Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Smitfraud-C./Virtumonde/Virtumonde.prx (https://www.trojaner-board.de/65076-smitfraud-c-virtumonde-virtumonde-prx.html)

Falko1987 25.11.2008 00:12
ich hoffe das geht alles gut un probier das jetzt ma...

Falko1987 25.11.2008 00:46
combofix

Code:
  * Resident AV is active

.
ADS - Windows: deleted 24 bytes in 1 streams.

(((((((((((((((((((((((  Dateien erstellt von 2008-10-24 bis 2008-11-24  ))))))))))))))))))))))))))))))
.

2008-11-24 16:03 . 2008-11-24 16:03        <DIR>        d--------        c:\users\++++\AppData\Roaming\Malwarebytes
2008-11-24 16:03 . 2008-11-24 16:03        <DIR>        d--------        c:\users\All Users\Malwarebytes
2008-11-24 16:03 . 2008-11-24 16:03        <DIR>        d--------        c:\programdata\Malwarebytes
2008-11-24 16:03 . 2008-10-22 16:10        38,496        --a------        c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-24 16:03 . 2008-10-22 16:10        15,504        --a------        c:\windows\System32\drivers\mbam.sys
2008-11-23 21:00 . 2008-11-23 21:00        <DIR>        d--------        c:\windows\BDOSCAN8
2008-11-22 19:09 . 2008-11-22 22:59        <DIR>        d--------        c:\users\++++\.thumbnails
2008-11-22 19:08 . 2008-11-24 16:18        <DIR>        d--------        c:\users\++++\.gimp-2.6
2008-11-22 19:08 . 2008-11-22 22:59        <DIR>        d--------        c:\users\++++\.gegl-0.0
2008-11-15 12:57 . 2008-10-16 22:13        1,809,944        --a------        c:\windows\System32\wuaueng.dll
2008-11-15 12:57 . 2008-10-16 21:56        1,524,736        --a------        c:\windows\System32\wucltux.dll
2008-11-15 12:57 . 2008-10-16 22:09        51,224        --a------        c:\windows\System32\wuauclt.exe
2008-11-15 12:57 . 2008-10-16 22:09        43,544        --a------        c:\windows\System32\wups2.dll
2008-11-15 12:56 . 2008-10-16 22:12        561,688        --a------        c:\windows\System32\wuapi.dll
2008-11-15 12:56 . 2008-10-16 14:08        162,064        --a------        c:\windows\System32\wuwebv.dll
2008-11-15 12:56 . 2008-10-16 21:55        83,456        --a------        c:\windows\System32\wudriver.dll
2008-11-15 12:56 . 2008-10-16 22:08        34,328        --a------        c:\windows\System32\wups.dll
2008-11-15 12:56 . 2008-10-16 13:56        31,232        --a------        c:\windows\System32\wuapp.exe
2008-11-14 16:40 . 2008-11-14 16:40        <DIR>        d--------        c:\program files\Common Files\xing shared
2008-11-14 16:40 . 2008-11-14 16:40        499,712        --a------        c:\windows\System32\msvcp71.dll
2008-11-14 16:40 . 2008-11-14 16:40        348,160        --a------        c:\windows\System32\msvcr71.dll
2008-11-14 16:39 . 2008-11-14 16:40        <DIR>        d--------        c:\program files\Common Files\Real
2008-11-13 11:25 . 2008-09-10 04:40        1,334,272        --a------        c:\windows\System32\msxml6.dll
2008-11-13 11:25 . 2008-09-05 06:14        1,191,936        --a------        c:\windows\System32\msxml3.dll
2008-11-13 11:25 . 2008-08-27 02:05        212,480        --a------        c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 20:57 . 2008-11-12 20:57        103,360        --a------        c:\windows\System32\drivers\AnyDVD.sys
2008-11-07 14:14 . 2008-11-07 14:14        <DIR>        d--------        c:\program files\Ubisoft
2008-11-07 14:14 . 2001-05-04 10:05        505,104        --a------        c:\windows\System32\msxml.dll
2008-11-07 14:14 . 1998-06-23 23:00        115,016        --a------        c:\windows\System32\MSINET.OCX
2008-11-07 14:14 . 1998-06-17 23:00        89,360        --a------        c:\windows\System32\VB5DB.DLL
2008-11-07 14:14 . 2000-03-17 07:21        69,632        --a------        c:\windows\System32\xmltok.dll
2008-11-07 14:14 . 2000-03-17 07:21        36,864        --a------        c:\windows\System32\xmlparse.dll
2008-11-07 14:14 . 2002-04-24 11:43        35,840        --a------        c:\windows\System32\comdlg32.oca
2008-11-07 14:14 . 2002-04-09 16:23        29,184        --a------        c:\windows\System32\MSINET.oca
2008-11-07 14:14 . 2001-05-04 10:05        28,432        --a------        c:\windows\System32\msxmlr.dll
2008-11-07 14:14 . 2002-10-17 09:35        26,096        --a------        c:\windows\System32\xmlinst.exe
2008-11-07 14:07 . 2003-03-02 17:44        7,552        --a------        c:\windows\System32\drivers\enodpl.sys
2008-11-07 14:07 . 2003-04-19 00:39        6,659        --a------        c:\windows\System32\TANDPL.VXD
2008-11-07 14:07 . 2001-08-31 15:16        6,532        --a------        c:\windows\System32\ENODPL.VXD
2008-11-07 14:07 . 2003-04-19 00:32        4,736        --a------        c:\windows\System32\drivers\tandpl.sys
2008-11-07 13:24 . 2008-11-07 13:24        <DIR>        d--------        c:\program files\Uninstall
2008-11-06 20:06 . 2008-11-06 20:06        93,128        --a------        c:\windows\System32\ElbyCDIO.dll
2008-11-06 17:31 . 2008-11-23 02:09        <DIR>        d--------        c:\users\++++\AppData\Roaming\gtk-2.0
2008-11-04 13:47 . 2008-11-04 13:47        0        --ah-----        c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-11-04 11:14 . 2008-11-04 11:14        <DIR>        d--------        c:\users\++++\AppData\Roaming\Hansenet
2008-11-02 13:40 . 2008-11-02 13:40        <DIR>        d--------        c:\program files\SecureW2
2008-11-01 15:08 . 2008-07-12 08:18        3,851,784        --a------        c:\windows\System32\D3DX9_39.dll
2008-10-30 19:32 . 2008-08-12 04:39        443,392        --a------        c:\windows\System32\win32spl.dll
2008-10-24 19:14 . 2008-10-24 19:15        <DIR>        d--------        c:\users\++++\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2008-10-24 19:03 . 2008-10-24 19:04        <DIR>        d--------        c:\users\++++\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 00:57        ---------        d-----w        c:\users\++++\AppData\Roaming\temp
