Home > Hijackthis Log > HijackThis Log And JS/Agent.1366 Virus

HijackThis Log And JS/Agent.1366 Virus

IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F997ACBD-1292-4c74-B96B-83BA5665E260}]Online Assistant - C:\Program Files\American Express Mülltonne - 11.09.2006 (1) evtl. The video did not play properly. c:\WINDOWS\system32\muyifufa.dll (Trojan.Vundo) -> Delete on reboot. have a peek here

c:\WINDOWS\system32\muyifufa.dll (Trojan.Vundo) -> Delete on reboot. Click on the brand model to check the compatibility. Some advise would be very useful.Many thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:37:19, on 06/12/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. Download and run HijackThis To download and run HijackThis, follow the steps below:   Click the Download button below to download HijackThis.   Download HiJackThis   Right-click HijackThis.exe icon, then click Run as C:\WINDOWS\system32\jiwewena.dll (Trojan.Vundo.H) -> Delete on reboot. Go Back Trend MicroAccountSign In  Remember meYou may have entered a wrong email or password.

Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\duyesedi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. Nachwirkungen Problem mit Clickandcompare - Evtl. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. In order to find out what entries are nasty and what are installed by the user, you need some background information.A logfile is not so easy to analyze.

Im Verzeichnis von Blacklight findest Du das erstellte Log fsbl-XXX.log, anstelle der XXX steht eine längere Folge von Ziffern. 2.) Lade dir bitte mbr detector herunter und führe ihn aus. Please re-enable javascript to access full functionality. Save it to your desktop.DDS.com DDS.scr DDS.pif After downloading the tool: Disconnect from the Internet. Flashdrive Virus?) Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (2) BKA Trojaner - Entfernung mit Nachwirkungen (keine Pop-Ups beim Rechtsklick auf dem Desktop) Plagegeister aller Art und deren Bekämpfung -

The solution did not resolve my issue. Was beachten? - Anleitung: MyStartSearch.com entfernen - Anleitung: WebSearches löschen - Hilfe: iStartSurf entfernen – so gehts! - Anleitung: Omiga Plus richtig entfernen - Browser Viren entfernen Zum Thema Problem mit Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-06

Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE [2008-08-06 447928][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]C:\WINDOWS\ALCMTR.EXE [2007-06-13 69632][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]C:\Program Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE All rights reserved. I' m not sure what to do next.

Starte in diesem Ordner blbeta.exe. navigate here Required *This form is an automated system. CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). Please provide your comments to help us improve this solution.

Follow the instructions that pop up for posting the results. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Online Assistant - {D79C4ACF-F903-4854-95CA-CDE413AC7E18} - C:\Program Files\American Express Online Assistant\ietoolbar.dllO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\suhokamo.dll -> Quarantined and deleted successfully. http://softsystechnologies.com/hijackthis-log/hijackthis-log-win32-trojandropper-agent.html C:\WINDOWS\system32\mijejabe.dll (Trojan.Vundo.H) -> Delete on reboot.

Disable all antivirus/anti-spyware protection. Javascript You have disabled Javascript in your browser. If you need more time, please let me know by posting in this topic so that your topic will not be closed. Back to top #3 suebaby41 suebaby41 W.A.M. (Women

Register now to gain access to all of our features, it's FREE and only takes one minute.

Malwarebytes'2. Double click on the DDS icon, allow it to run. You don't stop laughing when you get old; you get old when you stop laughing.A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)Malware Removal University Masters GraduateJoin The Fight Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. Register now! C:\WINDOWS\system32\saheloju.dll (Trojan.Vundo.H) -> Delete on reboot. this contact form Virus, Problem mit GMX Plagegeister aller Art und deren Bekämpfung - 11.01.2008 (3) Schweres Virus,Trojaner und evtl.

zu löschen. Das Problem mit dem Internet bestand allerdings erstmal nach wie vor. Updater (YahooAUService) - Yahoo! Close the program window and delete the program from your desktop.

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStartO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [ALaunch] A small box, which gives an explanation about the tool, will open. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Please try again.Forgot which address you used before?Forgot your password? Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe--End of file - 11477 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\AppleSoftwareUpdate.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]&Yahoo! If we have ever helped you in the past, please consider helping us. Post each log in separate post..1.

Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Yahoo! Click Do a system scan and save a logfile.   The hijackthis.log text file will appear on your desktop.   Check the files on the log, then research if they are HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. Log-Analyse und Auswertung - 08.01.2006 (1) evtl.

Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Yahoo! Messenger""C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo!