Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
smitfraud-c oder ähnliches: log files

smitfraud-c oder ähnliches: log files


Log-Analyse und Auswertung: smitfraud-c oder ähnliches: log files

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 04.04.2006, 18:59   #1
kronzeuge1a
 
smitfraud-c oder ähnliches: log files - Icon16

smitfraud-c oder ähnliches: log files


Hallo,
ich habe nach Anleitung folgendes ausgeführt: 'smitrem', 'escan' und dann 'hijackthis'

Hier poste ich die logfiles mit der Hoffnung, dass mir jemand helfen kann. Vielen Dank!



-------------
|smitrem.log:|
-------------

smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]

Running from
C:\Dokumente und Einstellungen\***\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}"="Reload Browse"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}\InProcServer32]
@="C:\WINDOWS\system32\svchosts.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
Antivirus Test Online.url
shopping

~~~ system32 folder ~~~

1024 dir
ld****.tmp
ncompat.tlb
hp***.tmp

~~~ Icons in System32 ~~~

ts.ico
ot.ico

~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 748 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~

CLEAN!






---------------
|hijackthis.log:|
---------------

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Programme\Dell\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\LEXPPS.EXE
E:\Programme\Cisco Systems\VPN Client\cvpnd.exe
E:\Programme\MATLAB6p1\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programme\Gemeinsame Dateien\AOL\1138659153\ee\AOLSoftware.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programme\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
c:\programme\mcafee.com\agent\mcdetect.exe
E:\Programme\Dell\Bluetooth Software\BTTray.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
E:\Programme\Dell\Bluetooth Software\btsendto_explorer.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Internet Explorer\iexplore.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NAVNet] "C:\WINDOWS\system32\1024\ld248E.tmp" /m
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1138659153\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = E:\Programme\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} (Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1115.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26ef0ceb6b9bd9d76b23/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {CFC01863-0CCE-43F6-8790-7A5DC52ABEC0} (VaeCtrl Control Object) - http://www.visviva.com/download/webplug/VaeCtrl.CAB
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_11110.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - E:\Programme\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - E:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - E:\Programme\MATLAB6p1\webserver\bin\win32\matlabserver.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programme\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe







------------
|escan-log:|
------------
Mon Apr 03 22:02:13 2006 => **********************************************************
Mon Apr 03 22:02:13 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Mon Apr 03 22:02:13 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Mon Apr 03 22:02:13 2006 => **********************************************************
Mon Apr 03 22:02:13 2006 => Source: C:\DOKUME~1\Desktop\mwav.exe
Mon Apr 03 22:02:13 2006 => Version 8.2.1 (C:\DOKUME~1\***\LOKALE~1\Temp\mexe.com)
Mon Apr 03 22:02:13 2006 => Log File: C:\DOKUME~1\***\LOKALE~1\Temp\MWAV.LOG
Mon Apr 03 22:02:13 2006 => MWAV Registered: FALSE.
Mon Apr 03 22:02:13 2006 => OS Type: Windows Workstation
Mon Apr 03 22:02:13 2006 => Local Fixed Drives: c:\,e:\,f:\
Mon Apr 03 22:02:13 2006 => MWAV Mode: Only Scan files.
Mon Apr 03 22:02:13 2006 => Latest Date of files inside MWAV: 03 Apr 2006 14:42:49.
Mon Apr 03 22:02:17 2006 => AV Library Loaded...
Mon Apr 03 22:02:17 2006 => MWAV doing self scanning...
Mon Apr 03 22:02:17 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\kavss.exe
Mon Apr 03 22:02:17 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\Getvlist.exe
Mon Apr 03 22:02:17 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\kavss.dll
Mon Apr 03 22:02:17 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\kavssdi.dll
Mon Apr 03 22:02:17 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\kavssi.dll
Mon Apr 03 22:02:17 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\kavvlg.dll
Mon Apr 03 22:02:17 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\msvlclnt.dll
Mon Apr 03 22:02:17 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\ipc.dll
Mon Apr 03 22:02:17 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\main.avi
Mon Apr 03 22:02:17 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\virus.avi
Mon Apr 03 22:02:17 2006 => MWAV files are clean.
Mon Apr 03 22:02:17 2006 => Virus Database Date: 4/3/2006
Mon Apr 03 22:02:17 2006 => Virus Database Count: 185802
Mon Apr 03 22:02:36 2006 => Downloading AntiVirus and Anti-Spyware Databases...
Mon Apr 03 22:02:36 2006 => Downloads Not Successful!
Mon Apr 03 22:02:41 2006 => AV Library Unloaded (3)...
Mon Apr 03 22:11:40 2006 => **********************************************************
Mon Apr 03 22:11:40 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Mon Apr 03 22:11:40 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Mon Apr 03 22:11:40 2006 => **********************************************************
Mon Apr 03 22:11:40 2006 => Source: C:\DOKUME~1\***\Desktop\mwav.exe
Mon Apr 03 22:11:40 2006 => Version 8.2.1 (C:\DOKUME~1\***\LOKALE~1\Temp\mexe.com)
Mon Apr 03 22:11:40 2006 => Log File: C:\DOKUME~1\***\LOKALE~1\Temp\MWAV.LOG
Mon Apr 03 22:11:40 2006 => MWAV Registered: FALSE.
Mon Apr 03 22:11:40 2006 => OS Type: Windows Workstation
Mon Apr 03 22:11:40 2006 => Local Fixed Drives: c:\,e:\,f:\
Mon Apr 03 22:11:40 2006 => MWAV Mode: Only Scan files.
Mon Apr 03 22:11:40 2006 => Latest Date of files inside MWAV: 03 Apr 2006 14:42:49.
Mon Apr 03 22:11:43 2006 => AV Library Loaded...
Mon Apr 03 22:11:43 2006 => MWAV doing self scanning...
Mon Apr 03 22:11:43 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\kavss.exe
Mon Apr 03 22:11:43 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\Getvlist.exe
Mon Apr 03 22:11:44 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\kavss.dll
Mon Apr 03 22:11:44 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\kavssdi.dll
Mon Apr 03 22:11:44 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\kavssi.dll
Mon Apr 03 22:11:44 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\kavvlg.dll
Mon Apr 03 22:11:44 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\msvlclnt.dll
Mon Apr 03 22:11:44 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\ipc.dll
Mon Apr 03 22:11:44 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\main.avi
Mon Apr 03 22:11:44 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\virus.avi
Mon Apr 03 22:11:44 2006 => MWAV files are clean.
Mon Apr 03 22:11:46 2006 => Virus Database Date: 4/3/2006
Mon Apr 03 22:11:46 2006 => Virus Database Count: 185802
Mon Apr 03 22:11:49 2006 => Downloading AntiVirus and Anti-Spyware Databases...
Mon Apr 03 22:11:58 2006 => Downloads Successful...
Mon Apr 03 22:12:06 2006 => Reload of AntiVirus Signatures successfully done.
Mon Apr 03 22:12:06 2006 => Virus Database Date: 4/3/2006
Mon Apr 03 22:12:06 2006 => Virus Database Count: 181918

Mon Apr 03 22:13:41 2006 => **********************************************************
Mon Apr 03 22:13:41 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Mon Apr 03 22:13:41 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Mon Apr 03 22:13:41 2006 =>
Mon Apr 03 22:13:41 2006 => Support: support@mwti.net
Mon Apr 03 22:13:41 2006 => Web: http://***.mwti.net
Mon Apr 03 22:13:41 2006 => **********************************************************
Mon Apr 03 22:13:41 2006 => Version 8.2.1 (C:\DOKUME~1\***\LOKALE~1\Temp\mexe.com)
Mon Apr 03 22:13:41 2006 => Log File: C:\DOKUME~1\***\LOKALE~1\Temp\MWAV.LOG
Mon Apr 03 22:13:41 2006 => User Account: ***
Mon Apr 03 22:13:41 2006 => Windows Root Folder: C:\WINDOWS
Mon Apr 03 22:13:41 2006 => Windows Sys32 Folder: C:\WINDOWS\system32
Mon Apr 03 22:13:41 2006 => OS: Windows XP
Mon Apr 03 22:13:42 2006 => Latest Date of files inside MWAV: 03 Apr 2006 21:56:07.