2008-11-18 20:17        ---------        d-----w        c:\users\++++\AppData\Roaming\Azureus
2008-11-07 13:01        ---------        d--h--w        c:\program files\InstallShield Installation Information
2008-10-30 17:14        107,888        ----a-w        c:\windows\System32\CmdLineExt.dll
2008-10-24 22:38        ---------        d-----w        c:\programdata\Spybot - Search & Destroy
2008-10-24 18:15        ---------        d-----w        c:\users\++++\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2008-10-23 18:48        ---------        d-----w        c:\users\+++\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
2008-10-05 20:50        ---------        d-----w        c:\users\++++\AppData\Roaming\DivX
2008-10-05 16:01        ---------        d-----w        c:\programdata\Installations
2008-10-02 03:49        827,392        ----a-w        c:\windows\System32\wininet.dll
2008-09-30 18:21        1,286,152        ----a-w        c:\windows\System32\msxml4.dll
2008-09-30 10:36        ---------        d-----w        c:\users\++++\AppData\Roaming\Broken Sword 2.5
2008-09-18 05:09        3,601,464        ----a-w        c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09        3,549,240        ----a-w        c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16        2,032,640        ----a-w        c:\windows\System32\win32k.sys
2008-01-21 02:43        174        --sha-w        c:\program files\desktop.ini
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-29 430080]
"AnyDVD"="c:\neue programme\Any dvd\AnyDVD\AnyDVDtray.exe" [2008-11-17 2272192]
"SpybotSD TeaTimer"="c:\neue programme\Spybot\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"avgnt"="c:\neue programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"QuickTime Task"="c:\neue programme\Quicktime\QTTask.exe" [2008-03-28 413696]
"DAEMON Tools"="c:\neue programme\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-14 185872]
"Malwarebytes Anti-Malware (reboot)"="c:\neue programme\Malwarebytes\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 c:\windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\++++\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C8687AC3-6645-4D80-B2DA-9DA9B4348E09}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{24574F86-B049-4AD5-ABF5-906EE9E4C13B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E36BCA06-5C6D-457D-9ED0-EADC9F8C9C21}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7709B646-0842-4C15-9C3F-E47CE6DA43A2}"= UDP:e:\herr der ringe- schlacht um mittelerde\game.dat:Die Schlacht um Mittelerde (tm)
"{C9A2D005-9FB2-4CC9-9599-8EAA9944D23B}"= TCP:e:\herr der ringe- schlacht um mittelerde\game.dat:Die Schlacht um Mittelerde (tm)
"{27AAADB6-306B-4F4E-B271-CBE70219E07E}"= UDP:e:\herr der ringe- schlacht um mittelerde ii\game.dat:Die Schlacht um Mittelerde™ II
"{8579D8F2-EAFB-4EA3-865D-780A3D5CA511}"= TCP:e:\herr der ringe- schlacht um mittelerde ii\game.dat:Die Schlacht um Mittelerde™ II
"{6A7868C1-B375-4EB2-906D-C96C403E1723}"= UDP:e:\schlacht um mittelerde 2- aufstieg des hexenkönigs\game.dat:Der Herr der Ringe™, Aufstieg des Hexenkönigs™
"{1EE74ECE-96BA-4439-A8EA-D103D2838882}"= TCP:e:\schlacht um mittelerde 2- aufstieg des hexenkönigs\game.dat:Der Herr der Ringe™, Aufstieg des Hexenkönigs™
"TCP Query User{98E2131E-E258-4982-94A2-59326D412384}c:\\neue programme\\azureus\\azureus\\azureus.exe"= UDP:c:\neue programme\azureus\azureus\azureus.exe:Azureus
"UDP Query User{FB7AE5F8-B91D-4357-9E6A-B5119A90067D}c:\\neue programme\\azureus\\azureus\\azureus.exe"= TCP:c:\neue programme\azureus\azureus\azureus.exe:Azureus
"TCP Query User{EF471AAA-63ED-46DD-8AEF-92F32AE81995}c:\\neue programme\\icq6\\icq.exe"= UDP:c:\neue programme\icq6\icq.exe:ICQ Library
"UDP Query User{E5D1FD68-ED5C-4AF5-91C5-9C0750ACDFCF}c:\\neue programme\\icq6\\icq.exe"= TCP:c:\neue programme\icq6\icq.exe:ICQ Library
"TCP Query User{FAE487F5-98CB-428B-9106-4432E139FFCA}c:\\neue programme\\realplayer\\realplay.exe"= UDP:c:\neue programme\realplayer\realplay.exe:RealPlayer
"UDP Query User{F619B585-0CC8-48DE-9D23-16CBA8E33EDC}c:\\neue programme\\realplayer\\realplay.exe"= TCP:c:\neue programme\realplayer\realplay.exe:RealPlayer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\DRIVERS\AtiPcie.sys [2008-02-22 7680]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2008-05-18 25896]
R2 ConfigFree Service;ConfigFree Service;"c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe" [2007-12-25 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\neue programme\Spybot\Spybot - Search & Destroy\SDWinSec.exe [2008-05-30 810320]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;"c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [2007-12-03 126976]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-02-22 2929664]
R3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2008-02-22 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2008-05-18 290304]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-02-22 1527900]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmcbus.sys [2008-07-18 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmcmdfl.sys [2008-07-18 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmcmdm.sys [2008-07-18 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmcmgmt.sys [2008-07-18 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\DRIVERS\lgmcnd5.sys [2008-07-18 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmcobex.sys [2008-07-18 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\DRIVERS\lgmcunic.sys [2008-07-18 109952]
S3 RTSTOR;Realtek USB 2.0 Card Reader;c:\windows\system32\drivers\RTSTOR.SYS [2008-02-22 60416]
S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616]

