Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan-Downloader.JS.Iframe.bhy

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.07.2009, 22:35   #1
HyperGumba
 
Trojan-Downloader.JS.Iframe.bhy - Böse

Trojan-Downloader.JS.Iframe.bhy



Hab jetzt mein Kaspersky Internet Security über den PC laufen lassen und es hat sich herausgestellt,dass der Trojaner Trojan-Downloader.JS.Iframe.bhy viele exe und htm (noch n paarmehr) infiziert hat und somit die Ausführung vieler Programme unmöglich gemacht hat. Was kann ich dagegen machen? Soll ich alle infizierten Dateien löschen und alles wieder neu installeren?

Bitte um schnelle Hilfe,da mich ein Abgabetermin am 10.Juli drängt...

Alt 02.07.2009, 22:42   #2
handball10
/// Helfer-Team
 
Trojan-Downloader.JS.Iframe.bhy - Standard

Trojan-Downloader.JS.Iframe.bhy



Hi HyperGumba und

bitte arbeite, damit dir hier geholfen werden kann, folgende Liste ab:
http://www.trojaner-board.de/69886-a...-beachten.html

Poste bitte alle anfallenden Logfiles, sowie das Logfile, dass Kaspersky erstellt hat.

Gruß
Handball10
__________________


Alt 03.07.2009, 14:54   #3
HyperGumba
 
Trojan-Downloader.JS.Iframe.bhy - Böse

Trojan-Downloader.JS.Iframe.bhy



Ich bin soweit gekommen,dass ich mit dem CCleaner alle Schritte durchgeführt habe und mit dem Anti Malware prog alles entfernt habe,sowie ein Logfile erstellt habe. Aber als ich zur endgültigen Säuberung den PC neustarten musste,hat er sich aufgehängt und ich musste ihn resetten. Jetzt kann ich Vista nicht mehr hochfaren,weder normal,noch abgesichert oder sonst was...das einzige was beim Hochfahren passiert ist dass meine Systemfestplatte untersucht wird und bei 60% hängt es sich immer auf...wenn ich die Untersuchung überspringe kommt nur ne Abbruchmeldung und dann tut sich auch nichts mehr...ich bin absolut ratlos...das einzige was mir in den Sinn kommt ist Vista neu zu installieren,aber es erscheint mir auch nicht optimal...
Was kann ich noch tun?
__________________

Alt 03.07.2009, 15:09   #4
HyperGumba
 
Trojan-Downloader.JS.Iframe.bhy - Icon22

Trojan-Downloader.JS.Iframe.bhy



Sorry für den Doppelpost,aber ich habe es jetzt irgendwie geschafft,den Rechner im abgesicherten Modus zu starten...

Hier schon mal das Logfile,dass ich ja jezt posten kann:

"
Malwarebytes' Anti-Malware 1.38
Datenbank Version: 2365
Windows 6.0.6001 Service Pack 1

03.07.2009 13:01:21
mbam-log-2009-07-03 (13-01-21).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|G:\|X:\|)
Durchsuchte Objekte: 125608
Laufzeit: 5 hour(s), 8 minute(s), 55 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\imeshmediabar.stockbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6c380604-92b2-4633-becb-bde03fa45980} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4481c34a-10df-4c96-92a6-0ef31b6b95d6} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f9c23cd1-6da9-4e0b-8367-c6f9f1f78baf} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\imeshmediabar.stockbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
X:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.

"

Das ist aber noch nicht alles,da ich den Scan nach mehr als 5 Stunden abbrechen musste. Ich hoffe daraus kann schon mal etwas entnommen werden. Ich mache solange mit den Methoden zur Bekämpfung weiter...

