| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wer hilft gegen Trojan-Spy.HTML.Smitfraud.c?????Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.04.2005, 21:42
| #1 |
| |  Wer hilft gegen Trojan-Spy.HTML.Smitfraud.c????? Hallo an Alle, mein Notebook hat diesen Trojaner abgekriegt und sich in eine Art Sichersmodus geschaltet,stürzt ständig ab und kreiert www.searchmaid.com als Internetstartseite,die man nicht rauskriegt. Wer weiss schnellen Rat? bitte mailt an Olli68 |
|
23.04.2005, 21:47
| #2 |
  | Wer hilft gegen Trojan-Spy.HTML.Smitfraud.c?????__________________
__________________ |
|
23.04.2005, 21:49
| #3 |
| Administrator, a.D. | Wer hilft gegen Trojan-Spy.HTML.Smitfraud.c?????__________________
__________________ |
|
23.04.2005, 21:53
| #4 |
| | Wer hilft gegen Trojan-Spy.HTML.Smitfraud.c????? @ cidre Danke für den Link-da hab ich wieder ein bißchen was zu lesen 
__________________  Only cronos endures |
|
27.04.2005, 14:08
| #5 |
| |  Wer hilft gegen Trojan-Spy.HTML.Smitfraud.c????? @ olli68 Habe das auch gerade hinter mir  Schau doch mal in meinen thrd http://www.trojaner-board.de/showthread.php?t=17052 Ausfuehrliche anleitung hierzu findest Du auch in Benjileins thrd, auch wenn der etwas "langsamer" ist  http://www.trojaner-board.de/showthread.php?t=17006 Wichtig ist vor allem aber auch zum Schluss, den Desktop wieder zu aktivieren (thx cidre :aplaus: !) |
|
27.04.2005, 17:15
| #6 |
| | Wer hilft gegen Trojan-Spy.HTML.Smitfraud.c????? Ich hab genau das gleiche Problem... hier meine Log.. hoffe ihr könnt mir ein bisschen helfen! MfG Huppsi Logfile of HijackThis v1.99.1 Scan saved at 18:12:17, on 27.04.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\TBPanel.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\Dit.exe C:\Programme\Thrustmaster\Thrustmapper\TMTMTSR.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\Programme\AOL 8.0\waol.exe C:\Programme\AOL 8.0\shellmon.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\H u p p\Lokale Einstellungen\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://asdfqwre.com?u=1560 (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://asdfqwre.com?u=1560 (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://asdfqwre.com?u=1560 (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qfind.net/search.php?qq=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qfind.net/search.php?qq=%s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.qfind.net/search.php?qq=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/ R3 - URLSearchHook: (no name) - {FDE3577A-6254-181C-4E11-339E4F746BD3} - (no file) F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe O1 - Hosts: 68.69.89.20 L2testauthd.lineage2.com O2 - BHO: GetGo URL Catcher (dont remove!) - {0315AA2C-10C7-4504-A1C4-F552ABA8A095} - C:\Programme\GetGo Software\GetGo Download Manager\URLCatch.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Virtual Maid - {77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} - C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [ThrustTSR] C:\Programme\Thrustmaster\Thrustmapper\TMTMTSR.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Down&load &Link& Us&ing Ge&tGo - C:\Programme\GetGo Software\GetGo Download Manager\GGCatch.htm O9 - Extra button: GetGo - {01A13E40-2F55-4397-B39B-7851BCFB8008} - C:\Programme\GetGo Software\GetGo Download Manager\GetGoDM.exe O9 - Extra 'Tools' menuitem: GetGo Download Manager - {01A13E40-2F55-4397-B39B-7851BCFB8008} - C:\Programme\GetGo Software\GetGo Download Manager\GetGoDM.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'xfire_lsp_11078.dll' missing O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab O16 - DPF: Word Whomp Whackdown by pogo - http://game5.pogo.com/applet-6.0.3.3...-ob-assets.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...bridge-c11.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylomgames.com/activex...amesplayer.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{78B7AB24-5E9C-4DE2-AFD5-CC11EC454AFD}: NameServer = 205.188.146.145 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe |
