neulig braucht unbedingt hilfe

xdream1328 · 05.10.2004, 08:32

hallo @ all!
ich bin über google aub das forum gestossen, und muss sagen -> genial!

mein problem ist, dass gestern beim runterladen vom sp2 ging automatisch ein telnet fenster auf, und danach war das system instabil... antivir findet immer mal wieder trojaner und dialer, aber das sind wohl nicht alle...
hab dann hier im forum rumgelesen, und mir das escan geholt, das hat dann mehr trojaner gefunden, aber nicht beseitigt...
als letzte möglichkeit hab ich jetzt eure hilfe gesehen.

min hijack this logfile:

Logfile of HijackThis v1.98.2
Scan saved at 09:27:26, on 05.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Apache2\bin\Apache.exe
C:\WINDOWS\System32\Atievxx.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\mysql\bin\mysqld-nt.exe
C:\Apache2\bin\Apache.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\iRiver\iHP100\iHPDetect.exe
C:\Programme\QuickTime\qttask.exe
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\DOKUME~1\Anian\LOKALE~1\Temp\e1f577sogk.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\Plaxo\1.5.2.32\InstallStub.exe
C:\WINDOWS\system32\winmm64.exe
C:\WINDOWS\system32\6432s-ntms.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Apache2\bin\ApacheMonitor.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\mysql\bin\winmysqladmin.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\antispyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=n-abc
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=n-abc
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s-redirect.com/?b=n-abc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=n-abc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=n-abc
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=n-abc
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=n-abc
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R3 - URLSearchHook: (no name) - {FA78D247-B00B-6420-324F-D2360CCAAFF6} - C:\DOKUME~1\Anian\LOKALE~1\Temp\e1f577sogk.exe
O1 - Hosts: 69.61.29.131 yahoo.com
O1 - Hosts: 69.61.29.131 www.yahoo.com
O1 - Hosts: 69.61.29.131 search.yahoo.com
O1 - Hosts: 69.61.29.132 google.com
O1 - Hosts: 69.61.29.132 www.google.com
O1 - Hosts: 69.61.29.133 msn.com
O1 - Hosts: 69.61.29.133 www.msn.com
O1 - Hosts: 69.61.29.133 search.msn.com
O1 - Hosts: 69.61.29.133 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\GEMEIN~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\GEMEIN~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iHP-100] C:\Programme\iRiver\iHP100\iHPDetect.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Programme\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [AA2CFD7B] C:\DOKUME~1\Anian\LOKALE~1\Temp\e1f577sogk.exe
O4 - HKLM\..\Run: [B0744E73] C:\DOKUME~1\Anian\LOKALE~1\Temp\8f98tv2mjy.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.5.2.32\InstallStub.exe -a
O4 - HKCU\..\Run: [SpywareGuardPlus] C:\WINDOWS\system32\winmm64.exe
O4 - HKCU\..\Run: [nthh] C:\WINDOWS\nthh.exe
O4 - HKCU\..\Run: [6432s-ntms] C:\WINDOWS\system32\6432s-ntms.exe
O4 - HKCU\..\Run: [AA2CFD7B] C:\DOKUME~1\Anian\LOKALE~1\Temp\e1f577sogk.exe
O4 - HKCU\..\Run: [B0744E73] C:\DOKUME~1\Anian\LOKALE~1\Temp\8f98tv2mjy.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {62360003-D8A7-418B-9DC6-2B9DE95273A0} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v8/0326/ticker.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094666532283
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60D647AD-8A18-4171-8435-0032B513C49C}: NameServer = 217.237.151.97 217.237.150.33

bitte helft mir, brauche meinen rechner dringend...

greetz

neulig braucht unbedingt hilfe

Log-Analyse und Auswertung: neulig braucht unbedingt hilfe

neulig braucht unbedingt hilfe

Ähnliche Themen: neulig braucht unbedingt hilfe