Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.06.2005, 18:38   #1
veet
 
Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me) - Standard

Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me)



Hier der HJT log

Logfile of HijackThis v1.99.1
Scan saved at 17:19:49, on 16.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Programme\Alwil Software\Avast4\aswUpdSv.exe
H:\Programme\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Programme\Alwil Software\Avast4\ashMaiSv.exe
H:\Programme\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\taskmgr.exe
H:\WINDOWS\system32\wscntfy.exe
P:\stuff\hijackthis\HijackThis.exe

O3 - Toolbar: News Ticker - {05F8C4F5-7CCF-4129-B221-B2B4CFC589DA} - H:\Programme\NewsTicker\Ticker.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] H:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DU Meter] H:\Programme\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] H:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] H:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] H:\Programme\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [RefreshLock] H:\Programme\refreshlock\RefreshLock.exe
O4 - HKLM\..\Run: [TkBellExe] "H:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PSGuard] H:\Programme\PSGuard\PSGuard.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "H:\Programme\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "H:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "h:\programme\valve\steam\steam.exe" -silent
O4 - Startup: Ruhezeiten vorziehen.bat
O4 - Startup: WetterStation².lnk = ?
O8 - Extra context menu item: &Suche im Duden - res://H:\Programme\Duden-Suche Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - H:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - H:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Guru News Reader - {9025F70D-DB4B-4312-982B-8FE916987ED8} - H:\Programme\NewsTicker\Ticker.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe
O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downloadv3.com/binarie...1041_EN_XP.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - H:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - H:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe



und hier der eScan log, hoffe ihr könnt mir helfen



Thu Jun 16 18:16:00 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Thu Jun 16 18:16:01 2005 => System found infected with Bargain Buddy Spyware/Adware ({4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3})! Action taken: No Action Taken.
Thu Jun 16 18:16:01 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:01 2005 => System found infected with Bargain Buddy Spyware/Adware ({c6906a23-4717-4e1f-b6fd-f06ebed15678})! Action taken: No Action Taken.
Thu Jun 16 18:16:01 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:02 2005 => System found infected with Bargain Buddy Spyware/Adware ({8eee58d5-130e-4cbd-9c83-35a0564e5678})! Action taken: No Action Taken.
Thu Jun 16 18:16:02 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:02 2005 => System found infected with Bargain Buddy Spyware/Adware ({f4e04583-354e-4076-be7d-ed6a80fd66da})! Action taken: No Action Taken.
Thu Jun 16 18:16:02 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:03 2005 => Offending Folder H:\PROGRA~1\sidefind present...
Thu Jun 16 18:16:03 2005 => Object "sidefind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:04 2005 => Offending Folder H:\PROGRA~1\istsvc present...
Thu Jun 16 18:16:04 2005 => Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:04 2005 => Offending value found in HKLM\Software\powerscan !!!
Thu Jun 16 18:16:04 2005 => Object "powerscan Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:04 2005 => Offending Folder H:\PROGRA~1\BULLSE~1 present...
Thu Jun 16 18:16:04 2005 => Object "BullsEye Network Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:04 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!!
Thu Jun 16 18:16:04 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:05 2005 => System found infected with eZula Spyware/Adware (exclean.exe)! Action taken: No Action Taken.
Thu Jun 16 18:16:05 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.


Thu Jun 16 18:16:07 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Thu Jun 16 18:16:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "H:\WINDOWS\eg_auth_1041.dll". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\BDA.cab". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\BDANT.cab". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\BDAXP.cab". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\DSETUP.dll". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\DirectX.cab". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\ManagedDX.CAB". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\dsetup32.dll". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\dxnt.cab". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\dxsetup.exe". Action Taken: No Action Taken.

Thu Jun 16 18:16:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\eg_auth_1041.dll". Action Taken: No Action Taken.

Thu Jun 16 18:16:27 2005 => Entry "HKCR\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}" refers to invalid object "H:\WINDOWS\system32\msbe.dll". Action Taken: No Action Taken.