|
29.04.2005, 09:33
| #7 |
 | Wer hilft gegen Trojan-Spy.HTML.Smitfraud.c????? Hallo, mich hats auch erwischt - wenn mir bitte jemand helfen könnte. Symptome: blauer Bildschirm - "security warning - fatal error - trojan-spy.html.smitfraud.c" bei Start des IE kommt als neue Startseite "CoolWebSearch mit http://81.222.131.49/indes.php Habe ein Logfile mit hjthis erstellt: Logfile of HijackThis v1.99.1 Scan saved at 09:46:08, on 29.04.2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\ircomm2k.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\SXCPL.EXE C:\WINNT\system32\Atiptaxx.exe C:\Programme\HP\HP Software Update\HPWuSchd.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\WINNT\system32\paytime.exe C:\WINNT\system32\paytime.exe C:\wp.exe C:\Programme\D-Link AirPlus\AirPlus.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\PowerArchiver\POWERARC.EXE C:\Programme\PowerArchiver\POWERARC.EXE C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php F3 - REG:win.ini: load= O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SXCPL] SXCPL.EXE O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [WinVNC] "C:\Programme\ORL\VNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [PayTime] C:\WINNT\system32\paytime.exe O4 - HKCU\..\Run: [PayTime] C:\WINNT\system32\paytime.exe O4 - HKCU\..\Run: [WindowsFY] C:\wp.exe O4 - Global Startup: D-Link AirPlus.lnk = C:\Programme\D-Link AirPlus\AirPlus.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://www.anonymizer.com/anti-spywa...ner/WebAAS.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://intercall.webex.com/client/v...ex/ieatgpc.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 10.10.1.99 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 10.10.1.99 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 10.10.1.99 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Virtueller Infrarot-Kommunikationsanschluß, Dienstprogramm (IrCOMM2kSvc) - Jan Kiszka - C:\WINNT\system32\ircomm2k.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe Vorher habe ich bereits mit Ad-Aware gescannt und einige Dateien in Quarantäne gesteckt: ArchiveData(Quarantäne.bckp) Referencefile : SE1R41 25.04.2005 ====================================================== ALEXA »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[0]=Regkey : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} obj[1]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuText" obj[2]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuStatusBar" obj[3]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Script" obj[4]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "clsid" obj[5]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Icon" obj[6]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "HotIcon" obj[7]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "ButtonText" obj[8]=RegValue : S-1-5-21-1993962763-1563985344-1708537768-500\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" TRACKING COOKIE »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[9]=IECache Entry : Cookie:administrator@adtech.de/ obj[10]=IECache Entry : Cookie:administrator@valueclick.com/ obj[11]=IECache Entry : Cookie:administrator@doubleclick.net/ Kann mir jemand empfehlen, wie ich den Trojaner und die blaue Mattscheibe wieder loskriege? Danke + Gruß Lothar |
|
04.05.2005, 11:51
| #8 |