Alt 03.07.2009, 16:32   #5
HyperGumba
 
Trojan-Downloader.JS.Iframe.bhy - Lächeln

Trojan-Downloader.JS.Iframe.bhy



Kann man Beiträge nicht irgendwie editieren? Ich finde keinen Button zum Bearbeiten,also Triplepost

Jedenfalls hab ich den Rest vom Malware Scanner zusammengetragen:

"Malwarebytes' Anti-Malware 1.38
Datenbank Version: 2365
Windows 6.0.6001 Service Pack 1

03.07.2009 16:27:30
mbam-log-2009-07-03 (16-27-29).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|G:\|X:\|)
Durchsuchte Objekte: 609771
Laufzeit: 1 hour(s), 15 minute(s), 25 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 28
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 11
Infizierte Dateien: 32

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\TypeLib\{03d7ff6e-9781-40b5-bb7f-94291a361604} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3ceb04ab-08af-45f4-81b4-70d13c1f7b85} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a7213d71-47e1-4832-92d7-d61dfe9f231f} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf82f350-e1c4-4916-ac12-ba73db60afb7} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{abec1835-3181-4abd-8dde-875aec4df6d2} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0af9a087-0cbf-46b2-9dc9-52d0d16b5ab6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{89085678-632d-4deb-bda0-cd912c63203e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3788e535-897b-463d-b6d6-fee5b86ec144} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3788e535-897b-463d-b6d6-fee5b86ec144} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d3f940ea-4e87-423b-9091-934e1e4fceae} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d3f940ea-4e87-423b-9091-934e1e4fceae} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\zango (Adware.180Solutions) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zangosa (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
X:\Program Files\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0 (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\firefox (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\firefox\extensions (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\firefox\extensions\components (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\firefox\extensions\plugins (Adware.180Solutions) -> Quarantined and deleted successfully.
X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
X:\ProgramData\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
X:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
x:\Users\Hyper Gumba\AppData\Roaming\Zango (Adware.Zango) -> Delete on reboot.

Infizierte Dateien:
x:\program files\e2eSoft\VCam\styles\Vista.cjstyles (Trojan.Agent) -> Quarantined and deleted successfully.
x:\Users\hyper gumba\downloads\Setup(3).exe (Adware.Zango) -> Quarantined and deleted successfully.
x:\Windows\System32\keygen.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\arrow.ico (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\copyright.txt (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\link.ico (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\Srv.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\Wallpaper.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\WeSkin.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\ZangoSA.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\ZangoSAAX.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\ZangoSADF.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\ZangoSAHook.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\ZangoUninstaller.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\firefox\extensions\chrome.manifest (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\firefox\extensions\install.rdf (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\firefox\extensions\components\npclntax.xpt (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\program files\Zango\bin\10.3.84.0\firefox\extensions\plugins\npclntax_ZangoSA.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\programdata\microsoft\Windows\start menu\Programs\Zango\Reset Cursor.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\programdata\microsoft\Windows\start menu\Programs\Zango\Weather.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Customer Support Center.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Games!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Library.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Screensavers!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Uninstall Instructions.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Videos!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
x:\programdata\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
x:\programdata\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
x:\programdata\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
x:\programdata\ZangoSA\ZangoSAEULA.mht (Adware.Zango) -> Quarantined and deleted successfully.
x:\programdata\ZangoSA\ZangoSA_hpk.dat (Adware.Zango) -> Quarantined and deleted successfully.
x:\programdata\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully."

Jetzt gehe ich zur letzten Methode über...

EDIT(jetzt hab ichs gefunden^^):

HJT-Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:53, on 03.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Safe mode with network support

Running processes:
X:\Windows\Explorer.EXE
E:\Programme\Mozilla Firefox\firefox.exe
X:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://search.bearshare.com/de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - X:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - X:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - X:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - X:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - X:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - X:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - X:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - X:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - X:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - X:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - X:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - X:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - X:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - X:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - X:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - X:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - X:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - X:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - X:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVP] "X:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [KMConfig] "X:\Program Files\Multimedia Keyboard Driver\V5\StartAutorun.exe" KMConfig.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "X:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "X:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "X:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "X:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [fssui] "X:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "X:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "X:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE X:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE X:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Monitor] X:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "X:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "X:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "X:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] X:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] X:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [ Malwarebytes Anti-Malware  (reboot)] "X:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "X:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spark] X:\Program Files\Spark\Spark.exe
O4 - HKCU\..\Run: [WMPNSCFG] X:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] X:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://X:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://X:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://X:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://X:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - X:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - X:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - X:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - X:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - X:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - X:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: X:\PROGRA~2\KASPER~1\KASPER~1.0\r3hook.dll,X:\PROGRA~2\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - X:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - X:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - X:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - X:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - X:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - X:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gupdate1c9ede1898a5a60 - Google Inc. - X:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - X:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - X:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - X:\Program Files\Multimedia Keyboard Driver\V5\KMWDSrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - X:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - X:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - X:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - X:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10138 bytes
         