Thu Jun 16 18:16:31 2005 => Entry "HKCR\AcroIEHelper.AcroIEHlprObj" refers to invalid object "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}". Action Taken: No Action Taken.

Thu Jun 16 18:16:31 2005 => Entry "HKCR\AcroIEHelper.AcroIEHlprObj.1" refers to invalid object "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}". Action Taken: No Action Taken.

Thu Jun 16 18:16:37 2005 => Entry "HKCR\IEFlash.IEFlash" refers to invalid object "{E5A1691B-D188-4419-AD02-90002030B8EE}". Action Taken: No Action Taken.





Thu Jun 16 18:20:01 2005 => Checking for Welchia Virus...
Thu Jun 16 18:20:02 2005 => Checking for LovGate Virus...
Thu Jun 16 18:20:02 2005 => Checking for CodeRed Virus...
Thu Jun 16 18:20:02 2005 => Checking for OpaServ Virus...
Thu Jun 16 18:20:02 2005 => Checking for Sobig.e Virus...
Thu Jun 16 18:20:03 2005 => Checking for Winupie Virus...
Thu Jun 16 18:20:03 2005 => Checking for Swen Virus...
Thu Jun 16 18:20:03 2005 => Checking for JS.Fortnight Virus...
Thu Jun 16 18:20:03 2005 => Checking for Novarg Virus...
Thu Jun 16 18:20:03 2005 => Checking for Pagabot Virus...
Thu Jun 16 18:20:04 2005 => Checking for Parite.b Virus...
Thu Jun 16 18:20:04 2005 => Checking for Parite.a Virus...
Thu Jun 16 18:20:04 2005 => Checking for Adware.SeekSeek Virus...

Thu Jun 16 18:20:04 2005 => ***** Scanning complete. *****

Thu Jun 16 18:20:04 2005 => Total Objects Scanned: 10194
Thu Jun 16 18:20:04 2005 => Total Virus(es) Found: 14
Thu Jun 16 18:20:05 2005 => Total Disinfected Files: 0
Thu Jun 16 18:20:05 2005 => Total Files Renamed: 0
Thu Jun 16 18:20:05 2005 => Total Deleted Objects: 0
Thu Jun 16 18:20:05 2005 => Total Errors: 17
Thu Jun 16 18:20:05 2005 => Time Elapsed: 00:05:46
Thu Jun 16 18:20:05 2005 => Virus Database Date: 2005/06/13
Thu Jun 16 18:20:06 2005 => Virus Database Count: 134428

Thu Jun 16 18:20:06 2005 => Scan Completed.


wie bekomm ich die gefunden viren wech ? also eScan möcht ich nicht unbedingt kaufen um das entfernen zu können

Alt 16.06.2005, 18:45   #2
Cidre
Administrator, a.D.
 
Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me) - Standard

Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me)



Hallo veet,

zum einen hast du eScan falsch ausgeführt und zum anderen steht in der Anleitung genau beschrieben, daß du eScan nicht käuflich erwerben mußt, sondern die Malware Dateien mit Alternativ Tools löschen kannst. eScan ist Dank seiner hohen Erkennungsrate leider nur noch für eine vernünftige Analyse zu gebrauchen und deshalb unersetzlich.

Führe einen erneuten Scan aus, diesmal richtig und die Anleitung lesen, und poste die Virus Log Information, lösche aber zuvor die mwav.log.
__________________

__________________

Alt 16.06.2005, 20:34   #3
cronos
 
Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me) - Standard

Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me)



@ veet

Wenn du tatsächlich meinen Thread abgearbeitet hast und noch zu keiner Lösung gekommen bist, lies mal diesen Thread, poste aber zunächst die korrekten Escan Ergebnisse:

http://www.trojaner-board.de/showthread.php?t=18970
__________________
__________________

