| |
| |||||||
Log-Analyse und Auswertung: Dropper Solutions und TR/Dldr.Dyfuca.dsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.05.2005, 14:40
| #1 |
 |  Dropper Solutions und TR/Dldr.Dyfuca.ds Tach mein Antivirguard hatte mir vorgestern erstmals eine Warnung verfasst da stand dann irgendwas von Dropper DR Solutions und Trojaner TR/Dldr.Dyfuca.ds Könnt ihr mir helfen dat zu beheben ? Habe schon versucht die Dateien (salm.exe??) zu löschen geht aber nicht ! Kann dat Problem auch nit mit Antivir beheben ! Bin Neuling also habt gewisse rücksicht mit mir !!! vielen Dank im vorraus !!!! Logfile of HijackThis v1.99.1 Scan saved at 15:22:49, on 10.05.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\ehome\ehSched.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\QuickTime\qttask.exe C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\Programm Downloads\Musikprogramme\Winamp\Winampa.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Real\RealPlayer\RealPlay.exe C:\Program Files\Media Access\MediaAccK.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Program Files\Media Access\MediaAccess.exe C:\Programme\AVPersonal\AVSCHED32.EXE C:\WINDOWS\System32\gah95on6.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Lexmark X125\LEX125SU.exe C:\Programme\AOL 8.0\waol.exe C:\Programme\AOL 8.0\shellmon.exe C:\Programme\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\WINDOWS\System32\wuauclt.exe C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\Temporäres Verzeichnis 2 für hijackthis_199.zip\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NAV_Update] C:\NAV_Update.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\Programm Downloads\Musikprogramme\Winamp\Winampa.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [salm] c:\temp\salm.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSCHED32.EXE /min O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Lexmark X125 Einstellungsdienstprogramm.lnk = C:\Programme\Lexmark X125\LEX125SU.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CD...ridge-c139.cab O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdateV3 - Activex Control) - http://support.fujitsu-siemens.de/De...pi/activex.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E7EA6EC3-74E7-4A51-A00F-571E56E0C077}: NameServer = 205.188.146.145 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\SYSTEM32\GEARSEC.EXE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Bei escan stand am ende Mon May 09 22:14:17 2005 => Total Objects Scanned: 81236 Mon May 09 22:14:17 2005 => Total Virus(es) Found: 31 Mon May 09 22:14:17 2005 => Total Disinfected Files: 0 Mon May 09 22:14:17 2005 => Total Files Renamed: 0 Mon May 09 22:14:17 2005 => Total Deleted Objects: 0 Mon May 09 22:14:17 2005 => Total Errors: 8 Mon May 09 22:14:17 2005 => Time Elapsed: 00:58:51 Mon May 09 22:14:17 2005 => AV Library Unloaded (3)... Mon May 09 22:15:15 2005 => ********************************************************** Mon May 09 22:15:15 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility. Mon May 09 22:15:15 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc. Mon May 09 22:15:15 2005 => ********************************************************** Mon May 09 22:15:15 2005 => Version 6.1.7 (C:\bases_x\mwavscan.com) Mon May 09 22:15:15 2005 => Log File: C:\bases_x\MWAV.LOG Mon May 09 22:15:15 2005 => Last Scan Date and Time: 09.05.2005 20:49:47 Mon May 09 22:15:15 2005 => MWAV Registered: FALSE. Mon