Mon Apr 03 22:13:42 2006 => Options Selected by User:
Mon Apr 03 22:13:42 2006 => Memory Check: Enabled
Mon Apr 03 22:13:42 2006 => Registry Check: Enabled
Mon Apr 03 22:13:42 2006 => StartUp Folder Check: Disabled
Mon Apr 03 22:13:42 2006 => System Folder Check: Disabled
Mon Apr 03 22:13:42 2006 => System Area Check: Disabled
Mon Apr 03 22:13:42 2006 => Services Check: Enabled
Mon Apr 03 22:13:42 2006 => Drive Check: Disabled
Mon Apr 03 22:13:42 2006 => All Drive Check :Enabled
Mon Apr 03 22:13:42 2006 => Folder Check: Disabled

Mon Apr 03 22:13:42 2006 => ***** Scanning Memory Files *****

Mon Apr 03 22:14:17 2006 => ***** Scanning Registry Files *****

Mon Apr 03 22:14:29 2006 => ERROR!!! Invalid Entry NAVNet = "C:\WINDOWS\system32\1024\ld248E.tmp" /m (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.

Mon Apr 03 22:14:30 2006 => ***** Scanning Service Files *****

Mon Apr 03 22:14:47 2006 => ***** Scanning Important System Files *****
Mon Apr 03 22:14:50 2006 => ***** Scanning Registry and File system for Adware/Spyware *****
Mon Apr 03 22:14:50 2006 => Loading Spyware Signatures from new External Database (Size: 154367).
Mon Apr 03 22:14:52 2006 => Indexed Spyware Databases Successfully Created...

Mon Apr 03 22:32:58 2006 => System found infected with smitfraud variant Browser Hijacker ({a2d9d3f0-8c2a-2a1d-a376-1becfb10ab72})! Action taken: No Action Taken.
Mon Apr 03 22:32:58 2006 => System found infected with ebates moneymaker Spyware/Adware ({6685509e-b47b-4f47-8e16-9a5f3a62f683})! Action taken: No Action Taken.
Mon Apr 03 22:32:58 2006 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken.
Mon Apr 03 22:32:59 2006 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!!
Mon Apr 03 22:32:59 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Apr 03 22:32:59 2006 => Offending Key found: HKLM\Software\limewire !!!
Mon Apr 03 22:32:59 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Apr 03 22:33:00 2006 => Offending file found: C:\WINDOWS\system32\dfrgsrv.exe
Mon Apr 03 22:33:00 2006 => System found infected with spyfalcon Trojan (dfrgsrv.exe)! Action taken: No Action Taken.

Mon Apr 03 22:33:00 2006 => Offending Folder found: C:\Dokumente und Einstellungen\***\Anwendungsdaten\acccore\caches\bart\1024
Mon Apr 03 22:33:01 2006 => Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.

Mon Apr 03 22:33:11 2006 => Offending file found: E:\Eigene_Dateien\downloads\blobby\settings.dat
Mon Apr 03 22:33:11 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.

Mon Apr 03 22:33:20 2006 => Offending file found: C:\Dokumente und Einstellungen\***\Startmenü\programme\autostart\powerreg scheduler.exe
Mon Apr 03 22:33:20 2006 => System found infected with powerreg scheduler Spyware/Adware (powerreg scheduler.exe)! Action taken: No Action Taken.

Mon Apr 03 22:33:20 2006 => Offending file found: C:\Dokumente und Einstellungen\***\Startmenü\Programme\autostart\powerreg scheduler.exe
Mon Apr 03 22:33:20 2006 => System found infected with powerreg scheduler Spyware/Adware (powerreg scheduler.exe)! Action taken: No Action Taken.

Mon Apr 03 22:33:21 2006 => Offending file found: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\powerreg scheduler.exe
Mon Apr 03 22:33:21 2006 => System found infected with powerreg scheduler Spyware/Adware (powerreg scheduler.exe)! Action taken: No Action Taken.

