Themen: hilfe habe auch den trojaner TR/VB.qn.C