Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
dropper - loch im system????

dropper - loch im system????


Plagegeister aller Art und deren Bekämpfung: dropper - loch im system????

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 04.06.2005, 19:55   #16
york
 
dropper - loch im system???? - Standard

dropper - loch im system????


Hi cronos,

hier die daten von der mwav.log datei - teil 1 von 3 (zu viele daten, muss sie leider aufteilen - sorry)... vielen dank für deine hilfe...

grüsse y.

TUESDAY 31.05.2005

C:\WINDOWS\system32\hfadygd.dll infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken.

c:\windows\system32\evzqjew.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.

C:\WINDOWS\system32\hfadygd.dll infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken.

C:\WINDOWS\system32\qslos.dll infected by "not-a-virus:AdWare.Adstart.i" Virus. Action Taken: No Action Taken.

c:\windows\system32\evzqjew.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.

C:\WINDOWS\SYSTEM32\HDIDYEJ.SYS infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken.

C:\WINDOWS\system32\hdimyas.exe infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken.

System found infected with BookedSpace Spyware/Adware ({a85c4a1b-bd36-44e5-a70f-8ec347d9b24f})! Action taken: No Action Taken.
Tue May 31 22:34:18 2005 => File System Found infected by "BookedSpace Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 31 22:34:19 2005 => System found infected with Bargain Buddy Spyware/Adware ({ce188402-6ee7-4022-8868-ab25173a3e14})! Action taken: No Action Taken.
Tue May 31 22:34:19 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 31 22:34:19 2005 => System found infected with Bargain Buddy Spyware/Adware ({f4e04583-354e-4076-be7d-ed6a80fd66da})! Action taken: No Action Taken.
Tue May 31 22:34:19 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 31 22:34:19 2005 => System found infected with AdRotator Spyware/Adware ({1cfb8b32-4053-4144-af6f-1540eec7f101})! Action taken: No Action Taken.
Tue May 31 22:34:19 2005 => File System Found infected by "AdRotator Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 31 22:34:19 2005 => Offending value found in HKLM\Software\myway !!!
Tue May 31 22:34:19 2005 => System found infected with myway Spyware/Adware! Action taken: No Action Taken.
Tue May 31 22:34:19 2005 => File System Found infected by "myway Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 31 22:34:19 2005 => Offending value found in HKLM\Software\bookedspace !!!
Tue May 31 22:34:19 2005 => System found infected with bookedspace Spyware/Adware! Action taken: No Action Taken.
Tue May 31 22:34:19 2005 => File System Found infected by "bookedspace Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 31 22:34:41 2005 => System found infected with AdRotator Spyware/Adware (hiwinnager.dat)! Action taken: No Action Taken.
Tue May 31 22:34:41 2005 => File System Found infected by "AdRotator Spyware/Adware" Virus. Action Taken: No Action Taken.

C:\WINDOWS\system32\adstartup.exe infected by "not-a-virus:AdWare.Adstart.h" Virus. Action Taken: No Action Taken.

C:\WINDOWS\system32\GSM3-0511.exe infected by "Trojan.Win32.Registrator.b" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\system32\hoapefe.vxd infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken.

C:\WINDOWS\system32\hpikeci.exe infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\system32\htijebl.exe infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\system32\install_ID6.exe infected by "not-a-virus:AdWare.Adstart.i" Virus. Action Taken: No Action Taken.

C:\WINDOWS\system32\modgxyz.exe infected by "not-a-virus:AdWare.Adstart.d" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\system32\qslosc.exe infected by "not-a-virus:AdWare.Adstart.h" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\system32\qslosd.exe infected by "not-a-virus:AdWare.Adstart.b" Virus. Action Taken: No Action Taken.

Tue May 31 22:36:32 2005 => Scanning File C:\WINDOWS\system32\qslose.xml
Tue May 31 22:36:32 2005 => Scanning File C:\WINDOWS\system32\qslosf.exe
Tue May 31 22:36:32 2005 => File C:\WINDOWS\system32\qslosf.exe infected by "not-a-virus:AdWare.Adstart.d" Virus. Action Taken: No Action Taken.