| | Wer hilft gegen Trojan-Spy.HTML.Smitfraud.c????? Hallo, mich hat es auch erwischt  Bitte um Hilfe!! So sieht's aus... blauer Bildschirm..."security warning...fatal error...trojan-spy.html.smitfraud.c" ... Habe natürlich ein Logfile mit hjthis erstellt: Logfile of HijackThis v1.99.1 Scan saved at 12:40:37, on 2005-05-04 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Microsoft Hardware\Keyboard\type32.exe C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\NCLAUNCH.EXe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\E-Color\Common\IconMgr.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programme\E-Color\Colorific\hgcctl95.exe C:\Programme\E-Color\E-Color Indicator\TICIcon.exe C:\Programme\Zone Labs\ZoneAlarm\zapro.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\IZABELA\Desktop\HijackThis.exe C:\WINDOWS\NotePad.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com O1 - Hosts: 127.0.0.3 x.full-tgp.net O1 - Hosts: 127.0.0.3 counter.sexmaniack.com O1 - Hosts: 127.0.0.3 autoescrowpay.com O1 - Hosts: 127.0.0.3 www.autoescrowpay.com O1 - Hosts: 127.0.0.3 www.awmdabest.com O1 - Hosts: 127.0.0.3 www.sexfiles.nu O1 - Hosts: 127.0.0.3 awmdabest.com O1 - Hosts: 127.0.0.3 sexfiles.nu O1 - Hosts: 127.0.0.3 allforadult.com O1 - Hosts: 127.0.0.3 www.allforadult.com O1 - Hosts: 127.0.0.3 www.iframe.biz O1 - Hosts: 127.0.0.3 iframe.biz O1 - Hosts: 127.0.0.3 www.newiframe.biz O1 - Hosts: 127.0.0.3 newiframe.biz O1 - Hosts: 127.0.0.3 www.vesbiz.biz O1 - Hosts: 127.0.0.3 vesbiz.biz O1 - Hosts: 127.0.0.3 www.pizdato.biz O1 - Hosts: 127.0.0.3 pizdato.biz O1 - Hosts: 127.0.0.3 www.aaasexypics.com O1 - Hosts: 127.0.0.3 aaasexypics.com O1 - Hosts: 127.0.0.3 www.virgin-tgp.net O1 - Hosts: 127.0.0.3 virgin-tgp.net O1 - Hosts: 127.0.0.3 www.awmcash.biz O1 - Hosts: 127.0.0.3 awmcash.biz O1 - Hosts: 127.0.0.3 buldog-stats.com O1 - Hosts: 127.0.0.3 www.buldog-stats.com O1 - Hosts: 127.0.0.3 fregat.drocherway.com O1 - Hosts: 127.0.0.3 slutmania.biz O1 - Hosts: 127.0.0.3 www.slutmania.biz O1 - Hosts: 127.0.0.3 toolbarpartner.com O1 - Hosts: 127.0.0.3 www.toolbarpartner.com O1 - Hosts: 127.0.0.3 www.megapornix.com O1 - Hosts: 127.0.0.3 megapornix.com O1 - Hosts: 127.0.0.3 www.sp2fucked.biz O1 - Hosts: 127.0.0.3 sp2fucked.biz O1 - Hosts: 127.0.0.3 greg-tut.com O1 - Hosts: 127.0.0.3 www.greg-tut.com O1 - Hosts: 127.0.0.3 nylonsexy.com O1 - Hosts: 127.0.0.3 www.nylonsexy.com O1 - Hosts: 127.0.0.3 vparivalka.com O1 - Hosts: 127.0.0.3 www.vparivalka.com O1 - Hosts: 127.0.0.3 iframeprofit.com O1 - Hosts: 127.0.0.3 www.iframeprofit.com O1 - Hosts: 127.0.0.3 topsearch10.com O1 - Hosts: 127.0.0.3 www.topsearch10.com O1 - Hosts: 127.0.0.3 statscash.biz O1 - Hosts: 127.0.0.3 www.statscash.biz O1 - Hosts: 127.0.0.3 vxiframe.biz O1 - Hosts: 127.0.0.3 www.vxiframe.biz O1 - Hosts: 127.0.0.3 crazy-toolbar.com O1 - Hosts: 127.0.0.3 www.crazy-toolbar.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: woerterbuch.info Toolbar - {693B02B1-2601-4729-B98D-BB68BE4E39CD} - C:\Programme\woerterbuch.info\woerte_12000_tb.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [hhxiofbjaiwhw] C:\WINDOWS\System32\eamomnp.exe O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [eBayToolbar] C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Komunikator] C:\Programme\Tlen.pl\tlen.exe O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: E-Color.lnk = C:\Programme\E-Color\Common\IconMgr.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &woerterbuch.info Toolbar - Übersetzung - - res://C:\Programme\woerterbuch.info\woerte_12000_tb.dll/GoSEAR.dll.htm O8 - Extra context menu item: &woerterbuch.info Toolbar -*Synonym - - res://C:\Programme\woerterbuch.info\woerte_12000_tb.dll/Go2Sear.dll.htm O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: komentator - http://sport.onet.pl/komentator.cab O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS....jhtml?photo=1 O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/17e1d3c7261dcc9...dxIE601_de.cab O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://img.web.de/v/mail/activex/mail_upload_1123.cab O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://66.181.170.109/axiscam/Codeba...CamControl.ocx O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {AA14C86B-DA22-4811-8186-BB496A299C5F} (Be Here TotalView Player ActiveX Control, Version 3.0) - http://www.spincam.com/360video/plug...oViewer3_0.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Bin für jede Hilfe dankbar!!! MfG, Isabela |
