Home » Spyware & Browser Hijacker Support Forum » meine Startseite verändert sich und ich weiss nicht mehr weiter » Themenansicht
meine Startseite verändert sich und ich weiss nicht mehr weiter |
||
|---|---|---|
| #0
| ||
|
04.01.2005, 11:04
...neu hier
Beiträge: 4 |
||
 
|
|
|
|
04.01.2005, 14:11
Ehrenmitglied
 Beiträge: 29434 |
#2
Hallo@riker120277
Deaktivieren Wiederherstellung «XP http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924 Windows so einstellen, daß alle Dateien angezeigt werden (Systemsteuerung - Ordneroptionen - Ansicht - "Alle Dateien und Ordner anzeigen" aktivieren und "Geschützte Systemdateien ausblenden" deaktivieren) Den folgenden Text in den Editor (Start - Zubehör - Editor) mit kopieren/einfügen und als Dateinamen "fix.reg" (mit Anführungszeichen) angeben und als fix.reg auf dem Desktop speichern. REGEDIT4 [-HKEY_CLASSES_ROOT\Interface\{0D721150-AEF3-457B-B03A-5097B623CE45}] [-HKEY_CLASSES_ROOT\Plugin6.DNSErrObj] [-HKEY_CLASSES_ROOT\redalert.here] [-HKEY_CLASSES_ROOT\TypeLib\{444A5674-FF85-45D4-9AE2-4199D8D70C85}] LADE:und alles auf dem Desktop (Arbeitsplatz) lassen , ohne zu scannen, das machst du dann erst im abgesicherten Modus (!) #AboutBuster--> updaten www.malwarebytes.biz/AboutBuster.zip #eScan-Erkennungstool[/u] http://www.rokop-security.de/board/index.php?showtopic=3867 erstelle den Ordner c:\bases mwav.exe runterladen, die Datei in den Ordner c:\bases (wichtig!) entpacken und danach kavupd.exe (Update- in DOS) ausführen Starte den PC neu und <gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=9 O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\5626K1~1.DLL O4 - HKLM\..\Run: [msci] C:\DOKUME~1\RIKER1~1\LOKALE~1\Temp\20051222651_mcinfo.exe /insfin O4 - HKLM\..\Run: [Cleanup] C:\DOKUME~1\RIKER1~1\LOKALE~1\Temp\20051222651_mcappins.exe /v=3 /cleanup O16 - DPF: {C886256C-7A63-4213-AD2F-02AD3735DF06} (AtlCtrl Class) - http://dl.adshooter.com/code/SYSsfitb.cab O20 - AppInit_DLLs: 6jfkpcdj59i6s9ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll Die Datei fix.reg auf dem Desktop doppelklicken. loeschen temporaere Dateien C:\WINDOWS\Temp\ C:\Temp\ C:\Dokumente und Einstellungen\RIKER1~1\Lokale Einstellungen\Temp\ #scanne mit AboutBuster (poste mir dann bitte das Scanlog) und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen : Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders, Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory -->und "Scan " klicken. Gehe wieder in den Normalmodus: #ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs - Autovervollständigen-Einträge in Web-Formularen des IE (bisher nur Win9x/ME) - Download-Listen des Netscape/Opera mache bitte folgendes: nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du infected ein  jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw. und ganz unten steht die zusammenfassung, diese auch hier posten  #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein und poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 04.01.2005 um 14:17 Uhr von Sabina editiert.
|
|
|
|
|
|
|
04.01.2005, 23:04
...neu hier
Themenstarter Beiträge: 4 |
#3
Hi
hier nun die zeilen aus der mwav.txt File C:\WINDOWS\System32\6jfkpcdj59i6s9ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:03 2005 => File C:\WINDOWS\System32\tillzmoksbe.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:04 2005 => File C:\WINDOWS\System32\w8c6s4xcm66.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:09 2005 => File C:\WINDOWS\System32\W8C6S4~1.DLL infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:29 2005 => File C:\WINDOWS\System32\1xlzwhsrjktdvdll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:29 2005 => File C:\WINDOWS\System32\2v3zcrnldkblomll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:30 2005 => File C:\WINDOWS\System32\3z1eky1pgbe7p2ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:30 2005 => File C:\WINDOWS\System32\52sbcfix2eyhvgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:30 2005 => File C:\WINDOWS\System32\5shcwme2zgslomll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:30 2005 => File C:\WINDOWS\System32\64c18oumndthvgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:30 2005 => File C:\WINDOWS\System32\6jfkpcdj59i6s9ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dl l.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:30 2005 => File C:\WINDOWS\System32\7t4drl1wdyslomll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:30 2005 => File C:\WINDOWS\System32\7xdp9pespg4bvgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:30 2005 => File C:\WINDOWS\System32\8bzeu5r3ehsrs6ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:31 2005 => File C:\WINDOWS\System32\8mpw9ymiue2cl5ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:41 2005 => File C:\WINDOWS\System32\bzn746f2jsjhvgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:42 2005 => File C:\WINDOWS\System32\c8tbthuzxs76l5ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:54:55 2005 => File C:\WINDOWS\System32\dgdsrv91sy7x6dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:55:06 2005 => File C:\WINDOWS\System32\e347o6gkoxl6l5ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:55:08 2005 => File C:\WINDOWS\System32\fcbkxmr4fiphvgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:55:09 2005 => File C:\WINDOWS\System32\fhdolhfnzxburkll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:55:13 2005 => File C:\WINDOWS\System32\hggs73oub4yhvgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:55:14 2005 => File C:\WINDOWS\System32\hmobhxd28izxvdll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:55:15 2005 => File C:\WINDOWS\System32\i8c36f8d4fysvgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:55:26 2005 => File C:\WINDOWS\System32\j3ywnwr6r8x9vgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:55:32 2005 => File C:\WINDOWS\System32\kk5b6u1h6y4lomll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:56:00 2005 => File C:\WINDOWS\System32\n5d1jwt4ywpredll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:56:03 2005 => File C:\WINDOWS\System32\nfcu3ub8v2zxvdll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:56:20 2005 => File C:\WINDOWS\System32\oeuzp3l8xwdbodll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:56:22 2005 => File C:\WINDOWS\System32\p2lovk76zg2cl5ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:56:27 2005 => File C:\WINDOWS\System32\pw1bv389uvsredll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:56:47 2005 => File C:\WINDOWS\System32\t2kd38fp8s4eedll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:56:49 2005 => File C:\WINDOWS\System32\tffndvobkncnodll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:56:49 2005 => File C:\WINDOWS\System32\tillzmoksbe.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:56:55 2005 => File C:\WINDOWS\System32\uym37t1ptz6eedll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:56:57 2005 => File C:\WINDOWS\System32\w8c6s4xcm66.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:56:57 2005 => File C:\WINDOWS\System32\w8nd28bx2t1eedll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:57:09 2005 => File C:\WINDOWS\System32\xm22co34c58cm2ll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:57:10 2005 => File C:\WINDOWS\System32\xw1xthmvhgslomll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dl l.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:57:10 2005 => File C:\WINDOWS\System32\yi2j1z95pyivhgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 21:57:35 2005 => File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$EX00.609\backups\backup-20050104-214524-395.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\00865929.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0803570B.tmp infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0C171528.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\142B4B9C.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\142B4B9C.tmp infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\18152991.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\18152991.tmp infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\1818538D.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\1818538D.tmp infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\181B7D8A.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\181F2786.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\18225183.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\1E0500B8.tmp infected by "Trojan.Win32.Regger.j" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\2054402D.