C:\WINDOWS\system32\SWin32.dll infected by "not-a-virus:AdWare.Adstart.i" Virus. Action Taken: No Action Taken.

C:\WINDOWS\system32\unpack.exe infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken.


File C:\DOKUME~1\York\LOKALE~1\Temp\bs52.tmpbsx32\bbrs2.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken.

Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs53.tmp [**]
Tue May 31 22:37:41 2005 => Scanning Folder: C:\DOKUME~1\York\LOKALE~1\Temp\bs53.tmpbsx32\*.*
Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs53.tmpbsx32\bbrs2.exe
Tue May 31 22:37:41 2005 => File C:\DOKUME~1\York\LOKALE~1\Temp\bs53.tmpbsx32\bbrs2.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken.

Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs5319.tmp [**]
Tue May 31 22:37:41 2005 => Scanning Folder: C:\DOKUME~1\York\LOKALE~1\Temp\bs5319.tmpbsx32\*.*
Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs5319.tmpbsx32\bbrs2.exe
Tue May 31 22:37:41 2005 => File C:\DOKUME~1\York\LOKALE~1\Temp\bs5319.tmpbsx32\bbrs2.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken.

Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs54F.tmp [**]
Tue May 31 22:37:41 2005 => Scanning Folder: C:\DOKUME~1\York\LOKALE~1\Temp\bs54F.tmpbsx32\*.*
Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs54F.tmpbsx32\bbrs2.exe
Tue May 31 22:37:41 2005 => File C:\DOKUME~1\York\LOKALE~1\Temp\bs54F.tmpbsx32\bbrs2.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken.

File C:\DOKUME~1\York\LOKALE~1\Temp\i8.tmp infected by "not-a-virus:AdWare.SurfSide.j" Virus. Action Taken: No Action Taken.

Tue May 31 22:39:25 2005 => ***** Scanning complete. *****

Tue May 31 22:39:25 2005 => Total Objects Scanned: 5331
Tue May 31 22:39:25 2005 => Total Virus(es) Found: 31
Tue May 31 22:39:25 2005 => Total Disinfected Files: 0
Tue May 31 22:39:25 2005 => Total Files Renamed: 0
Tue May 31 22:39:25 2005 => Total Deleted Objects: 0
Tue May 31 22:39:25 2005 => Total Errors: 8
Tue May 31 22:39:25 2005 => Time Elapsed: 00:05:54
Tue May 31 22:39:25 2005 => Virus Database Date: 2005/04/25
Tue May 31 22:39:25 2005 => Virus Database Count: 127328
Geändert von york (04.06.2005 um 20:02 Uhr)

Alt 04.06.2005, 20:03   #17
york
 
dropper - loch im system???? - Standard

dropper - loch im system????


Teil 2 von 3...

THURSDAY 02.06.2005

System found infected with BookedSpace Spyware/Adware ({a85c4a1b-bd36-44e5-a70f-8ec347d9b24f})! Action taken: No Action Taken.
Thu Jun 02 23:39:47 2005 => File System Found infected by "BookedSpace Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Jun 02 23:39:47 2005 => System found infected with Bargain Buddy Spyware/Adware ({ce188402-6ee7-4022-8868-ab25173a3e14})! Action taken: No Action Taken.
Thu Jun 02 23:39:47 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Jun 02 23:39:47 2005 => System found infected with Bargain Buddy Spyware/Adware ({f4e04583-354e-4076-be7d-ed6a80fd66da})! Action taken: No Action Taken.
Thu Jun 02 23:39:47 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Jun 02 23:39:47 2005 => Offending value found in HKLM\Software\myway !!!
Thu Jun 02 23:39:47 2005 => System found infected with myway Spyware/Adware! Action taken: No Action Taken.
Thu Jun 02 23:39:47 2005 => File System Found infected by "myway Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Jun 02 23:39:47 2005 => Offending value found in HKLM\Software\bookedspace !!!
Thu Jun 02 23:39:47 2005 => System found infected with bookedspace Spyware/Adware! Action taken: No Action Taken.
Thu Jun 02 23:39:47 2005 => File System Found infected by "bookedspace Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Jun 02 23:40:06 2005 => ***** Scanning complete. *****

