Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me)

Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me)


Plagegeister aller Art und deren Bekämpfung: Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.06.2005, 17:38   #1
veet
 
Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me) - Standard

Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me)


Hier der HJT log

Logfile of HijackThis v1.99.1
Scan saved at 17:19:49, on 16.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Programme\Alwil Software\Avast4\aswUpdSv.exe
H:\Programme\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Programme\Alwil Software\Avast4\ashMaiSv.exe
H:\Programme\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\taskmgr.exe
H:\WINDOWS\system32\wscntfy.exe
P:\stuff\hijackthis\HijackThis.exe

O3 - Toolbar: News Ticker - {05F8C4F5-7CCF-4129-B221-B2B4CFC589DA} - H:\Programme\NewsTicker\Ticker.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] H:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DU Meter] H:\Programme\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] H:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] H:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] H:\Programme\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [RefreshLock] H:\Programme\refreshlock\RefreshLock.exe
O4 - HKLM\..\Run: [TkBellExe] "H:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PSGuard] H:\Programme\PSGuard\PSGuard.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "H:\Programme\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "H:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "h:\programme\valve\steam\steam.exe" -silent
O4 - Startup: Ruhezeiten vorziehen.bat
O4 - Startup: WetterStation².lnk = ?
O8 - Extra context menu item: &Suche im Duden - res://H:\Programme\Duden-Suche Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - H:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - H:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Guru News Reader - {9025F70D-DB4B-4312-982B-8FE916987ED8} - H:\Programme\NewsTicker\Ticker.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe
O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downloadv3.com/binarie...1041_EN_XP.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - H:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - H:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe



und hier der eScan log, hoffe ihr könnt mir helfen



Thu Jun 16 18:16:00 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Thu Jun 16 18:16:01 2005 => System found infected with Bargain Buddy Spyware/Adware ({4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3})! Action taken: No Action Taken.
Thu Jun 16 18:16:01 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:01 2005 => System found infected with Bargain Buddy Spyware/Adware ({c6906a23-4717-4e1f-b6fd-f06ebed15678})! Action taken: No Action Taken.
Thu Jun 16 18:16:01 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:02 2005 => System found infected with Bargain Buddy Spyware/Adware ({8eee58d5-130e-4cbd-9c83-35a0564e5678})! Action taken: No Action Taken.
Thu Jun 16 18:16:02 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:02 2005 => System found infected with Bargain Buddy Spyware/Adware ({f4e04583-354e-4076-be7d-ed6a80fd66da})! Action taken: No Action Taken.
Thu Jun 16 18:16:02 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:03 2005 => Offending Folder H:\PROGRA~1\sidefind present...
Thu Jun 16 18:16:03 2005 => Object "sidefind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:04 2005 => Offending Folder H:\PROGRA~1\istsvc present...
Thu Jun 16 18:16:04 2005 => Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:04 2005 => Offending value found in HKLM\Software\powerscan !!!
Thu Jun 16 18:16:04 2005 => Object "powerscan Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:04 2005 => Offending Folder H:\PROGRA~1\BULLSE~1 present...
Thu Jun 16 18:16:04 2005 => Object "BullsEye Network Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:04 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!!
Thu Jun 16 18:16:04 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Jun 16 18:16:05 2005 => System found infected with eZula Spyware/Adware (exclean.exe)! Action taken: No Action Taken.
Thu Jun 16 18:16:05 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.


Thu Jun 16 18:16:07 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Thu Jun 16 18:16:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "H:\WINDOWS\eg_auth_1041.dll". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\BDA.cab". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\BDANT.cab". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\BDAXP.cab". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\DSETUP.dll". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\DirectX.cab". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\ManagedDX.CAB". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\dsetup32.dll". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\dxnt.cab". Action Taken: No Action Taken.

Thu Jun 16 18:16:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\DOKUME~1\Ersch\LOKALE~1\Temp\{256F319A-AEA5-481F-829A-2CEF51A91FDA}\{8421F058-CB2D-4BCE-B487-4A559DE70173}\DirectX9\dxsetup.exe". Action Taken: No Action Taken.

Thu Jun 16 18:16:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\eg_auth_1041.dll". Action Taken: No Action Taken.

Thu Jun 16 18:16:27 2005 => Entry "HKCR\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}" refers to invalid object "H:\WINDOWS\system32\msbe.dll". Action Taken: No Action Taken.

Thu Jun 16 18:16:31 2005 => Entry "HKCR\AcroIEHelper.AcroIEHlprObj" refers to invalid object "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}". Action Taken: No Action Taken.

Thu Jun 16 18:16:31 2005 => Entry "HKCR\AcroIEHelper.AcroIEHlprObj.1" refers to invalid object "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}". Action Taken: No Action Taken.

Thu Jun 16 18:16:37 2005 => Entry "HKCR\IEFlash.IEFlash" refers to invalid object "{E5A1691B-D188-4419-AD02-90002030B8EE}". Action Taken: No Action Taken.





