Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   automatische einwahl ins IT Hilfe (https://www.trojaner-board.de/16541-automatische-einwahl-ins-it-hilfe.html)

tomzie 11.04.2005 16:39
automatische einwahl ins IT Hilfe
 
Bitte um Hilfe Rechner wählt sich seit Tagen automatisch ins Internet ein
habe ISDN / Provider Freenet.

McAfee zeigt bei Firewall einstellungen an das sich hwclock.exe einwählen
will oder eine Verbindung herstellen möchte.

Bitte um Rat!

Hier mein Logfile:

Danke


Logfile of HijackThis v1.99.1
Scan saved at 17:17:09, on 11.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\programme\mcafee.com\agent\mcagent.exe
C:\Programme\Creative\ShareDLL\CtNotify.exe
E:\Creative\SBLive\AudioHQ\AHQTB.EXE
E:\Creative\SBLive\Program\CTAvTray.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\Dialerblocker.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Programme\ATI Multimedia\main\launchpd.exe
E:\Acrobat 6.0 Prof\Distillr\acrotray.exe
C:\Programme\Creative\ShareDLL\MediaDet.Exe
C:\Programme\Gigaset\CAPI\Tools\CALLTRAY.exe
C:\Programme\eBay\eBay Toolbar\4.1.5.0\ebaytbar.exe
C:\Programme\Gigaset\talk&surf 5.1\SEMon21.exe
C:\Programme\Gigaset\talk&surf 5.1\xControlCOM.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
c:\PROGRA~1\mcafee.com\agent\McDash.exe
c:\programme\mcafee.com\shared\mghtml.exe
F:\Downloads\Hijackthis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de/
O2 - BHO: eBay Helper Object - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\Programme\eBay\eBay Toolbar\4.1.5.0\eBayBand.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Acrobat 6.0 Prof\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\programme\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\programme\mcafee.com\mps\popupkiller.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - e:\Acrobat 6.0 Prof\Acrobat\AcroIEFavClient.dll
O2 - BHO: TChkBHO Class - {C5E39AD6-F32B-4661-A0A3-38F62EDABB74} - C:\WINDOWS\system32\czykwdt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\Programme\eBay\eBay Toolbar\4.1.5.0\eBayBand.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - e:\Acrobat 6.0 Prof\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] e:\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] e:\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] E:\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{D35055FB-6715-463c-B944-840F815E59D4}] C:\WINDOWS\System32\Dialerblocker.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\RunOnce: [CTAVTray] e:\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programme\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Acrobat 6.0 Prof\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Call Tray.lnk = ?
O4 - Global Startup: eBay Toolbar.LNK = C:\Programme\eBay\eBay Toolbar\4.1.5.0\ebaytbar.exe
O4 - Global Startup: talk&surf 5.1 Monitor.lnk = ?
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\Programme\eBay\eBay Toolbar\4.1.5.0\eBayBand.dll
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\Programme\eBay\eBay

Toolbar\4.1.5.0\eBayBand.dll
O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -

http://public.windupdates.com/get_fi...1056358665b9cc

bfc44675022906c91115a1aad9:1490f25ff639ab01838dddceaa40921f
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF77DC41-A591-457F-B77D-36D802CE7E61}: NameServer = 62.104.191.241 62.104.196.134
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc -

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation -

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: xControlCOM - Siemens - C:\Programme\Gigaset\talk&surf 5.1\xControlCOM.exe

Cidre 11.04.2005 16:54
Hallo,

aufgrund deines Patchlevels 'Steinzeit' und weiteren nicht getroffen Absicherungsmassnahmen, hast du dir etliche Malware installiert, u.a. diesen:
Zitat:
W32/Hwbot-A is a network worm with IRC backdoor functionaility.
W32/Hwbot-A connects to an IRC server and waits for instructions from a remote user. Possible instructions include downloading and execute further code or to spreading via network secruity exploits...
W32/Hwbot-A may attempt to inject code to delete itself into explorer.exe and may crash the infected computer during this process.
Quelle: http://www.sophos.com/virusinfo/analyses/w32hwbota.html

Dein System ist somit nicht mehr vertrauenswürdig. Daher lautet mein Rat: Setze dein System neu auf und sichere es anschliessend VOR der ersten Online-Sitzung dementsprechend ab, siehe Signatur.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131