Thu Jun 02 23:40:06 2005 => Total Objects Scanned: 862
Thu Jun 02 23:40:06 2005 => Total Virus(es) Found: 5
Thu Jun 02 23:40:06 2005 => Total Disinfected Files: 0
Thu Jun 02 23:40:06 2005 => Total Files Renamed: 0
Thu Jun 02 23:40:06 2005 => Total Deleted Objects: 0
Thu Jun 02 23:40:06 2005 => Total Errors: 0
Thu Jun 02 23:40:06 2005 => Time Elapsed: 00:01:09
Thu Jun 02 23:40:06 2005 => Virus Database Date: 2005/04/25
Thu Jun 02 23:40:06 2005 => Virus Database Count: 127328

Thu Jun 02 23:40:06 2005 => Scan Completed.


SATURDAY 04.06.2005

Sat Jun 04 19:34:54 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Sat Jun 04 19:34:54 2005 => System found infected with BookedSpace Spyware/Adware ({a85c4a1b-bd36-44e5-a70f-8ec347d9b24f})! Action taken: No Action Taken.
Sat Jun 04 19:34:54 2005 => Object "BookedSpace Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jun 04 19:34:54 2005 => System found infected with Bargain Buddy Spyware/Adware ({ce188402-6ee7-4022-8868-ab25173a3e14})! Action taken: No Action Taken.
Sat Jun 04 19:34:54 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jun 04 19:34:54 2005 => System found infected with Bargain Buddy Spyware/Adware ({f4e04583-354e-4076-be7d-ed6a80fd66da})! Action taken: No Action Taken.
Sat Jun 04 19:34:54 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jun 04 19:34:58 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!!
Sat Jun 04 19:34:58 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jun 04 19:34:58 2005 => Offending value found in HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\TopText iLookup !!!
Sat Jun 04 19:34:58 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jun 04 19:34:59 2005 => Offending value found in HKLM\Software\myway !!!
Sat Jun 04 19:34:59 2005 => Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jun 04 19:35:01 2005 => Offending value found in HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\addestroyer !!!
Sat Jun 04 19:35:01 2005 => Object "AdDestroyer Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jun 04 19:35:01 2005 => Offending value found in HKLM\Software\bookedspace !!!
Sat Jun 04 19:35:01 2005 => Object "BookedSpace Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jun 04 19:35:02 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\MediaLoads Enhanced !!!
Sat Jun 04 19:35:02 2005 => Object "MediaLoads Enhanced Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jun 04 19:35:17 2005 => System found infected with farmmext Spyware/Adware (farmmext.ini)! Action taken: No Action Taken.
Sat Jun 04 19:35:17 2005 => Object "farmmext Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jun 04 19:35:17 2005 => System found infected with farmmext Spyware/Adware (farmmext.inf)! Action taken: No Action Taken.
Sat Jun 04 19:35:17 2005 => Object "farmmext Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jun 04 19:35:29 2005 => ***** Scanning complete. *****

Sat Jun 04 19:35:29 2005 => Total Objects Scanned: 11931
Sat Jun 04 19:35:29 2005 => Total Virus(es) Found: 13
Sat Jun 04 19:35:29 2005 => Total Disinfected Files: 0
Sat Jun 04 19:35:29 2005 => Total Files Renamed: 0
Sat Jun 04 19:35:29 2005 => Total Deleted Objects: 0
Sat Jun 04 19:35:29 2005 => Total Errors: 70
Sat Jun 04 19:35:29 2005 => Time Elapsed: 00:01:31
Sat Jun 04 19:35:29 2005 => Virus Database Date: 2005/05/29
Sat Jun 04 19:35:29 2005 => Virus Database Count: 132253

Sat Jun 04 19:35:29 2005 => Scan Completed.
__________________
Alt 04.06.2005, 20:04   #18
york
 
dropper - loch im system???? - Standard

dropper - loch im system????


teil 3 von 3.... vielen dank...

y.


