| |
| |||||||
Log-Analyse und Auswertung: 98.90.116.10Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.09.2005, 13:29
| #1 |
| |  98.90.116.10 Logfile of HijackThis v1.99.1 Scan saved at 13:33:40, on 09.09.05 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\ADVA Optical Networking\FSP Network Manager\EventServer.exe C:\Programme\ADVA Optical Networking\FSP Network Manager\MediationServer.exe C:\Programme\ADVA Optical Networking\FSP Network Manager\SNMPServer.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\dllhost.exe C:\Programme\FileMaker\FileMaker Server 7\fmshelper.exe C:\Programme\Network Associates\Common Framework\FrameworkService.exe C:\Programme\Network Associates\VirusScan\mcshield.exe C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\Programme\Network Associates\VirusScan\vstskmgr.exe C:\Programme\ADVA Optical Networking\FSP Network Manager\mysql\bin\mysqld-nt.exe C:\programme\oracle\ora92\bin\omtsreco.exe C:\WINDOWS\System32\locator.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\CCM\CcmExec.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programme\Network Associates\VirusScan\SHSTAT.EXE C:\Programme\Network Associates\Common Framework\UpdaterUI.exe C:\Programme\Gemeinsame Dateien\Nokia\Tools\NclTray.exe C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe C:\Programme\Gemeinsame Dateien\XCPCSync\Translators\WebDeSync\WebDeSyncTray.exe C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\Programme\CheckPoint\Integrity Client\iclient.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe C:\Programme\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe C:\Programme\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE C:\Programme\AdwareAlert\Launcher.exe C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe C:\Temp\antiy\antiyports.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Temp\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intra.ewz.stzh.ch/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://kronos.ewz.stzh.ch/config/proxy.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.stzh.ch:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.EWZ.CH;*.STZH.CH;*.STADT-ZUERICH.CH;*.ERZ.CH;*.STEUERAMT.CH;INTRA.SWISSPOWER.CH;SPNSR01.SWISSPOWER.CH;*.EWZ-LEHRLINGE.CH;*.EWZ-LERNENDE.CH;192.168.*;10.*;212.4.64.226;*.szh.loc;127.*;*.gis.zh.ch;*.wasser.zh.ch;www2.zhlex.zh.ch;*.hochwasser.zh.ch;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\Tools\NclTray.exe O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [WEB.DE Sync - WebDeSync] C:\Programme\Gemeinsame Dateien\XCPCSync\Translators\WebDeSync\WebDeSyncTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\CheckPoint\Integrity Client\iclient.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AdwareAlert] C:\Programme\AdwareAlert\AdwareAlert.Exe -boot O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AWMON] "C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ? O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open In &New Window - C:\Dokumente und Einstellungen\ewzdsc\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm O8 - Extra context menu item: Search with &Google - C:\Dokumente und Einstellungen\ewzdsc\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsearch.htm O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Zoom &In* - C:\Dokumente und Einstellungen\ewzdsc\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm O8 - Extra context menu item: Zoom &Out* - C:\Dokumente und Einstellungen\ewzdsc\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123258513657 O16 - DPF: {71D46CAE-120D-438E-B1F1-D0EDEE128EA8} (OpenWordDoc.OWD) - http://intra.ewz.stzh.ch/dbapps/lib/...OStart/OWD.CAB O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/mail/onlinespei...pload_1122.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = global.szh.loc O17 - HKLM\Software\..\Telephony: DomainName = global.szh.loc O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = global.szh.loc O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = global.szh.loc O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll O23 - Service: ADVA: CORBA Event Server (advaes) - Unknown owner - C:\Programme\ADVA Optical Networking\FSP Network Manager\EventServer.exe O23 - Service: ADVA: Mediation Server (advams) - Unknown owner - C:\Programme\ADVA Optical Networking\FSP Network Manager\MediationServer.exe O23 - Service: ADVA: SNMP Server (advass) - Unknown owner - C:\Programme\ADVA Optical Networking\FSP Network Manager\SNMPServer.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FileMaker Server 7 - FileMaker, Inc. - C:\Programme\FileMaker\FileMaker Server 7\fmserver.exe O23 - Service: FileMaker Server Helper - FileMaker, Inc. - C:\Programme\FileMaker\FileMaker Server 7\fmshelper.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\vstskmgr.exe O23 - Service: ADVA: Database Server (MySql) - Unknown owner - C:\Programme\ADVA Optical Networking\FSP Network Manager\mysql\bin\mysqld-nt.exe O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\programme\oracle\ora92\bin\omtsreco.exe O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\programme\oracle\ora92\BIN\ONRSD.EXE O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
09.09.2005, 13:45
| #2 |
   |  98.90.116.10 Hallo senarclens
__________________4711 oder 0833 oder 01013 was soll das ganze, gebe eine richtige Beschreibung und dann wird geholfen 
__________________ |
|
| Themen zu 98.90.116.10 |
| ad-aware, adobe, application, bho, boot, checkpoint, dateien, einstellungen, excel, explorer, hijack, hijackthis, hotkey, internet, internet explorer, logfile, microsoft, monitor, pdf, programme, senden, software, system, system32, temp, tuneup utilities, web.de, windows, windows xp |
Linear-Darstellung