Alt 18.06.2005, 13:21   #4
veet
 
Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me) - Standard

Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me)



ok hab alles nochmal gescannt, so sieht es nun bei mir aus

Logfile of HijackThis v1.99.1
Scan saved at 10:09:54, on 18.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
P:\stuff\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: News Ticker - {05F8C4F5-7CCF-4129-B221-B2B4CFC589DA} - H:\Programme\NewsTicker\Ticker.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] H:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DU Meter] H:\Programme\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] H:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] H:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] H:\Programme\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [RefreshLock] H:\Programme\refreshlock\RefreshLock.exe
O4 - HKLM\..\Run: [TkBellExe] "H:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Ad-aware] "H:\Programme\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - H:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - H:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Guru News Reader - {9025F70D-DB4B-4312-982B-8FE916987ED8} - H:\Programme\NewsTicker\Ticker.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\glaub mich tritt ein Pferd\hacktools\nvsvc32.exe" /service (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - H:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - H:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe

hier die eScan_neu

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sat Jun 18 10:38:05 2005 => System found infected with Bargain Buddy Spyware/Adware ({4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3})! Action taken: No Action Taken.
Sat Jun 18 10:38:05 2005 => System found infected with Bargain Buddy Spyware/Adware ({c6906a23-4717-4e1f-b6fd-f06ebed15678})! Action taken: No Action Taken.
Sat Jun 18 10:38:05 2005 => System found infected with Bargain Buddy Spyware/Adware ({8eee58d5-130e-4cbd-9c83-35a0564e5678})! Action taken: No Action Taken.
Sat Jun 18 10:38:05 2005 => System found infected with Bargain Buddy Spyware/Adware ({f4e04583-354e-4076-be7d-ed6a80fd66da})! Action taken: No Action Taken.
Sat Jun 18 10:38:24 2005 => System found infected with eZula Spyware/Adware (exclean.exe)! Action taken: No Action Taken.
Sat Jun 18 10:39:11 2005 => File H:\WINDOWS\uninstIU.exe infected by "Trojan.Win32.Agent.eo" Virus! Action Taken: No Action Taken.
Sat Jun 18 10:39:17 2005 => File H:\WINDOWS\p2esocks_1041.dll infected by "Trojan.Win32.P2E.bt" Virus! Action Taken: No Action Taken.
Sat Jun 18 11:12:12 2005 => File D:\System Volume Information\_restore{AF9EA7D1-C8D6-4EC4-8936-AD95973B7274}\RP14\A0004454.exe infected by "Virus.Win32.Parite.b" Virus! Action Taken: No Action Taken.
Sat Jun 18 11:19:12 2005 => File D:\System Volume Information\_restore{B54E6343-DF5D-43C8-B780-10EDACD20EFF}\RP47\A0067061.rbf infected by "Virus.Win32.Parite.b" Virus! Action Taken: No Action Taken.
Sat Jun 18 11:19:19 2005 => File D:\System Volume Information\_restore{B54E6343-DF5D-43C8-B780-10EDACD20EFF}\RP47\A0067130.rbf infected by "Virus.Win32.Parite.b" Virus! Action Taken: No Action Taken.
Sat Jun 18 11:19:50 2005 => File D:\System Volume Information\_restore{B54E6343-DF5D-43C8-B780-10EDACD20EFF}\RP48\A0067335.exe infected by "Virus.Win32.Parite.b" Virus! Action Taken: No Action Taken.
Sat Jun 18 11:19:50 2005 => File D:\System Volume Information\_restore{B54E6343-DF5D-43C8-B780-10EDACD20EFF}\RP48\A0067337.exe infected by "Virus.Win32.Parite.b" Virus! Action Taken: No Action Taken.
Sat Jun 18 11:21:22 2005 => File D:\System Volume Information\_restore{B54E6343-DF5D-43C8-B780-10EDACD20EFF}\RP50\A0074698.exe infected by "Virus.Win32.Parite.b" Virus! Action Taken: No Action Taken.
Sat Jun 18 11:21:23 2005 => File D:\System Volume Information\_restore{B54E6343-DF5D-43C8-B780-10EDACD20EFF}\RP50\A0074707.exe infected by "Virus.Win32.Parite.b" Virus! Action Taken: No Action Taken.
Sat Jun 18 11:21:49 2005 => File D:\System Volume Information\_restore{B54E6343-DF5D-43C8-B780-10EDACD20EFF}\RP52\A0078776.exe infected by "Trojan-Downloader.Win32.IstBar.gm" Virus! Action Taken: No Action Taken.
Sat Jun 18 11:22:02 2005 => File D:\System Volume Information\_restore{E4CB43AB-CE11-4100-BBBE-361548E290DF}\RP31\A0027544.exe infected by "Virus.Win32.Parite.b" Virus! Action Taken: No Action Taken.
Sat Jun 18 11:22:03 2005 => File D:\System Volume Information\_restore{E4CB43AB-CE11-4100-BBBE-361548E290DF}\RP31\A0027556.exe infected by "Virus.Win32.Parite.b" Virus! Action Taken: No Action Taken.
Sat Jun 18 11:22:03 2005 => File D:\System Volume Information\_restore{E4CB43AB-CE11-4100-BBBE-361548E290DF}\RP31\A0027557.exe infected by "Virus.Win32.Parite.b" Virus! Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sat Jun 18 10:42:06 2005 => File H:\WINDOWS\system32\KILLAPPS.EXE tagged as not-a-virus:Tool.Win32.KillApp.b. No Action Taken.