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\207406B4.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\241B5AE3.tmp infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\251A2ADB.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\279458AF.tmp infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\2C7C34BD.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\32A10E10.exe infected by "Trojan.Win32.Regger.j" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\362C4FE9.dll infected by "Trojan-Downloader.Win32.Small.rr" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\37544F91.tmp infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\38A5294E.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\3ABE7B2A.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\3ABE7B2A.tmp infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\3B6221D2.tmp infected by "Trojan.Win32.Regger.j" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\464E3728.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\48BF160A.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\4FDF6806.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\4FDF6806.tmp infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\50F95016.tmp infected by "Trojan.Win32.Regger.j" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\5345779E.exe infected by "Trojan-Downloader.Win32.Agent.ea" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\5345779E.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\5A4375F3.exe infected by "Trojan-Downloader.Win32.Agent.ea" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\5A4375F3.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\5A940F99.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\5A9E0D8F.exe infected by "Trojan-Downloader.Win32.Agent.ea" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\74F61D2A.tmp infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\754B32B6.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\769F4140.tmp infected by "Trojan.Win32.Regger.j" Virus. Action Taken: No Action Taken. Tue Jan 04 22:06:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\782A775D.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:09:51 2005 => File C:\WINDOWS\Downloaded Program Files\WinCtlAdX.dll infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken. Tue Jan 04 22:12:21 2005 => File C:\WINDOWS\system32\1xlzwhsrjktdvdll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:12:21 2005 => File C:\WINDOWS\system32\2v3zcrnldkblomll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dl .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:12:22 2005 => File C:\WINDOWS\system32\3z1eky1pgbe7p2ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:12:23 2005 => File C:\WINDOWS\system32\52sbcfix2eyhvgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:12:23 2005 => File C:\WINDOWS\system32\5shcwme2zgslomll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:12:23 2005 => File C:\WINDOWS\system32\64c18oumndthvgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:12:23 2005 => File C:\WINDOWS\system32\6jfkpcdj59i6s9ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:12:23 2005 => File C:\WINDOWS\system32\7t4drl1wdyslomll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:12:23 2005 => File C:\WINDOWS\system32\7xdp9pespg4bvgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:12:23 2005 => File C:\WINDOWS\system32\8bzeu5r3ehsrs6ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:12:23 2005 => File C:\WINDOWS\system32\8mpw9ymiue2cl5ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:12:35 2005 => File C:\WINDOWS\system32\bzn746f2jsjhvgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:12:35 2005 => File C:\WINDOWS\system32\c8tbthuzxs76l5ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:12:54 2005 => File C:\WINDOWS\system32\dgdsrv91sy7x6dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:18:34 2005 => File C:\WINDOWS\system32\e347o6gkoxl6l5ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:18:36 2005 => File C:\WINDOWS\system32\fcbkxmr4fiphvgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:18:37 2005 => File C:\WINDOWS\system32\fhdolhfnzxburkll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:18:41 2005 => File C:\WINDOWS\system32\hggs73oub4yhvgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:18:42 2005 => File C:\WINDOWS\system32\hmobhxd28izxvdll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dl l.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:18:43 2005 => File C:\WINDOWS\system32\i8c36f8d4fysvgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:18:54 2005 => File C:\WINDOWS\system32\j3ywnwr6r8x9vgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:19:00 2005 => File C:\WINDOWS\system32\kk5b6u1h6y4lomll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:19:32 2005 => File C:\WINDOWS\system32\n5d1jwt4ywpredll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:19:36 2005 => File C:\WINDOWS\system32\nfcu3ub8v2zxvdll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:19:53 2005 => File C:\WINDOWS\system32\oeuzp3l8xwdbodll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:20:01 2005 => File C:\WINDOWS\system32\p2lovk76zg2cl5ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:20:06 2005 => File C:\WINDOWS\system32\pw1bv389uvsredll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:20:48 2005 => File C:\WINDOWS\system32\t2kd38fp8s4eedll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:20:50 2005 => File C:\WINDOWS\system32\tffndvobkncnodll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:20:50 2005 => File C:\WINDOWS\system32\tillzmoksbe.