|
06.05.2005, 11:23
| #9 |
| | Wer hilft gegen Trojan-Spy.HTML.Smitfraud.c????? Hallo! Hab das selbe Problem. Das ist mein logfile: Logfile of HijackThis v1.99.1 Scan saved at 12:17:17, on 06.05.05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\SYMTRAY.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAMME\NORTONSYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE C:\WINDOWS\SYSTEM\MDM.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAMME\0190 WARNER\WARN0190.EXE C:\WINDOWS\STARTER.EXE C:\WINDOWS\SYSTEM\HPZTSB03.EXE C:\PROGRAMME\NORTONSYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE C:\PROGRAMME\NORTONSYSTEMWORKS\NORTON CRASHGUARD\CGMENU.EXE C:\PROGRAMME\NORTONSYSTEMWORKS\NORTON ANTIVIRUS\POPROXY.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAMME\EUMEX 504PC USB\CAPICTRL.EXE C:\PROGRAMME\NORTONSYSTEMWORKS\NORTON CRASHGUARD\CG16EH.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAMME\WINACE\WINACE.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: Metamail IEPlugin - {C09C9904-FD44-11D6-A711-00105AC8F168} - (no file) O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAMME\SIDEFIND\SFBHO.DLL (file missing) O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} - C:\WINDOWS\SYSTEM\WSTART.DLL O2 - BHO: (no name) - {1124B9A1-BCF1-11D9-94D9-00302E0B9206} - C:\WINDOWS\SYSTEM\NAJIDCA.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [0190 Warner] C:\PROGRAMME\0190 WARNER\WARN0190.EXE O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\PROGRAMME\NORTONSYSTEMWORKS\NORTON CRASHGUARD\CGMenu.EXE" O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAMME\NORTONSYSTEMWORKS\NORTON ANTIVIRUS\POProxy.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [WoryKRPDa] C:\HJCXB.EXE O4 - HKLM\..\Run: [sais] c:\programme\180solutions\sais.exe O4 - HKLM\..\Run: [BullsEye Network] C:\Programme\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [olelgh] C:\WINDOWS\olelgh.exe O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAMME\SECURITY IGUARD\SECURITY IGUARD.EXE O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programme\Gemeinsame Dateien\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Programme\NortonSystemWorks\Norton CleanSweep\CSINJECT.EXE O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE O4 - Startup: CAPI Control.lnk = C:\Programme\Eumex 504PC USB\Capictrl.exe O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAMME\SIDEFIND\SIDEFIND.DLL (file missing) O9 - Extra button: Microsoft AntiSpyware helper - {136EA9A0-BCF1-11D9-94D9-0030840C64C4} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {136EA9A0-BCF1-11D9-94D9-0030840C64C4} - (no file) (HKCU) O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted IP range: 67.19.185.246 O15 - Trusted IP range: 67.19.185.246 (HKLM) O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...006_cracks.cab O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.slotchbar.com/ist/softwar...ct_regular.cab O18 - Filter: text/html - {1124B9A0-BCF1-11D9-94D9-00304147379D} - C:\WINDOWS\SYSTEM\NAJIDCA.DLL O18 - Filter: text/plain - {1124B9A0-BCF1-11D9-94D9-00304147379D} - C:\WINDOWS\SYSTEM\NAJIDCA.DLL Ich bin für jede Hilfe dankbar. Gruß Mansen |
|
| Themen zu Wer hilft gegen Trojan-Spy.HTML.Smitfraud.c????? |
| ebook, hilft, inter, interne, internetstartseite, mail, notebook, schnelle, schnellen, seite, startseite, stürzt, troja, trojaner |
Linear-Darstellung