Virus Log Information vom 04.06.2005

File C:\WINDOWS\cfgmgr51.dll tagged as "not-a-virus:AdWare.BookedSpace.e". Action Taken: No Action Taken.
File C:\WINDOWS\System32\psoft1.exe tagged as "not-a-virus:AdWare.Pacer.f". Action Taken: No Action Taken.
Object "BookedSpace Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AdDestroyer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BookedSpace Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MediaLoads Enhanced Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "farmmext Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "farmmext Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HbInstIE.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstallationsAssistent.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\York\LOKALE~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USWebUncoated.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\AppleRGB.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\ColorMatchRGB.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\EuroscaleCoated.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\EuroscaleUncoated.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\JapanStandard.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\sRGB Color Space Profile.icm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USSheetfedCoated.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USSheetfedUncoated.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USWebCoatedSWOP.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\AdobeRGB1998.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\WideGamutRGB.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\NTSC1953.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\PAL_SECAM.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\SMPTE-C.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\CIERGB.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\Photoshop5DefaultCMYK.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\Photoshop4DefaultCMYK.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstallationsAssistent.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HbInstIE.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Shell\psicon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{22B9A67D-E689-44B6-B775-0E8FE84B4F9B}" refers to invalid object "C:\WINDOWS\system32\hfadygd.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{29FF67FF-8050-480f-9F30-CC41635F2F9D}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}" refers to invalid object "C:\WINDOWS\system32\PopOops2.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{43918f8f-f3be-4760-b4bb-6c89d9d91487}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{44b09a5f-5dee-4539-8001-d4b2d45c2876}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{63CCB35F-4B6C-11D2-BA18-00A024BF101B}" refers to invalid object "C:\Programme\Canon\PhotoRecord\OpPrintCom\OpPrintCom.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6b177e4f-2743-4a6d-8f31-d2efa4636bee}" refers to invalid object "C:\WINDOWS\system32\qqark.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{70B51430-B6CA-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{73381E35-92F2-B604-12D0-26B9BA6ACAEE}" refers to invalid object "C:\WINDOWS\System32\vrggv\atgvdxr.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8298d101-f992-43b7-8eca-5052d885b995}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8C875948-9C60-4381-9248-0DF180542D53}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HbInstIE.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{96632d1e-f3eb-4f54-ba79-9969692db659}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbuiwinamp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F}" refers to invalid object "C:\WINDOWS\bs3.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A9E69612-B80D-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}" refers to invalid object "C:\WINDOWS\System32\nvms.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B5DEAC82-1997-4EE0-8C8A-1C2DCCE145B0}" refers to invalid object "C:\WINDOWS\system32\qslos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B6E2506C-3B9C-5B43-3671-A098AB5402C4}" refers to invalid object "C:\WINDOWS\System32\yndal\fvyqadsv.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}" refers to invalid object "C:\WINDOWS\System32\mscb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D0E02707-7B4A-3104-AFED-807117DD1052}" refers to invalid object "C:\WINDOWS\System32\oaxdeg\wqnko.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D2C9BFF8-DD93-483C-AFCB-3F910EB3AF9D}" refers to invalid object "C:\WINDOWS\system32\Kceji.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{d4387178-98ca-4929-b8e3-a11cd2f333a6}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}" refers to invalid object "C:\WINDOWS\system32\SWLAD1.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F0BC061F-DAF9-4533-8011-53BCB4C10307}" refers to invalid object "C:\WINDOWS\DOWNLO~1\INSTAL~1.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}" refers to invalid object "C:\WINDOWS\System32\msbe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{f612954d-3b0b-4c56-9563-227b7be624b4}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{fba38bcf-e23d-4979-811e-1326bbadb8c8}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlApple.CddbFullName.1" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlApple.FullName" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\MakeCab.DirectSoundFXGarglePage.3" refers to invalid object "{527CCD03-918D-43D1-0A47-7570B345E1E8}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
__________________
Alt 05.06.2005, 00:00   #19
york
 
dropper - loch im system???? - Standard

dropper - loch im system????


