Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Mülltonne (https://www.trojaner-board.de/muelltonne/)
-   -   Script für buritos.exe (https://www.trojaner-board.de/58162-script-buritos-exe.html)

hannf 19.08.2008 10:10
Script für buritos.exe
 
Hallo an alle,
habe versucht mit www.hijackthis.de/de die sache selbst zu fixen, hab aber leider zu wenig ahnung davon. Ich hab auch AVENGER, mir fehlt nur noch das script dazu. Hier mein logfile:


Logfile of HijackThis v1.99.1
Scan saved at 10:42:21, on 19.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\Microsoft SQL Server\MSSQL$ATBIT\Binn\sqlservr.exe
C:\Programme\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe
C:\Programme\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Programme\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\XHB8B.EXE
C:\WINDOWS\htpatch.exe
C:\Programme\FAXmaker Client\FMSTART.EXE
C:\Programme\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programme\rhctugj0ev5n\rhctugj0ev5n.exe
C:\Programme\Trend Micro\Client Server Security Agent\pccntupd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Michael.KASER\Desktop\pruefung.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FMStart] "C:\Programme\FAXmaker Client\FMSTART.EXE"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programme\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMrhctugj0ev5n] C:\Programme\rhctugj0ev5n\rhctugj0ev5n.exe
O4 - HKLM\..\Run: [buritos] buritos.exe
O4 - HKLM\..\RunOnce: [TSC] "C:\Programme\Trend Micro\Client Server Security Agent\tsc.exe" /HD
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {04365000-DFC6-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Quercia) - htt*ps://ib.rolbank.com/ib2000/TlqJ2kQrc.cab
O16 - DPF: {13083D70-37BD-11D4-B315-00508B6D3B87} (/Quercia TLQJ 2000-QF24) - htt*ps://ib.rolbank.com/ib2000/TlqJ2kQF.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - ht*tp://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - ht*tp://pointa.autodesk.com/portal/lang/deu/InstFred.Ocx
O16 - DPF: {2A5C1DD0-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Other) - htt*ps://ib.rolbank.com/ib2000/TlqJ2kOth.cab
O16 - DPF: {5140EE10-DFC4-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Image) - htt*ps://ib.rolbank.com/ib2000/de/TlqJ2kImg.cab
O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programme\AutoCAD LT 2002 Deu\InstBanr.ocx
O16 - DPF: {B1738950-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-QCbi) - h*ttps://ib.rolbank.com/
O16 - DPF: {CB572CC0-E5F9-11D3-B2C1-00105AE309D0} (/Quercia TLQJ 2000-QData) - htt*ps://ib.rolbank.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - htt*p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D7417188-1FBD-40B1-A6C0-0DDC8B98E666} (/Quercia TLQJ 2001-Raiffeisen) - htt*ps://ib.rolbank.com/ib2000/TlqJ2kR.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview-Steuerung) - file://C:\Programme\AutoCAD LT 2002 Deu\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KASER.LOCAL
O17 - HKLM\Software\..\Telephony: DomainName = KASER.LOCAL
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KASER.LOCAL
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = KASER.LOCAL
O20 - AppInit_DLLs: karina.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Trend Micro Client/Server Security Agent Echtzeitsuche (ntrtscan) - Trend Micro Inc. - C:\Programme\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programme\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SuperProServer - Unknown owner - C:\Programme\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Programme\Trend Micro\Client Server Security Agent\tmlisten.exe

Danke und Greez

undoreal 19.08.2008 10:28
Hallo hannf.

Erläutere dein Problem bitte etwas genauer. Pfadangaben zum Schädling, Hergang der Infektion, Probleme die du jetzt hast usw.

-SkY- 19.08.2008 14:32
Kurzer Nachtrag von mir: "Hergang der Infektion": hannf, du hast nicht zufällig den Anhang einer UPS/PayPal E-Mail geöffnet?

lg, Sky


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131