Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   hab ich mir was eingefahren (https://www.trojaner-board.de/40603-hab-mir-eingefahren.html)

techno 04.07.2007 17:22
hab ich mir was eingefahren
 
hallo leute,
bin neu hier und find die seite klasse, weiter so auch wenn mir vielleicht nicht geholfen werden kann, oder doch!?

kann einer von euch hier was entdecken?

sysprinters.dll hab ich deinstalliert
C:\install kann ich bei mir nicht finden :-(

so hier mal die daten



Combofix logfile:
"Administrator" - 2007-07-04 17:52:55 - ComboFix 07-07-04.4 - Service Pack 2


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NPF


((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))


2007-07-04 17:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-03 07:06 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\****************.com
2007-07-03 07:05 <DIR> d-------- C:\Programme\****************
2007-07-02 23:25 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Yahoo! Companion
2007-06-24 13:25 <DIR> d-------- C:\WINDOWS\system32\logs


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-03 19:43:58 -------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-07-02 21:20:39 -------- d-----w C:\Programme\Yahoo!
2007-07-02 18:49:12 -------- d-----w C:\Programme\TuneUp Utilities 2007
2007-07-01 07:25:24 -------- d-----w C:\DOKUME~1\ADMINI~1\ANWEND~1\SiteAdvisor
2007-05-31 19:57:28 -------- d-----w C:\Programme\Windows Live Toolbar
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-13 11:29:33 57,632 ----a-w C:\StiImg.dat
2007-05-10 04:51:28 -------- d-----w C:\Programme\Microsoft CAPICOM 2.1.0.2
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2006-09-09 07:26:11 56 --sha-w C:\WINDOWS\SMINST\hpboot.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 10:28 440384 --a------ C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
2007-03-30 17:41 1099304 --a------ C:\Programme\SiteAdvisor\6066\SiteAdv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
2006-12-27 17:00 325184 --a------ C:\Programme\BitComet\tools\BitCometBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2005-08-31 05:20 110652 --a------ C:\WINDOWS\System32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
2006-10-27 01:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
2006-12-22 17:02 67136 --a------ c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 21:33 322368 --a------ C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2006-12-04 14:05 1198080 -ra------ c:\programme\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2007-02-12 15:56 546672 --a------ C:\Programme\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
2005-03-03 04:35 50688 --a------ C:\Programme\HPQ\IAM\Bin\ItIeAddIN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"hpWirelessAssistant"="C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 11:49]
"SiteAdvisor"="C:\Programme\SiteAdvisor\6066\SiteAdv.exe" [2006-08-10 21:38]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 18:46]
"Windows Defender"="C:\Programme\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
"HP Software Update"="C:\Programme\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-12-01 16:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00]
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 01:48]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 16:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau
Notification Packages scecli AsWlnPkg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
"WMPNSCFG"=C:\Programme\Windows Media Player\WMPNSCFG.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Cpqset"=C:\Programme\HPQ\Default Settings\cpqset.exe
"ElbyCheckElbyCDFL"="C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"SoundMAXPnP"=C:\Programme\Analog Devices\Core\smax4pnp.exe
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
"CognizanceTS"=rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
"SunJavaUpdateSched"=C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
"SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
"PTHOSTTR"=C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance ASChannel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


Contents of the 'Scheduled Tasks' folder
2007-06-29 16:40:20 C:\WINDOWS\tasks\1-Klick-Wartung.job
2007-07-04 15:22:01 C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
2007-06-15 00:14:28 C:\WINDOWS\tasks\McDefragTask.job
2007-06-30 23:00:08 C:\WINDOWS\tasks\McQcTask.job
2007-07-04 15:57:44 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-04 17:57:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-04 18:00:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-04 18:00

--- E O F ---

Hijackthis:

* HijackThis v1.99.1 *
Written by Merijn - merijn@spywareinfo.com
http://filepony.de/download-hijackthis/
http://www.merijn.org/index.html

See bottom for version history.

The different sections of hijacking possibilities have been separated into the following groups.
You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.

R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services

gruß techno

cosinus 04.07.2007 21:18
Zitat:
sysprinters.dll hab ich deinstalliert
Du hast dir den MSN-Wurm installiert richtig? Dann hilft das Löschen dieser Datei allein nicht, Sicherheit schafft nur ein Neuaufsetzen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:20 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129