Trojaner-Board - Spyfalcon 2.0 Deinstalliert trotzdem F.meldung

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Spyfalcon 2.0 Deinstalliert trotzdem F.meldung (https://www.trojaner-board.de/28784-spyfalcon-2-0-deinstalliert-trotzdem-f-meldung.html)

hab im abgesicherten modus alle dateien mit dem ordner 1024 gelöscht ausser C:\Fuck\System32\hpCF80.tmp und C:\Fuck\System32\IdB304.tmp die awren nicht vorhanden.....

mad

Hallo,
die beiden müssen auch noch weg, sie wechseln allerdings immerwieder ihren Namen, sind allerdings an den ersten beiden Buchstaben (hp*.tmp, Id*.tmp) und dem Datum zu erkennen. Versuche mal noch ihrer habhaft zu werden.
Poste außerdem noch ein neues HijackThis Log.

Grüße Wildone

Verzeichnis von C:\WINXP\system32

25.04.2006 23:12 57.357 ldB304.tmp
24.04.2006 22:22 7.006 jupdate-1.5.0_06-b05.log
20.04.2006 19:11 100 LuResult.txt
14.04.2006 22:20 34 oeminfo.ini
14.04.2006 10:53 98.304 CmdLineExt.dll
13.04.2006 22:43 2.206 wpa.dbl
06.04.2006 21:48 5.143.456 MRT.exe
06.04.2006 10:54 73.728 asuninst.exe
03.04.2006 10:59 128 xposer.cfg
03.04.2006 10:59 128 asinst.cfg
30.03.2006 11:26 1.492.480 shdocvw.dll
30.03.2006 03:16 18.944 xpsp3res.dll
26.03.2006 14:10 380.350 perfh009.dat
26.03.2006 14:10 52.764 perfc009.dat
26.03.2006 14:10 391.000 perfh007.dat
26.03.2006 14:10 63.580 perfc007.dat
26.03.2006 14:10 897.954 PerfStringBackup.INI
23.03.2006 22:34 3.074.560 mshtml.dll
18.03.2006 13:09 615.424 urlmon.dll
17.03.2006 11:11 679.424 inetcomm.dll
17.03.2006 06:03 8.493.056 shell32.dll
17.03.2006 02:38 28.672 verclsid.exe
14.03.2006 20:24 217.656 FNTCACHE.DAT
10.03.2006 06:09 5.533.696 wmp.dll
04.03.2006 05:34 664.064 wininet.dll
04.03.2006 05:34 474.624 shlwapi.dll
04.03.2006 05:34 532.480 mstime.dll
04.03.2006 05:34 146.432 msrating.dll
04.03.2006 05:34 39.424 pngfilt.dll
04.03.2006 05:34 448.512 mshtmled.dll
04.03.2006 05:34 251.392 iepeers.dll
04.03.2006 05:34 55.808 extmgr.dll
04.03.2006 05:34 205.312 dxtrans.dll
04.03.2006 05:34 1.056.256 danim.dll
04.03.2006 05:34 96.768 inseng.dll
04.03.2006 05:34 152.064 cdfview.dll
04.03.2006 05:34 1.022.976 browseui.dll

Hallo,
der hier:
25.04.2006 23:12 57.357 ldB304.tmp
ist ja immernoch da, und du solltest mir nochmal das HijackThis Log posten, nicht das der Datfind.bat

Grüße Wildone

# 1 [Delete on Reboot]
Path = hp5C41.tmp

# 2 [Delete on Reboot]
Path = hp5C41.tmp

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 12:50:01 AM
# 3 [Delete on Reboot]
Path = hp5C41.tmp

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 12:50:33 AM
# 4 [Delete on Reboot]
Path = hp5C41.tmp

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 12:50:59 AM
# 5 [Delete on Reboot]
Path = simpole.tlb

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 12:51:22 AM
# 6 [Delete on Reboot]
Path = stdole3.tlb