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:21:00 2005 => File C:\WINDOWS\system32\uym37t1ptz6eedll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:21:05 2005 => File C:\WINDOWS\system32\w8c6s4xcm66.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:21:05 2005 => File C:\WINDOWS\system32\w8nd28bx2t1eedll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:21:31 2005 => File C:\WINDOWS\system32\xm22co34c58cm2ll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:21:32 2005 => File C:\WINDOWS\system32\xw1xthmvhgslomll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:21:32 2005 => File C:\WINDOWS\system32\yi2j1z95pyivhgll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: No Action Taken. Tue Jan 04 22:23:04 2005 => Total Files Scanned: 36222 Tue Jan 04 22:23:04 2005 => Total Virus(es) Found: 119 Tue Jan 04 22:23:04 2005 => Total Disinfected Files: 0 Tue Jan 04 22:23:04 2005 => Total Files Renamed: 0 Tue Jan 04 22:23:04 2005 => Total Deleted Files: 0 Tue Jan 04 22:23:04 2005 => Total Errors: 126 Tue Jan 04 22:23:05 2005 => Time Elapsed: 00:29:20 Tue Jan 04 22:23:05 2005 => Scanning L:\ Drive Tue Jan 04 22:23:05 2005 => ***** Scanning complete. ***** Tue Jan 04 22:23:05 2005 => Virus Database Date: 2005/01/04 Tue Jan 04 22:23:05 2005 => Virus Database Count: 114684 Tue Jan 04 22:23:05 2005 => Scan Completed. Tue Jan 04 22:23:49 2005 => Virus Database Date: 2005/01/04 Tue Jan 04 22:23:49 2005 => Virus Database Count: 114684 Tue Jan 04 22:23:53 2005 => AV Library Unloaded (3)... und hir die log von hijack: Logfile of HijackThis v1.99.0 Scan saved at 23:04:08, on 04.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton Internet Security\ISSVC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\cFosNT\cFosDNT.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Steganos AntiSpyware 7\aspy7.exe C:\Programme\ANYCOM\Blue USB-120-240\BTTray.exe C:\WINDOWS\Downloaded Program Files\eBayTBar.exe C:\Programme\MSI\PC Alert III\alert.exe C:\PROGRA~1\ANYCOM\BLUEUS~1\BTSTAC~1.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\System32\alg.exe C:\Programme\ANYCOM\Blue USB-120-240\bin\by the way.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Total Commander\TOTALCMD.EXE C:\DOKUME~1\RIKER1~1\LOKALE~1\Temp\_tc\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-onine.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-onine.de O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\W8C6S4~1.DLL O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [cFosDNT] C:\cFosNT\cFosDNT.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [AntiSpyware7] "C:\Programme\Steganos AntiSpyware 7\aspy7.exe" /0 O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: eBay Toolbar.LNK = ? O4 - Global Startup: PC Alert III.lnk = C:\Programme\MSI\PC Alert III\alert.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ANYCOM\Blue USB-120-240\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ANYCOM\Blue USB-120-240\btsendto_ie.htm O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} (eBay Helper Object) - http://download.ebay.com/toolbar/de/eBayTBar.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/201839e7097a64aca106/netzip/RdxIE601_de.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C28C134E-9A5C-4D74-86A4-ABE181BD2240}: NameServer = 145.253.2.75 195.50.140.250 O20 - AppInit_DLLs: 6jfkpcdj59i6s9ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Programme\ANYCOM\Blue USB-120-240\bin\by the way.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: ISSvc - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe beinahe hätte ich das log vom aboutbuster vergessen hier ist es: Scanned at: 21:52:11 on: 04.01.2005 -- Scan 1 --------------------------- About:Buster Version 4.0 Reference List : 19 No ADS found on system ******************************** Error Removing Sys\system32.dll(fake) ******************************** ----------------------------- Removed! infected hosts file. Attempted Clean Of Temp folder. Pages Reset... Done! -- Scan 2 --------------------------- About:Buster Version 4.0 Reference List : 19 No ADS found on system ******************************** Error Removing Sys\system32.dll(fake) ******************************** ----------------------------- Removed! infected hosts file. Attempted Clean Of Temp folder. Pages Reset... Done! ich hoffe das hilft weiter gruß und dank riker Dieser Beitrag wurde am 05.01.2005 um 13:57 Uhr von Sabina editiert.
|
|
|
|
|
|
|
05.01.2005, 13:40
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo@riker120277
#Windows Explorer -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren -> "OK" KillBox http://www.bleepingcomputer.com/files/killbox.php <Delete File on Reboot <Unregister .dll before deleting.” und klick auf das rote Kreuz, wenn gefragt wird, ob reboot-> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\System32\tillzmoksbe.dll C:\WINDOWS\system32\system32.dll C:\WINDOWS\Downloaded Program Files\WinCtlAdX.dll C:\WINDOWS\System32\w8c6s4xcm66.dll PC neustarten Loesche den eSCan, den du geladen hattest und lade mwav.exe von dieser Site. http://bilder.informationsarchiv.net/Nikitas_Tools/ Erstelle wieder c:\bases, update und scanne im abgesicherten Modus . Dann kopiere wieder was geloescht oder angezeigt wurde und poste das neue Log vom HijackThis + das Log von diesem Scan: #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 05.01.2005 um 13:53 Uhr von Sabina editiert.
