| |
| |||||||
Log-Analyse und Auswertung: "Eigenartige Websites" durch Trojaner ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.09.2005, 08:32
| #1 |
 |  "Eigenartige Websites" durch Trojaner ? Hallo! Könnt ihr hier etwas erkennen? Wie gesagt, bei mir waren "eigenartige Websites" gesichtet worden... Vielen Dank im voraus!! Running processes: C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\SKDAEMON.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\nherms\Local Settings\Application Data\Skype\Phone\Skype.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\iPass\iPassConnect Corporate\idialer.exe C:\Program Files\Cisco Systems\VPN Client\vpngui.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\WinZip\WINZIP32.EXE C:\Documents and Settings\nherms\Local Settings\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intra.ascom.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intra.ascom.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ASCOM AG F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,,c:\win dows\autoinst\tools\dsblbtw.exe,C:\WINDOWS\AutoIns t\Tools\CUsrSync.exe AutoInst O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPw rMonitor O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAuto nomicMonitor O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\nherms\Local Settings\Application Data\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Acrobat Assistant.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: VPN Client.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O14 - IERESET.INF: START_PAGE_URL=http://intra.ascom.com/ O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CHASCOM.INT O17 - HKLM\Software\..\Telephony: DomainName = CHASCOM.INT O17 - HKLM\System\CCS\Services\Tcpip\..\{35C1D357-5238-4EB4-B4C4-E26826AD2368}: NameServer = 194.230.1.71 194.230.1.103 O17 - HKLM\System\CCS\Services\Tcpip\..\{4BC38B32-2570-493A-AB49-8918BB168B2A}: Domain = chascom.int O17 - HKLM\System\CCS\Services\Tcpip\..\{73D676C7-C32B-497C-85A6-EC4E211FD609}: NameServer = 139.79.225.21,139.79.225.23 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CHASCOM.INT O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = chascom.int,hasler.ascom.ch,nt.ascom.ch,ascom.ch,a scom.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CHASCOM.INT O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = chascom.int,hasler.ascom.ch,nt.ascom.ch,ascom.ch,a scom.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = chascom.int,hasler.ascom.ch,nt.ascom.ch,ascom.ch,a scom.com O23 - Service: McAfee Alert Manager (AlertManager) - McAfee Division of Network Associates, Inc. - C:\Program Files\Network Associates\Alert Manager\amgrsrvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: Lotus Notes - Gemeinsame Anmeldung (Lotus Notes Single Logon) - IBM Corp - C:\WINDOWS\system32\nslsvice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: ROSI Client (RosiCliSrv) - Swisscom AG - C:\WINDOWS\system32\RosiCliSrv\rosiclisrv.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: PowerOff Service (Spwoffsvc) - Swisscom AG - C:\Program Files\PwOffsvc\PwOffsvc.exe O23 - Service: System Maintenance Service (SysMainSrv) - Swisscom IT Services AG - C:\WINDOWS\system32\SysMainSrv\sysmainsrv.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\winvnc4.exe" -service (file missing) |
| Themen zu "Eigenartige Websites" durch Trojaner ? |
| acrobat, adobe, alert, application, bho, c.exe, dll, hijack, hotkey, ics, internet, internet explorer, microsoft, office, pdf, rundll, software, start, system, system32, temp, trojaner, trojaner ?, userinit, userinit.exe, vielen dank, virusscan, vnc, windows |
Baum-Darstellung