Sat Jun 18 11:09:14 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd1.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Jun 18 11:10:07 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd1426.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
Sat Jun 18 11:10:07 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd1427.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
Sat Jun 18 11:10:24 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd2.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Jun 18 11:10:26 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd211.INT tagged as "not-a-virus:AdWare.Gator.4203". Action Taken: No Action Taken.
Sat Jun 18 11:10:26 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd212.INT tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
Sat Jun 18 11:10:26 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd213.INT tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
Sat Jun 18 11:10:26 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd214.INT tagged as "not-a-virus:AdWare.Gator.5017". Action Taken: No Action Taken.
Sat Jun 18 11:10:27 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd215.INT tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
Sat Jun 18 11:10:27 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd216.INT tagged as "not-a-virus:AdWare.Gator.5017". Action Taken: No Action Taken.
Sat Jun 18 11:10:27 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd217.INT tagged as "not-a-virus:AdWare.Gator.5017". Action Taken: No Action Taken.
Sat Jun 18 11:10:27 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd218.INT tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
Sat Jun 18 11:10:28 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd222.INT tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
Sat Jun 18 11:10:28 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd223.INT tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
Sat Jun 18 11:10:28 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd224.INT tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
Sat Jun 18 11:10:29 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd225.INT tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
Sat Jun 18 11:10:29 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd226.INT tagged as "not-a-virus:AdWare.Gator.3124". Action Taken: No Action Taken.
Sat Jun 18 11:10:29 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd227.INT tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
Sat Jun 18 11:10:29 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd228.INT tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
Sat Jun 18 11:10:30 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd229.INT tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
Sat Jun 18 11:10:30 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd230.INT tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
Sat Jun 18 11:10:30 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd231.INT tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
Sat Jun 18 11:10:30 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd232.INT tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
Sat Jun 18 11:10:31 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd233.INT tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
Sat Jun 18 11:10:39 2005 => File D:\RECYCLER\S-1-5-21-299502267-1425521274-839522115-1003\Dd3.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Jun 18 11:12:08 2005 => File D:\sk8te\[sv]script2.61\[sv]script2.61\[sv]script2.61\[sv]script.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.03. No Action Taken.
Sat Jun 18 11:14:05 2005 => File D:\System Volume Information\_restore{B54E6343-DF5D-43C8-B780-10EDACD20EFF}\RP45\A0058862.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.03. No Action Taken.
Sat Jun 18 11:15:15 2005 => File D:\System Volume Information\_restore{B54E6343-DF5D-43C8-B780-10EDACD20EFF}\RP46\A0063138.exe tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken.
Sat Jun 18 11:15:58 2005 => File D:\System Volume Information\_restore{B54E6343-DF5D-43C8-B780-10EDACD20EFF}\RP47\A0065432.exe tagged as "not-a-virus:AdWare.Gator.4203". Action Taken: No Action Taken.
Sat Jun 18 11:19:50 2005 => File D:\System Volume Information\_restore{B54E6343-DF5D-43C8-B780-10EDACD20EFF}\RP48\A0067336.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.16. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sat Jun 18 10:36:49 2005 => Virus Database Date: 2005/06/13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~


musste die eScan neu ein wenig SCHNEIDEN weil so viele sich im Ordner D:\System Volume Information\..... befinden

ansonsten ist alles original, bitte helft mir

Alt 19.06.2005, 01:27   #5
dartus
 
Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me) - Standard

Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me)