|
|
|
|
|
|
|
05.01.2005, 16:11
...neu hier
Themenstarter Beiträge: 4 |
#5
hi
erstmal danke für die schon erfolgte hilfe hier nun die neuen infected files aus dem escan: Wed Jan 05 15:24:36 2005 => File C:\WINDOWS\stop.00009_4.exe infected by "TrojanClicker.Win32.Small.bg" Virus. Action Taken: File Deleted. Wed Jan 05 15:24:41 2005 => File C:\WINDOWS\system32\6jfkpcdj59i6s9ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll infected by "Trojan.Win32.Krepper.ae" Virus. Action Taken: File to be deleted on reboot. Wed Jan 05 15:35:38 2005 => File C:\Dokumente und Einstellungen\Riker120277\Lokale Einstellungen\Temp\tmp38180906.tmp infected by "TrojanClicker.Win32.Small.bg" Virus. Action Taken: File Deleted. Wed Jan 05 15:35:40 2005 => File C:\Dokumente und Einstellungen\Riker120277\Lokale Einstellungen\Temporary Internet Files\Content.IE5\W1ARCHA3\stop.00009_4[1].exe infected by "TrojanClicker.Win32.Small.bg" Virus. Action Taken: File Deleted. und das ergebnis: Wed Jan 05 15:50:49 2005 => ***** Scanning C:\WINDOWS Folder ***** Wed Jan 05 15:50:49 2005 => ***** Checking for specific ITW Viruses ***** Wed Jan 05 15:50:49 2005 => Checking for Welchia Virus... Wed Jan 05 15:50:49 2005 => Checking for LovGate Virus... Wed Jan 05 15:50:50 2005 => Checking for CodeRed Virus... Wed Jan 05 15:50:50 2005 => Checking for OpaServ Virus... Wed Jan 05 15:50:50 2005 => Checking for Sobig.e Virus... Wed Jan 05 15:50:50 2005 => Checking for Winupie Virus... Wed Jan 05 15:50:50 2005 => Checking for Swen Virus... Wed Jan 05 15:50:50 2005 => Checking for JS.Fortnight Virus... Wed Jan 05 15:50:50 2005 => Checking for Novarg Virus... Wed Jan 05 15:50:50 2005 => ***** Scanning complete. ***** Wed Jan 05 15:50:50 2005 => Total Number of Files Scanned: 30754 Wed Jan 05 15:50:50 2005 => Total Number of Virus(es) Found: 4 Wed Jan 05 15:50:50 2005 => Total Number of Disinfected Files: 0 Wed Jan 05 15:50:50 2005 => Total Number of Files Renamed: 0 Wed Jan 05 15:50:50 2005 => Total Number of Deleted Files: 3 Wed Jan 05 15:50:50 2005 => Total Number of Errors: 133 Wed Jan 05 15:50:50 2005 => Time Elapsed: 00:31:21 Wed Jan 05 15:50:50 2005 => Virus Database Date: 2005/01/05 Wed Jan 05 15:50:50 2005 => Virus Database Count: 114729 Wed Jan 05 15:50:50 2005 => Scan Completed. Wed Jan 05 15:52:38 2005 => Virus Database Date: 2005/01/05 Wed Jan 05 15:52:38 2005 => Virus Database Count: 114729 Wed Jan 05 15:52:55 2005 => AV Library Unloaded (3)... hier der log von adaware: Ad-Aware SE Build 1.05 Logfile Created on:Mittwoch, 5. Januar 2005 16:08:23 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R8 13.09.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):27 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 05.01.2005 16:08:23 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 468 ThreadCreationTime : 05.01.2005 14:55:35 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 516 ThreadCreationTime : 05.01.2005 14:55:38 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 540 ThreadCreationTime : 05.01.2005 14:55:39 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 584 ThreadCreationTime : 05.01.2005 14:55:39 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 596 ThreadCreationTime : 05.01.2005 14:55:39 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 772 ThreadCreationTime : 05.01.2005 14:55:40 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 824 ThreadCreationTime : 05.01.2005 14:55:40 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 