|
Plagegeister aller Art und deren Bekämpfung: Trojan-Downloader.JS.Iframe.bhyWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.07.2009, 21:35 | #1 |
| Trojan-Downloader.JS.Iframe.bhy Hab jetzt mein Kaspersky Internet Security über den PC laufen lassen und es hat sich herausgestellt,dass der Trojaner Trojan-Downloader.JS.Iframe.bhy viele exe und htm (noch n paarmehr) infiziert hat und somit die Ausführung vieler Programme unmöglich gemacht hat. Was kann ich dagegen machen? Soll ich alle infizierten Dateien löschen und alles wieder neu installeren? Bitte um schnelle Hilfe,da mich ein Abgabetermin am 10.Juli drängt... |
02.07.2009, 21:42 | #2 |
/// Helfer-Team | Trojan-Downloader.JS.Iframe.bhy Hi HyperGumba und
__________________bitte arbeite, damit dir hier geholfen werden kann, folgende Liste ab: http://www.trojaner-board.de/69886-a...-beachten.html Poste bitte alle anfallenden Logfiles, sowie das Logfile, dass Kaspersky erstellt hat. Gruß Handball10 |
03.07.2009, 13:54 | #3 |
| Trojan-Downloader.JS.Iframe.bhy Ich bin soweit gekommen,dass ich mit dem CCleaner alle Schritte durchgeführt habe und mit dem Anti Malware prog alles entfernt habe,sowie ein Logfile erstellt habe. Aber als ich zur endgültigen Säuberung den PC neustarten musste,hat er sich aufgehängt und ich musste ihn resetten. Jetzt kann ich Vista nicht mehr hochfaren,weder normal,noch abgesichert oder sonst was...das einzige was beim Hochfahren passiert ist dass meine Systemfestplatte untersucht wird und bei 60% hängt es sich immer auf...wenn ich die Untersuchung überspringe kommt nur ne Abbruchmeldung und dann tut sich auch nichts mehr...ich bin absolut ratlos...das einzige was mir in den Sinn kommt ist Vista neu zu installieren,aber es erscheint mir auch nicht optimal...
__________________Was kann ich noch tun? |
03.07.2009, 14:09 | #4 |
| Trojan-Downloader.JS.Iframe.bhy Sorry für den Doppelpost,aber ich habe es jetzt irgendwie geschafft,den Rechner im abgesicherten Modus zu starten... Hier schon mal das Logfile,dass ich ja jezt posten kann: " Malwarebytes' Anti-Malware 1.38 Datenbank Version: 2365 Windows 6.0.6001 Service Pack 1 03.07.2009 13:01:21 mbam-log-2009-07-03 (13-01-21).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|G:\|X:\|) Durchsuchte Objekte: 125608 Laufzeit: 5 hour(s), 8 minute(s), 55 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 8 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\imeshmediabar.stockbar (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{6c380604-92b2-4633-becb-bde03fa45980} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4481c34a-10df-4c96-92a6-0ef31b6b95d6} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f9c23cd1-6da9-4e0b-8367-c6f9f1f78baf} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\imeshmediabar.stockbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: X:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll (Adware.SoftMate) -> Quarantined and deleted successfully. d:\WINDOWS\system32\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully. " Das ist aber noch nicht alles,da ich den Scan nach mehr als 5 Stunden abbrechen musste. Ich hoffe daraus kann schon mal etwas entnommen werden. Ich mache solange mit den Methoden zur Bekämpfung weiter... |
03.07.2009, 15:32 | #5 |
| Trojan-Downloader.JS.Iframe.bhy Kann man Beiträge nicht irgendwie editieren? Ich finde keinen Button zum Bearbeiten,also Triplepost Jedenfalls hab ich den Rest vom Malware Scanner zusammengetragen: "Malwarebytes' Anti-Malware 1.38 Datenbank Version: 2365 Windows 6.0.6001 Service Pack 1 03.07.2009 16:27:30 mbam-log-2009-07-03 (16-27-29).txt Scan-Methode: Vollständiger Scan (C:\|E:\|G:\|X:\|) Durchsuchte Objekte: 609771 Laufzeit: 1 hour(s), 15 minute(s), 25 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 28 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 11 Infizierte Dateien: 32 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\TypeLib\{03d7ff6e-9781-40b5-bb7f-94291a361604} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3ceb04ab-08af-45f4-81b4-70d13c1f7b85} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a7213d71-47e1-4832-92d7-d61dfe9f231f} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf82f350-e1c4-4916-ac12-ba73db60afb7} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{abec1835-3181-4abd-8dde-875aec4df6d2} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0af9a087-0cbf-46b2-9dc9-52d0d16b5ab6} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{89085678-632d-4deb-bda0-cd912c63203e} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3788e535-897b-463d-b6d6-fee5b86ec144} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3788e535-897b-463d-b6d6-fee5b86ec144} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d3f940ea-4e87-423b-9091-934e1e4fceae} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d3f940ea-4e87-423b-9091-934e1e4fceae} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\zango (Adware.180Solutions) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zangosa (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: X:\Program Files\Zango (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0 (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\firefox (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\firefox\extensions (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\firefox\extensions\components (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\firefox\extensions\plugins (Adware.180Solutions) -> Quarantined and deleted successfully. X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango (Adware.180Solutions) -> Quarantined and deleted successfully. X:\ProgramData\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully. X:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully. x:\Users\Hyper Gumba\AppData\Roaming\Zango (Adware.Zango) -> Delete on reboot. Infizierte Dateien: x:\program files\e2eSoft\VCam\styles\Vista.cjstyles (Trojan.Agent) -> Quarantined and deleted successfully. x:\Users\hyper gumba\downloads\Setup(3).exe (Adware.Zango) -> Quarantined and deleted successfully. x:\Windows\System32\keygen.exe (Trojan.Dropper) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\arrow.ico (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\copyright.txt (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\link.ico (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\Srv.exe (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\Wallpaper.dll (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\WeSkin.dll (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\ZangoSA.exe (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\ZangoSAAX.dll (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\ZangoSADF.exe (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\ZangoSAHook.dll (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\ZangoUninstaller.exe (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\firefox\extensions\chrome.manifest (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\firefox\extensions\install.rdf (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\firefox\extensions\components\npclntax.xpt (Adware.180Solutions) -> Quarantined and deleted successfully. x:\program files\Zango\bin\10.3.84.0\firefox\extensions\plugins\npclntax_ZangoSA.dll (Adware.180Solutions) -> Quarantined and deleted successfully. x:\programdata\microsoft\Windows\start menu\Programs\Zango\Reset Cursor.lnk (Adware.180Solutions) -> Quarantined and deleted successfully. x:\programdata\microsoft\Windows\start menu\Programs\Zango\Weather.lnk (Adware.180Solutions) -> Quarantined and deleted successfully. x:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Customer Support Center.lnk (Adware.180Solutions) -> Quarantined and deleted successfully. x:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Games!