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 12:51:58 AM
# 7 [Delete on Reboot]
Path = ot.ico

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 12:52:22 AM
# 8 [Delete on Reboot]
Path = ts.ico

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 12:52:40 AM
# 9 [Delete on Reboot]
Path = ncompat.tlb

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 12:53:00 AM
# 10 [Delete on Reboot]
Path = ldB304.tmp

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 12:53:28 AM
# 11 [Delete on Reboot]
Path = dfrgsrv.exe

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 12:53:46 AM
Killbox Closed(Exit) @ 12:56:00 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Admin(Administrator)
was started @ Donnerstag, April 27, 2006, 5:21 PM

# 1 [Delete on Reboot]
Path = C:\Fuck\System32\asfiles.txt

# 2 [Delete on Reboot]
Path = C:\Fuck\System32\Uninstall.ico

# 3 [Delete on Reboot]
Path = C:\Fuck\System32\Help.ico

# 4 [Delete on Reboot]
Path = C:\Fuck\System32\pavas.ico

# 5 [Delete on Reboot]
Path = C:\Fuck\System32\stdole3.tlb

# 6 [Delete on Reboot]
Path = C:\Fuck\System32\simpole.tlb

# 7 [Delete on Reboot]
Path = hpCF80.tmp

# 8 [Delete on Reboot]
Path = C:\Fuck\System32\hpCF80.tmp

# 9 [Delete on Reboot]
Path = C:\Fuck\System32\simpole.tlb

# 10 [Delete on Reboot]
Path = C:\Fuck\System32\ot.ico

# 11 [Delete on Reboot]
Path = C:\Fuck\System32\ts.ico

# 12 [Delete on Reboot]
Path = C:\Fuck\System32\ncompat.tlb

# 13 [Delete on Reboot]
Path = C:\Fuck\System32\IdB304.tmp

# 14 [Delete on Reboot]
Path = C:\Fuck\System32\dcomcfg.exe

# 15 [Delete on Reboot]
Path = C:\Fuck\System32\dfrgsrv.exe

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:30:20 PM
Killbox Closed(Exit) @ 5:30:53 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Admin(Administrator)
was started @ Donnerstag, April 27, 2006, 5:41 PM

Killbox Closed(Exit) @ 5:54:41 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Admin(Administrator)
was started @ Donnerstag, April 27, 2006, 9:22 PM

# 1 [Delete on Reboot]
Path = C:\Fuck\System32\asfiles.txt

# 2 [Delete on Reboot]
Path = C:\Fuck\System32\Uninstall.ico

# 3 [Delete on Reboot]
Path = C:\Fuck\System32\Help.ico

# 4 [Delete on Reboot]
Path = C:\Fuck\System32\pavas.ico

# 5 [Delete on Reboot]
Path = C:\Fuck\System32\stdole3.tlb

# 6 [Delete on Reboot]
Path = C:\Fuck\System32\simpole.tlb

# 7 [Delete on Reboot]
Path = C:\Fuck\System32\hpCF80.tmp

# 8 [Delete on Reboot]
Path = C:\Fuck\System32\ot.ico

# 9 [Delete on Reboot]
Path = C:\Fuck\System32\ts.ico

# 10 [Delete on Reboot]
Path = C:\Fuck\System32\ncompat.tlb

# 11 [Delete on Reboot]
Path = C:\Fuck\System32\IdB304.tmp

# 12 [Delete on Reboot]
Path = C:\Fuck\System32\dcomcfg.exe

# 13 [Delete on Reboot]
Path = C:\Fuck\System32\dfrgsrv.exe

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 9:25:49 PM
Killbox Closed(Exit) @ 9:25:58 PM
__________________________________________________