Bin mir aber nichts sicher,was alles gefixt wird^^"
Wäre nett wenn mir n Experte dabei unter die Arme greifen würde ^^"


Geändert von HyperGumba (03.07.2009 um 16:59 Uhr) Grund: was hinzufügen

Antwort

Themen zu Trojan-Downloader.JS.Iframe.bhy
ausführung, dateien, exe, infiziert, infizierte, infizierten, inter, interne, internet, internet security, kaspersky, laufe, laufen, löschen, neu, programme, schnelle, schnelle hilfe, security, troja, trojaner, unmöglich



Ähnliche Themen: Trojan-Downloader.JS.Iframe.bhy


  1. Trojaner auf alter CD (Trojan.JS.Iframe.AGG)
    Log-Analyse und Auswertung - 07.07.2015 (6)
  2. Trojaner auf Webseite / Trojan-Downloader.JS.Iframe.dfe
    Plagegeister aller Art und deren Bekämpfung - 10.10.2013 (3)
  3. trojan-downloader.js.iframe.deb auf Website
    Plagegeister aller Art und deren Bekämpfung - 09.06.2013 (9)
  4. JS:Trojan.JS.Iframe.DH (Virus)
    Log-Analyse und Auswertung - 05.05.2013 (34)
  5. Trojan-Downloader.JS.Iframe.czd auf unserer Firmen-Homepage
    Plagegeister aller Art und deren Bekämpfung - 08.02.2013 (19)
  6. Fund: Trojan:JS/iframe.BT
    Log-Analyse und Auswertung - 28.01.2013 (15)
  7. JS/TrojanDownloader.Iframe.NKE trojan
    Log-Analyse und Auswertung - 23.10.2012 (15)
  8. Trojan.JS.Iframe.BY auf PC gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (28)
  9. JS/TrojanDownloader.Iframe.NKE trojan/HTML/Fraud.BG trojan
    Log-Analyse und Auswertung - 30.09.2012 (3)
  10. Trojan.JS.Iframe.BDJ
    Plagegeister aller Art und deren Bekämpfung - 14.04.2012 (5)
  11. Trojan-Downloader.JS.Iframe.cqj
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (0)
  12. Trojan-Downloader.JS.Iframe.bcl auf Homepage
    Plagegeister aller Art und deren Bekämpfung - 29.09.2009 (1)
  13. IFrame Trojan
    Mülltonne - 05.11.2008 (0)
  14. auf meiner Hp: Trojan-Downloader.HTML.IFrame.ds...und was nun??
    Plagegeister aller Art und deren Bekämpfung - 12.05.2008 (12)
  15. Trojan-Clicker.HTML.IFrame.ob ???
    Log-Analyse und Auswertung - 21.04.2008 (1)
  16. Trojan-Clicker.HTML.IFrame.h
    Log-Analyse und Auswertung - 01.08.2006 (1)
  17. HILFEEEE!!!trojan-downloader-ruin, trojan-downloader-wareout
    Log-Analyse und Auswertung - 16.09.2005 (1)

Zum Thema Trojan-Downloader.JS.Iframe.bhy - Hab jetzt mein Kaspersky Internet Security über den PC laufen lassen und es hat sich herausgestellt,dass der Trojaner Trojan-Downloader.JS.Iframe.bhy viele exe und htm (noch n paarmehr) infiziert hat und somit - Trojan-Downloader.JS.Iframe.bhy...
Archiv
Du betrachtest: Trojan-Downloader.JS.Iframe.bhy auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.