Thu Jun 16 18:20:01 2005 => Checking for Welchia Virus...
Thu Jun 16 18:20:02 2005 => Checking for LovGate Virus...
Thu Jun 16 18:20:02 2005 => Checking for CodeRed Virus...
Thu Jun 16 18:20:02 2005 => Checking for OpaServ Virus...
Thu Jun 16 18:20:02 2005 => Checking for Sobig.e Virus...
Thu Jun 16 18:20:03 2005 => Checking for Winupie Virus...
Thu Jun 16 18:20:03 2005 => Checking for Swen Virus...
Thu Jun 16 18:20:03 2005 => Checking for JS.Fortnight Virus...
Thu Jun 16 18:20:03 2005 => Checking for Novarg Virus...
Thu Jun 16 18:20:03 2005 => Checking for Pagabot Virus...
Thu Jun 16 18:20:04 2005 => Checking for Parite.b Virus...
Thu Jun 16 18:20:04 2005 => Checking for Parite.a Virus...
Thu Jun 16 18:20:04 2005 => Checking for Adware.SeekSeek Virus...

Thu Jun 16 18:20:04 2005 => ***** Scanning complete. *****

Thu Jun 16 18:20:04 2005 => Total Objects Scanned: 10194
Thu Jun 16 18:20:04 2005 => Total Virus(es) Found: 14
Thu Jun 16 18:20:05 2005 => Total Disinfected Files: 0
Thu Jun 16 18:20:05 2005 => Total Files Renamed: 0
Thu Jun 16 18:20:05 2005 => Total Deleted Objects: 0
Thu Jun 16 18:20:05 2005 => Total Errors: 17
Thu Jun 16 18:20:05 2005 => Time Elapsed: 00:05:46
Thu Jun 16 18:20:05 2005 => Virus Database Date: 2005/06/13
Thu Jun 16 18:20:06 2005 => Virus Database Count: 134428

Thu Jun 16 18:20:06 2005 => Scan Completed.


wie bekomm ich die gefunden viren wech ? also eScan möcht ich nicht unbedingt kaufen um das entfernen zu können

 

Themen zu Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me)
ad-aware, antivirus, avast, avast!, entfernen, escan, explorer, helfen, help, hijack, hijackthis, infected, internet, internet explorer, nvidia, object, programme, registry, rundll, software, suche, system, temp, viren, windows, windows messenger, windows xp


« gendel32.exe einfach löschen? | Click Trojaner »


Ähnliche Themen: Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me)


  1. Troj.TR/Crypt.Zpack.151493+Troj.TR/Crypt.Xpack.138980 entfernen+daten entschlüsseln
    Log-Analyse und Auswertung - 27.08.2015 (27)
  2. Troj/ExpJS-EG / Troj/ZbotMem-B / Trojan.Phex.THAGen6 - BA-BA-BA-BA-BANKÜBERFALL 2012
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (19)
  3. TR/FakeAle.163840.1 (E:\WINDOWS\msa.exe)
    Alles rund um Windows - 05.10.2009 (1)
  4. Trojaner Smitfraud.c aka Troj/FakeAle-c
    Log-Analyse und Auswertung - 04.06.2006 (4)
  5. mein computer nach der Automatische Entfernung des Trojaners Smitfraud.c aka Troj/Fak
    Log-Analyse und Auswertung - 21.11.2005 (4)
  6. Entfernung des Trojaners Smitfraud.c aka Troj/FakeAle-c
    Plagegeister aller Art und deren Bekämpfung - 27.07.2005 (3)
  7. Anleitung: Entfernung Smitfraud.c aka Troj/FakeAle-c
    Archiv - 27.07.2005 (0)
  8. PSGuard - Trojaners Smitfraud.c aka Troj/FakeAle-c
    Log-Analyse und Auswertung - 08.07.2005 (1)
  9. PSGuard -> Trojaners Smitfraud.c
    Plagegeister aller Art und deren Bekämpfung - 26.06.2005 (3)
  10. Manuelle Entfernung des Trojaners Smitfraud.c aka Troj/FakeAle-c
    Archiv - 13.06.2005 (2)
  11. Log File bei Troj/FakeAle-c
    Log-Analyse und Auswertung - 11.06.2005 (2)
  12. Hilfe mit escan bei "Entfernung des Trojaners Smitfraud.c aka Troj/FakeAle-c" ,
    Plagegeister aller Art und deren Bekämpfung - 19.05.2005 (3)
  13. mIRC wurm und Troj LADDER.A /Troj RAS.DLDR
    Plagegeister aller Art und deren Bekämpfung - 24.12.2004 (1)
  14. TROJ PROCKILLA / TROJ TARNO.A
    Plagegeister aller Art und deren Bekämpfung - 06.01.2004 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me) - Hier der HJT log Logfile of HijackThis v1.99.1 Scan saved at 17:19:49, on 16.06.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe - Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me)...
Archiv
Du betrachtest: Trojaners Smitfraud.c aka Troj/FakeAle-c (cidre help me) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55