Verzeichnis von C:\WINXP\system32

24.04.2006 22:22 7.006 jupdate-1.5.0_06-b05.log
20.04.2006 19:11 100 LuResult.txt
14.04.2006 22:20 34 oeminfo.ini
14.04.2006 10:53 98.304 CmdLineExt.dll
13.04.2006 22:43 2.206 wpa.dbl
06.04.2006 21:48 5.143.456 MRT.exe
06.04.2006 10:54 73.728 asuninst.exe
03.04.2006 10:59 128 xposer.cfg
03.04.2006 10:59 128 asinst.cfg
30.03.2006 11:26 1.492.480 shdocvw.dll
30.03.2006 03:16 18.944 xpsp3res.dll
26.03.2006 14:10 380.350 perfh009.dat
26.03.2006 14:10 52.764 perfc009.dat
26.03.2006 14:10 391.000 perfh007.dat
26.03.2006 14:10 63.580 perfc007.dat
26.03.2006 14:10 897.954 PerfStringBackup.INI
23.03.2006 22:34 3.074.560 mshtml.dll
18.03.2006 13:09 615.424 urlmon.dll
17.03.2006 11:11 679.424 inetcomm.dll
17.03.2006 06:03 8.493.056 shell32.dll
17.03.2006 02:38 28.672 verclsid.exe
14.03.2006 20:24 217.656 FNTCACHE.DAT
10.03.2006 06:09 5.533.696 wmp.dll
04.03.2006 05:34 664.064 wininet.dll
04.03.2006 05:34 474.624 shlwapi.dll
04.03.2006 05:34 448.512 mshtmled.dll
04.03.2006 05:34 146.432 msrating.dll
04.03.2006 05:34 39.424 pngfilt.dll
04.03.2006 05:34 532.480 mstime.dll
04.03.2006 05:34 251.392 iepeers.dll
04.03.2006 05:34 1.056.256 danim.dll
04.03.2006 05:34 55.808 extmgr.dll
04.03.2006 05:34 96.768 inseng.dll
04.03.2006 05:34 205.312 dxtrans.dll
04.03.2006 05:34 1.022.976 browseui.dll
04.03.2006 05:34 152.064 cdfview.dll
20.02.2006 15:26 45 initdebug.nfo
15.02.2006 17:26 161.472 SymRedir.dll

Wie ich schon in einem anderem Thema dazu was geschrieben habe ist hier mal meine auswertung von der exe

Antivirus Version Update Result
AntiVir 6.34.0.24 04.20.2006 no virus found
Avast 4.6.695.0 04.28.2006 no virus found
AVG 386 04.28.2006 no virus found
Avira 6.34.1.58 04.28.2006 no virus found
BitDefender 7.2 04.29.2006 Generic.Malware.Ssp.2F518A03
CAT-QuickHeal 8.00 04.28.2006 (Suspicious) - DNAScan
ClamAV devel-20060202 04.27.2006 no virus found
DrWeb 4.33 04.29.2006 Trojan.Popuper
eTrust-InoculateIT 23.71.142 04.29.2006 no virus found
eTrust-Vet 12.4.2184 04.28.2006 no virus found
Ewido 3.5 04.29.2006 no virus found
Fortinet 2.71.0.0 04.29.2006 W32/Scano.E@mm
F-Prot 3.16c 04.29.2006 no virus found
Ikarus 0.2.59.0 04.29.2006 no virus found
Kaspersky 4.0.2.24 04.29.2006 no virus found
McAfee 4751 04.28.2006 no virus found
Microsoft 1.1372 04.29.2006 no virus found
NOD32v2 1.1512 04.28.2006 no virus found
Norman 5.90.17 04.28.2006 W32/Malware
Panda 9.0.0.4 04.28.2006 Suspicious file
Sophos 4.05.0 04.28.2006 no virus found
Symantec 8.0 04.29.2006 no virus found
TheHacker 5.9.7.136 04.29.2006 no virus found
UNA 1.83 04.28.2006 no virus found
VBA32 3.11.0 04.28.2006 no virus found