Mon Apr 03 22:33:28 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\aol downloads\triton_suite_install_2.0.6.1\toolbar.exe
Mon Apr 03 22:33:28 2006 => System found infected with elite toolbar Spyware/Adware (toolbar.exe)! Action taken: No Action Taken.

Mon Apr 03 22:33:31 2006 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\limewire
Mon Apr 03 22:33:31 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Apr 03 22:33:32 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\online security guide.url
Mon Apr 03 22:33:32 2006 => System found infected with smitfraud variant Browser Hijacker (online security guide.url)! Action taken: No Action Taken.

Mon Apr 03 22:33:33 2006 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\limewire
Mon Apr 03 22:33:33 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Apr 03 22:33:33 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\security troubleshooting.url
Mon Apr 03 22:33:33 2006 => System found infected with smitfraud variant Browser Hijacker (security troubleshooting.url)! Action taken: No Action Taken.


Mon Apr 03 22:33:34 2006 => ***** Scanning All Drives *****


Tue Apr 04 01:07:10 2006 => ***** Scanning complete. *****

Tue Apr 04 01:07:10 2006 => Total Objects Scanned: 170462
Tue Apr 04 01:07:10 2006 => Total Critical Objects: 17
Tue Apr 04 01:07:10 2006 => Total Disinfected Objects: 0
Tue Apr 04 01:07:10 2006 => Total Objects Renamed: 0
Tue Apr 04 01:07:10 2006 => Total Deleted Objects: 0
Tue Apr 04 01:07:10 2006 => Total Errors: 443
Tue Apr 04 01:07:10 2006 => Time Elapsed: 02:52:50
Tue Apr 04 01:07:10 2006 => Virus Database Date: 4/3/2006
Tue Apr 04 01:07:10 2006 => Virus Database Count: 181918

Tue Apr 04 01:07:10 2006 => Scan Completed.

Alt 04.04.2006, 21:24   #2
BataAlexander
> MalwareDB
 
smitfraud-c oder ähnliches: log files - Standard

smitfraud-c oder ähnliches: log files


Hallo,

gehe diese Anleitung ab.
Dannach führe einen Online Scan durch.
Deinstalliere Limewire über Systemsteuereung / Software.

Berichte dannach.

Gruß

Schrulli
__________________

__________________
Alt 05.04.2006, 09:25   #3
kronzeuge1a
 
smitfraud-c oder ähnliches: log files - Standard

smitfraud-c oder ähnliches: log files


Hallo Schrulli,

nach dem HouseCall online scan habe ich alle Probleme gefixt und dann nochmal gescannt mit dem Ergebnis: Alles in Ordnung. Danach habe ich aber nochmal Spybot laufen lassen und bekomme immer noch folgende Probleme aufgelistet. Zusätzlich habe ich jetzt nochmal HJT laufen lassen und poste das neue log ebenfalls. Wäre sehr dankbar für weitere Hilfe!!!

-----------------
| Spybot.results |
-----------------
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1292428093-839522115-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4

Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Windows Security Center.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0



----------------
| hijackThis.log |
----------------

Logfile of HijackThis v1.99.1
Scan saved at 10:08:21, on 05.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
E:\Programme\Dell\Bluetooth Software\bin\btwdins.exe
E:\Programme\Cisco Systems\VPN Client\cvpnd.exe
c:\programme\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programme\Apoint\Apoint.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Messenger Plus! 3\MsgPlus.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programme\Gemeinsame Dateien\AOL\1138659153\ee\AOLSoftware.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Apoint\Apntex.exe
E:\Programme\Dell\Bluetooth Software\BTTray.exe
E:\Programme\Dell\Bluetooth Software\btsendto_explorer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
E:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\Dokumente und Einstellungen\Flo\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NAVNet] "C:\WINDOWS\system32\1024\ld248E.tmp" /m
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1138659153\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = E:\Programme\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} (Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1115.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26ef0ceb6b9bd9d76b23/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {CFC01863-0CCE-43F6-8790-7A5DC52ABEC0} (VaeCtrl Control Object) - http://www.visviva.com/download/webplug/VaeCtrl.CAB
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_11110.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - E:\Programme\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - E:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - E:\Programme\MATLAB6p1\webserver\bin\win32\matlabserver.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programme\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
__________________
Alt 05.04.2006, 12:14   #4
irrlicht
 