Hallo,

wechsel in den abgesicherten Modus bei deaktvierter Systemwiederherstellung (http://www.systemwiederherstellung-d...indows-xp.html) und fixe (Scan mit HJT, Häckchen vor Eintrag und auf fix checked klicken);

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing

Lösche manuell:
H:\WINDOWS\uninstIU.exe
H:\WINDOWS\p2esocks_1041.dll

Leere Deinen Papierkorb

Neustart --> Systemwiederherstellung kann wieder aktiviert werden (durch die Deaktivierung werden sämtliche "System Volume Information\_restore" gelöscht).

Bereinige Deine Registry mit Regseeker . Das Häckchen "Sichern vor Löschen" bitte setzen, wenn nicht vorhanden.

dartus

__________________
Kein Support per PN

Antwort

Themen zu Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me)
ad-aware, antivirus, avast, avast!, entfernen, escan, explorer, help, hijack, hijackthis, infected, internet, internet explorer, nvidia, object, programme, registry, rundll, software, suche, system, temp, viren, windows, windows messenger, windows xp



Ähnliche Themen: Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me)


  1. Troj.TR/Crypt.Zpack.151493+Troj.TR/Crypt.Xpack.138980 entfernen+daten entschlüsseln
    Log-Analyse und Auswertung - 27.08.2015 (27)
  2. Troj/ExpJS-EG / Troj/ZbotMem-B / Trojan.Phex.THAGen6 - BA-BA-BA-BA-BANKÜBERFALL 2012
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (19)
  3. TR/FakeAle.163840.1 (E:\WINDOWS\msa.exe)
    Alles rund um Windows - 05.10.2009 (1)
  4. Trojaner Smitfraud.c aka Troj/FakeAle-c
    Log-Analyse und Auswertung - 04.06.2006 (4)
  5. mein computer nach der Automatische Entfernung des Trojaners Smitfraud.c aka Troj/Fak
    Log-Analyse und Auswertung - 21.11.2005 (4)
  6. Entfernung des Trojaners Smitfraud.c aka Troj/FakeAle-c
    Plagegeister aller Art und deren Bekämpfung - 27.07.2005 (3)
  7. Anleitung: Entfernung Smitfraud.c aka Troj/FakeAle-c
    Archiv - 27.07.2005 (0)
  8. PSGuard - Trojaners Smitfraud.c aka Troj/FakeAle-c
    Log-Analyse und Auswertung - 08.07.2005 (1)
  9. PSGuard -> Trojaners Smitfraud.c
    Plagegeister aller Art und deren Bekämpfung - 26.06.2005 (3)
  10. Manuelle Entfernung des Trojaners Smitfraud.c aka Troj/FakeAle-c
    Archiv - 13.06.2005 (2)
  11. Log File bei Troj/FakeAle-c
    Log-Analyse und Auswertung - 12.06.2005 (2)
  12. Hilfe mit escan bei "Entfernung des Trojaners Smitfraud.c aka Troj/FakeAle-c" ,
    Plagegeister aller Art und deren Bekämpfung - 19.05.2005 (3)
  13. mIRC wurm und Troj LADDER.A /Troj RAS.DLDR
    Plagegeister aller Art und deren Bekämpfung - 24.12.2004 (1)
  14. TROJ PROCKILLA / TROJ TARNO.A
    Plagegeister aller Art und deren Bekämpfung - 06.01.2004 (3)

Zum Thema Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me) - Hier der HJT log Logfile of HijackThis v1.99.1 Scan saved at 17:19:49, on 16.06.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe - Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me)...
Archiv
Du betrachtest: Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.