Home > Hijackthis Log > HijackThis Log And JS/Agent.1366 Virus

HijackThis Log And JS/Agent.1366 Virus

Das Problem mit dem Internet bestand allerdings erstmal nach wie vor. If there is some abnormality detected on your computer HijackThis will save them into a logfile. Jetzt ist das Internet allerdings erneut "kaputt". zu löschen. check over here

CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update Mache bitte aber noch diese zwei Scans: 1.) Blacklight scannen lassen Lade F-Secure Blacklight runter in einen eigenen Ordner, z.B. All rights reserved.

Ein paar Tage später hatte ich dann noch den: 'JS/Agent.1366' [virus] und wiederum ein bisschen später den: TR/Patched.CK.56' [trojan] Waren nach einmaligem Löschen wohl weg. Required The image(s) in the solution article did not display properly. Reconnect to the Internet.

Some advise would be very useful.Many thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:37:19, on 06/12/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Service & Support HijackThis.de Supportforum Deutsch | English Forospyware.com (Spanish) www.forospyware.com Malwarecrypt.com www.malwarecrypt.com Computerhilfen www.computerhilfen.com Log file Show the visitors ratings © 2004 - 2017 Create Account How it Works Javascript Disabled Detected You currently have javascript disabled. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\409e7521 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\PY3U71QU\style[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. 0 #4 monkachick Posted 09 December 2008 - 12:32 PM monkachick Member Topic Starter Member 14 posts Logfile of Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE [2008-08-06 447928][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]C:\WINDOWS\ALCMTR.EXE [2007-06-13 69632][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]C:\Program Evtl.Virus oder Trojaner? c:\WINDOWS\system32\muyifufa.dll (Trojan.Vundo) -> Delete on reboot.

The solution is hard to understand and follow. Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe--End of file - 11747 bytes 0 Advertisements #2 fenzodahl512 Posted 09 December 2008 - 05:32 AM fenzodahl512 Malware Removal 9,863 posts Hello, my name is fenzodahl512 and Trojaner? Disable all antivirus/anti-spyware protection.

Hacker Problem ? HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vapalikeje (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\saheloju.dll (Trojan.Vundo.H) -> Delete on reboot. check my blog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\suhokamo.dll -> Quarantined and deleted successfully. noch Problem nach Neuaufsetzen Log-Analyse und Auswertung - 09.10.2008 (1) Winlogon.exe evtl. Please try again.Forgot which address you used before?Forgot your password?

To learn more and to read the lawsuit, click here. Nachwirkungen Problem mit Clickandcompare - Evtl. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. http://exomatik.net/hijackthis-log/hijackthis-log-win32-trojandropper-agent.php Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

Nachwirkungen Hallo, vor einiger Zeit hat bei mir AntiVir angeschlagen und folgende Trojaner angezeigt: 'TR/Silentbanker.I' [trojan] Auch nach mehrmaligem Löschen kam der immer wieder, irgendwann war er dann aber aus dem To see product information, please login again. Everyone else please begin a New Topic.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Archiv Du betrachtest: Problem mit Trojaner - und evtl. Nachwirkungen Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. What was the problem with this solution? Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

Legal Policies and Privacy Sign inCancel You have been logged out. weitere folgen!! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. have a peek at these guys netscape seems fine.

Click Yes to create a default host file.   Video Tutorial Rate this Solution Did this article help you? Even for an advanced computer user. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully. Im Verzeichnis von Blacklight findest Du das erstellte Log fsbl-XXX.log, anstelle der XXX steht eine längere Folge von Ziffern. 2.) Lade dir bitte mbr detector herunter und führe ihn aus.

Include the address of this thread in your request. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. Using the site is easy and fun. Habe hier ein HiJackThis-Log: HTML-Code: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:30:13, on 06.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode:

Die Datei 'C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20\57b210d4-54430d3c' enthielt einen Virus oder unerwünschtes Programm 'EXP/ByteVerify.I' [exploit]. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Please Click Open the Misc Tools section.   Click Open Hosts File Manager.   A "Cannot find the host file" prompt should appear. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\mijejabe.dll -> Quarantined and deleted successfully.