May 09 22:15:15 2005 => MWAV Mode: Only Scan files. Mon May 09 22:15:15 2005 => Latest Date of files inside MWAV: 05 May 2005 11:32:43. Mon May 09 22:15:19 2005 => AV Library Loaded... Mon May 09 22:15:19 2005 => MWAV doing self scanning... Mon May 09 22:15:19 2005 => Scanning File C:\bases_x\kavss.exe Mon May 09 22:15:19 2005 => Scanning File C:\bases_x\Getvlist.exe Mon May 09 22:15:19 2005 => Scanning File C:\bases_x\kavss.dll Mon May 09 22:15:19 2005 => Scanning File C:\bases_x\kavssdi.dll Mon May 09 22:15:19 2005 => Scanning File C:\bases_x\kavssi.dll Mon May 09 22:15:19 2005 => Scanning File C:\bases_x\kavvlg.dll Mon May 09 22:15:19 2005 => Scanning File C:\bases_x\msvlclnt.dll Mon May 09 22:15:19 2005 => Scanning File C:\bases_x\ipc.dll Mon May 09 22:15:19 2005 => Scanning File C:\bases_x\main.avi Mon May 09 22:15:19 2005 => Scanning File C:\bases_x\virus.avi Mon May 09 22:15:19 2005 => MWAV files are clean. Mon May 09 22:15:24 2005 => MWAV License Agreement and conditions NOT accepted by user. Aborting... Mon May 09 22:15:24 2005 => AV Library Unloaded (2)... Mon May 09 22:25:29 2005 => ********************************************************** Mon May 09 22:25:29 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility. Mon May 09 22:25:29 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc. Mon May 09 22:25:29 2005 => ********************************************************** Mon May 09 22:25:29 2005 => Version 6.1.7 (C:\bases_x\mwavscan.com) Mon May 09 22:25:29 2005 => Log File: C:\bases_x\MWAV.LOG Mon May 09 22:25:29 2005 => Last Scan Date and Time: 09.05.2005 20:49:47 Mon May 09 22:25:29 2005 => MWAV Registered: FALSE. Mon May 09 22:25:29 2005 => MWAV Mode: Only Scan files. Mon May 09 22:25:29 2005 => Latest Date of files inside MWAV: 05 May 2005 11:32:43. Mon May 09 22:25:30 2005 => AV Library Loaded... Mon May 09 22:25:30 2005 => MWAV doing self scanning... Mon May 09 22:25:30 2005 => Scanning File C:\bases_x\kavss.exe Mon May 09 22:25:30 2005 => Scanning File C:\bases_x\Getvlist.exe Mon May 09 22:25:30 2005 => Scanning File C:\bases_x\kavss.dll Mon May 09 22:25:30 2005 => Scanning File C:\bases_x\kavssdi.dll Mon May 09 22:25:30 2005 => Scanning File C:\bases_x\kavssi.dll Mon May 09 22:25:31 2005 => Scanning File C:\bases_x\kavvlg.dll Mon May 09 22:25:31 2005 => Scanning File C:\bases_x\msvlclnt.dll Mon May 09 22:25:31 2005 => Scanning File C:\bases_x\ipc.dll Mon May 09 22:25:31 2005 => Scanning File C:\bases_x\main.avi Mon May 09 22:25:31 2005 => Scanning File C:\bases_x\virus.avi Mon May 09 22:25:31 2005 => MWAV files are clean. Mon May 09 22:25:34 2005 => Virus Database Date: 2005/05/05 Mon May 09 22:25:34 2005 => Virus Database Count: 128422 Mon May 09 22:27:40 2005 => Generating Virus List... getvlist.exe C:\bases_x\vlist.txt Mon May 09 22:28:05 2005 => Generating Virus List... getvlist.exe C:\bases_x\vlist.txt Mon May 09 22:28:19 2005 => AV Library Unloaded (3)... _____________ Anm. Das nächste Mal bitte einen sinnvollen Thread Titel erstellen.  LG Cidre S-Mod TB Geändert von Cidre (11.05.2005 um 00:00 Uhr) |
| Themen zu Dropper Solutions und TR/Dldr.Dyfuca.ds |
| adobe, antivir update, antivirus, bho, drivers, einstellungen, escan, explorer, file missing, helfen, hijack, hijackthis, internet, internet explorer, log file, löschen, microsoft, nvcpl.dll, nvidia, problem, programme, rundll, software, spyware, system, temp, tuneup utilities, virus, warnung, windows, windows xp |
Baum-Darstellung