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully. x:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Library.lnk (Adware.180Solutions) -> Quarantined and deleted successfully. x:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Screensavers!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully. x:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Uninstall Instructions.lnk (Adware.180Solutions) -> Quarantined and deleted successfully. x:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Videos!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully. x:\programdata\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully. x:\programdata\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully. x:\programdata\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully. x:\programdata\ZangoSA\ZangoSAEULA.mht (Adware.Zango) -> Quarantined and deleted successfully. x:\programdata\ZangoSA\ZangoSA_hpk.dat (Adware.Zango) -> Quarantined and deleted successfully. x:\programdata\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully." Jetzt gehe ich zur letzten Methode über... EDIT(jetzt hab ichs gefunden^^): HJT-Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:47:53, on 03.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Safe mode with network support Running processes: X:\Windows\Explorer.EXE E:\Programme\Mozilla Firefox\firefox.exe X:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://search.bearshare.com/de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - X:\Program Files\ICQ6Toolbar\ICQToolBar.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - X:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - X:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - X:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - X:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - X:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - X:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - X:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - X:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - X:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - X:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - X:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - X:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - X:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - X:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - X:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - X:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - X:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - X:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVP] "X:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [KMConfig] "X:\Program Files\Multimedia Keyboard Driver\V5\StartAutorun.exe" KMConfig.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "X:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "X:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [QuickTime Task] "X:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "X:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [fssui] "X:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "X:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "X:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE X:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE X:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Monitor] X:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "X:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "X:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "X:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0ENQBO] X:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] X:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [ Malwarebytes Anti-Malware (reboot)] "X:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [msnmsgr] "X:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Spark] X:\Program Files\Spark\Spark.exe O4 - HKCU\..\Run: [WMPNSCFG] X:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] X:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://X:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://X:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://X:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://X:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - X:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - X:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - X:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - X:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - X:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - X:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: X:\PROGRA~2\KASPER~1\KASPER~1.0\r3hook.dll,X:\PROGRA~2\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - X:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Apple Mobile Device - Apple Inc. - X:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - X:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - X:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - X:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - X:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: gupdate1c9ede1898a5a60 - Google Inc. - X:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: ICQ Service - Unknown owner - X:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - X:\Program Files\iPod\bin\iPodService.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - X:\Program Files\Multimedia Keyboard Driver\V5\KMWDSrv.exe O23 - Service: LVCOMSer - Logitech Inc. - X:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - X:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - X:\Windows\system32\nvvsvc.exe O23 - Service: Steam Client Service - Valve Corporation - X:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 10138 bytes Wäre nett wenn mir n Experte dabei unter die Arme greifen würde ^^" Geändert von HyperGumba (03.07.2009 um 15:59 Uhr) Grund: was hinzufügen |
Themen zu Trojan-Downloader.JS.Iframe.bhy |
ausführung, dateien, exe, infiziert, infizierte, infizierten, inter, interne, internet, internet security, kaspersky, laufe, laufen, löschen, neu, programme, schnelle, schnelle hilfe, security, troja, trojaner, unmöglich |