hallo alle zusammen,

da cronos derzeit nicht mehr online ist - vielleicht kann ein anderer mir bitte helfen.... ich habe probleme mit verschiedenen trojaner und droppern... (siehe erster eintrag) -> hier mein hijackthis logfile... mein log file von escan findet weiter unten(eintrag 16-18)... würde mich freuen, wenn mir einer weiterhelfen könnte... vielen dank an euch alle im vorraus... york

Logfile of HijackThis v1.99.1
Scan saved at 20:11:05, on 02.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe
C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Hcontrol.exe
C:\WINDOWS\system32\WLANSTA.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system\grcprpv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.ex e
C:\Programme\Kodak\KODAK Bildübertragungssoftware\pts.exe
C:\WINDOWS\ATKOSD.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Programme\iPod\bin\iPodService.exe
E:\downloads\hijackthis\HijackThis.exe

O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\system32\hfadygd.dll (file missing)
O2 - BHO: (no name) - {E022E241-CD5D-A89C-E000-1A87C01EC4F0} - C:\WINDOWS\system32\cdapp\qyobofgjhw.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ServiceLayer] C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\Hcontrol.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\System32\psoft1.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.ex e
O4 - Global Startup: KODAK Bildübertragungssoftware.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - h**p://install.sms-bereich.de/InstallationsAssistent.ocx
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe

Antwort
Seite 2 von 2 1 2

Themen zu dropper - loch im system????
antivir, dropper, freue, helfen, mindestens, minute, problem, system, troja, trojaner, täglich, vielen dank, wenige, wenigen, würde


« Unpak32.exe- I-Verbindung gekappt | Wo steckt diese Datei??? »


Ähnliche Themen: dropper - loch im system????


  1. PC lässt sich nicht mehr ausschalten - TR/Dropper.Gen ist im System
    Log-Analyse und Auswertung - 22.05.2015 (2)
  2. System Befall, Dropper & Spy & Atraps etc.
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (5)
  3. Trojaner dropper.gen gelöscht, system nun wieder sicher?
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (6)
  4. Adobe: Loch zu, Loch auf
    Nachrichten - 05.11.2010 (0)
  5. TR/Dropper.Gen und TR/Trash.Gen gefunden - System verseucht?
    Plagegeister aller Art und deren Bekämpfung - 01.10.2010 (3)
  6. Überarbeiteter Patch für Windows 2000 Server soll Loch endlich stopfen
    Nachrichten - 28.04.2010 (0)
  7. TR/Dropper.Gen gelöscht. System jetzt sicher?
    Log-Analyse und Auswertung - 15.02.2010 (8)
  8. TR/Dropper.Gen, System scheint allerdings sauber
    Log-Analyse und Auswertung - 14.01.2010 (3)
  9. Trojaner TR/Dropper.Gen noch auf system vorhanden?
    Log-Analyse und Auswertung - 11.12.2009 (0)
  10. TR/Dropper.Gen auf USB entdeckt - Rootkit im System! Bitte Logfiles checken!
    Log-Analyse und Auswertung - 22.01.2009 (3)
  11. Dropper in "System Volume Info." Verzeichnis - Nicht System Platte
    Plagegeister aller Art und deren Bekämpfung - 26.08.2008 (3)
  12. hilfe bei log-file - rechner pfeift aus dem letzten loch
    Log-Analyse und Auswertung - 19.09.2007 (4)
  13. Trojan.Dropper erkannt & gelöscht - System trotzdem langsam
    Log-Analyse und Auswertung - 10.02.2007 (4)
  14. Application.Adware.NewDotNet.B.Dropper in System Volume Information
    Plagegeister aller Art und deren Bekämpfung - 07.11.2006 (3)
  15. Loch im Internet Explorer
    Alles rund um Windows - 21.07.2005 (0)
  16. Loch im system???? teil2
    Plagegeister aller Art und deren Bekämpfung - 02.06.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema dropper - loch im system???? - Hi cronos, hier die daten von der mwav.log datei - teil 1 von 3 (zu viele daten, muss sie leider aufteilen - sorry)... vielen dank für deine hilfe... grüsse y. - dropper - loch im system????...
Archiv
Du betrachtest: dropper - loch im system???? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131