*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners

2008-08-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-09-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-24 c:\windows\Tasks\User_Feed_Synchronization-{403451BA-B7D8-40A8-A20B-0F3F4AACB35B}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - c:\users\++++\AppData\Roaming\Mozilla\Firefox\Profiles\6491e898.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 00:23:22
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-11-25  0:25:52
ComboFix-quarantined-files.txt  2008-11-24 23:25:46

Vor Suchlauf: 21 Verzeichnis(se), 90.076.307.456 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 91,541,110,784 Bytes frei

190        --- E O F ---        2008-11-13 12:33:46

Falko1987 25.11.2008 00:57
7.)

Listing:


http://www.file-upload.net/download-1275383/listing.txt.html

Falko1987 25.11.2008 01:17
8.)

die exe ging nicht....da hab ich einen anderen thread gefunden....hab ursprüngliche exe in .com umgeschrieben.

dann kam ein text den ich nicht verstanden hab....englisch...sollte es als admin ausführen oder so....nochma probiert...."hjth is already running".....dann kam die log datei.
hoffe es is da nix falsch gelaufen. hier die log datei.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:10:00, on 25.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Neue Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Neue Programme\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Neue Programme\Any dvd\AnyDVD\AnyDVDtray.exe
C:\Neue Programme\Spybot\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Neue Programme\Hijackthis\HijackThis.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - h++p://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CE46121-EED2-4A71-B6D1-42E0605BD426}: NameServer = 213.191.92.86 62.109.123.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D7CC473-56C7-43EF-BE05-ACDF6BA7753F}: NameServer = 192.168.1.1
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Neue Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Neue Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Neue Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\system32\IoctlSvc.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Neue Programme\Spybot\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5018 bytes


so jetzt ist alles abgearbeitet:kloppen:

cosinus 25.11.2008 15:39
Das sieht okay soweit aus. Meld Dich nochmal, falls es noch oder wieder Probleme gibt.

Falko1987 25.11.2008 16:16
erstma vielen herzlichsten Dank für deine Hilfe:singsing:
ich hatte schon befürchtung c platt machen zu müssen:pfui:

kannts du mir jetzt nochma kurz sagen was smitfraud so anstellt....ist mir nichts aufgefallen.
Besteht eine Möglichkeit das in dem Zusammenhang weitere Probleme auftauchen können?

cosinus 25.11.2008 16:35
Was der Smitfraud / Zlob so anstellt, müsste auch in unserer Anleitung zum Entfernen stehen. Die ist aber schon etwas älter, macht aber nix :D

Klick mich! ich bin ein Link!

Falko1987 25.11.2008 16:43
alles klar....nochmals vielen Dank.Werde das Forum weiterempfehlen.
ich hoffe ich muss nicht so schnell wieder deine hilfe in anspruch nehmen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:11 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55