smitfraud-c oder ähnliches: log files - Standard

smitfraud-c oder ähnliches: log files


Hallo Kronzeuge,
den hier solltest du unter Software entfernen,dieser Messenger bringt Maleware mit :
C:\Programme\Messenger Plus! 3\MsgPlus.exe
desweiteren steht das hier im Verdacht solches ebenfalls zu tun,wenn du es nicht unbedingt brauchst lösche es :
O4 - Startup: PowerReg Scheduler.exe
Was das ist solltest du selber wissen,oder dich schlau machen ob es gebraucht wird :
O16 - DPF: {CFC01863-0CCE-43F6-8790-7A5DC52ABEC0} (VaeCtrl Control Object) - http://www.visviva.com/download/webplug/VaeCtrl.CAB
Das kann gefixt werden :
O4 - HKLM\..\Run: [NAVNet] "C:\WINDOWS\system32\1024\ld248E.tmp" /m
Irrlicht

Antwort

Themen zu smitfraud-c oder ähnliches: log files
adobe, adobe reader, askbar, browser, browseui preloader, desktop, drivers, einstellungen, error, excel, explorer, file, fraud, grinler, helfen, hijack, hijackthis, internet, internet explorer, limewire, log, log file, log files, nvidia, object, programme, rundll, smitfraud, software, temp, trojan, vielen dank, viewpoint, windows, windows xp


« HiJackThis Log-File | trojaner-spy.html.fraud.gen »


Ähnliche Themen: smitfraud-c oder ähnliches: log files


  1. Adware oder ähnliches
    Alles rund um Windows - 17.02.2015 (1)
  2. Unsicher ob GVU-Trojaner (oder ähnliches) noch auf dem Rechner ist oder ob dieser entfernt wurde.
    Mülltonne - 29.01.2015 (0)
  3. Ein Trojaner oder ähnliches
    Plagegeister aller Art und deren Bekämpfung - 25.12.2014 (7)
  4. GVU oder ähnliches --- Befall
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (15)
  5. Polizeivirus oder ähnliches?
    Log-Analyse und Auswertung - 13.03.2013 (17)
  6. Fehlermeldung oder ähnliches
    Alles rund um Windows - 24.02.2013 (6)
  7. Bios Trojaner oder was Ähnliches?
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (20)
  8. Ist das Malware oder ähnliches?
    Plagegeister aller Art und deren Bekämpfung - 04.03.2011 (21)
  9. Trojaner oder so was ähnliches?
    Plagegeister aller Art und deren Bekämpfung - 21.10.2010 (3)
  10. Keylogger oder Ähnliches
    Plagegeister aller Art und deren Bekämpfung - 09.07.2009 (2)
  11. Zonealarm oder was ähnliches?
    Antiviren-, Firewall- und andere Schutzprogramme - 24.01.2009 (11)
  12. Malware oder ähnliches gefangen?
    Log-Analyse und Auswertung - 15.10.2008 (1)
  13. Hilfe hab 3 Viren oder ähnliches
    Log-Analyse und Auswertung - 24.02.2008 (12)
  14. hab ich ein virus oder ähnliches ?
    Plagegeister aller Art und deren Bekämpfung - 06.08.2006 (6)
  15. Administratorrechte weg... Wurm oder ähnliches?
    Plagegeister aller Art und deren Bekämpfung - 08.06.2006 (3)
  16. CWS oder ähnliches?
    Log-Analyse und Auswertung - 14.12.2005 (2)
  17. Smitfraud c. oder Spyaxe oder mehr ...?
    Log-Analyse und Auswertung - 11.12.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema smitfraud-c oder ähnliches: log files - Hallo, ich habe nach Anleitung folgendes ausgeführt: 'smitrem', 'escan' und dann 'hijackthis' Hier poste ich die logfiles mit der Hoffnung, dass mir jemand helfen kann. Vielen Dank! ------------- |smitrem.log:| ------------- - smitfraud-c oder ähnliches: log files...
Archiv
Du betrachtest: smitfraud-c oder ähnliches: log files auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58