912 ThreadCreationTime : 05.01.2005 14:55:40 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 980 ThreadCreationTime : 05.01.2005 14:55:41 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1212 ThreadCreationTime : 05.01.2005 14:55:42 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:11 [sndsrvc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1284 ThreadCreationTime : 05.01.2005 14:55:43 BasePriority : Normal FileVersion : 5.4.3.11 ProductVersion : 5.4 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:12 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 1416 ThreadCreationTime : 05.01.2005 14:55:45 BasePriority : Normal FileVersion : 5.0 ProductVersion : 5.0 ProductName : Avance Sound Manager CompanyName : Avance Logic, Inc. FileDescription : Avance Sound Manager InternalName : ALSMTray LegalCopyright : Copyright (c) 2001 Avance Logic, Inc. OriginalFilename : ALSMTray.exe Comments : Avance AC97 Audio Sound Manager #:13 [cfosdnt.exe] FilePath : C:\cFosNT\ ProcessID : 1448 ThreadCreationTime : 05.01.2005 14:55:45 BasePriority : Normal FileVersion : 5.12.2661 ProductVersion : 5.12.2661 ProductName : cFos NT/2000/XP - Windows NT/2000/XP Virtual COM Port for DSL/ISDN CAPI CompanyName : cFos Software GmbH FileDescription : cFos NT/2000/XP - Windows NT/2000/XP Virtual COM Port for DSL/ISDN CAPI InternalName : cFosDNT LegalCopyright : Copyright © Lueders/Winkler 1993-2003 OriginalFilename : cFosDNT.EXE #:14 [aspy7.exe] FilePath : C:\Programme\Steganos AntiSpyware 7\ ProcessID : 1504 ThreadCreationTime : 05.01.2005 14:55:46 BasePriority : Normal FileVersion : 7.3.2.0.145 ProductVersion : 3.2 ProductName : AntiSpyware 7 CompanyName : Steganos GmbH FileDescription : AntiSpyware 7 LegalCopyright : Copyright (c) 2001-2004 Steganos GmbH LegalTrademarks : AntiSpyware7 is a trademark of Steganos Software, Inc. #:15 [ebaytbar.exe] FilePath : C:\WINDOWS\Downloaded Program Files\ ProcessID : 1536 ThreadCreationTime : 05.01.2005 14:55:48 BasePriority : Normal FileVersion : 4, 0, 4, 1 ProductVersion : 4, 0, 4, 1 ProductName : AtHoc Toolbar CompanyName : AtHoc, Inc. FileDescription : AtHoc Daemon InternalName : AtHoc LegalCopyright : Copyright © 2001-2002 AtHoc, Inc. All rights reserved. OriginalFilename : AtHoc.exe #:16 [alert.exe] FilePath : C:\Programme\MSI\PC Alert III\ ProcessID : 1624 ThreadCreationTime : 05.01.2005 14:55:51 BasePriority : Normal FileVersion : 3.4.61.0 ProductVersion : 3.3.8.4 ProductName : PC Alert III CompanyName : MICRO-STAR INT'L CO., LTD. FileDescription : Server Version InternalName : MSI PC Alert III LegalCopyright : MICRO-STAR INT'L CO., LTD. LegalTrademarks : MICRO-STAR INT'L CO., LTD. OriginalFilename : Alert Comments : Support Windows 9x/NT/2000 #:17 [ramasst.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1632 ThreadCreationTime : 05.01.2005 14:55:51 BasePriority : Normal FileVersion : 1, 0, 9, 0 ProductVersion : 1, 0, 9, 0 CompanyName : Matsushita Electric Industrial Co., Ltd. FileDescription : CD Burning of Windows XP disabling tool for DVD MULTI Drive LegalCopyright : Copyright (C) Matsushita Electric Industrial Co., Ltd. 2002 - 2003 OriginalFilename : RAMASST.EXE #:18 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 872 ThreadCreationTime : 05.01.2005 14:57:23 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:19 [dvdramsv.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1720 ThreadCreationTime : 05.01.2005 14:57:32 BasePriority : Normal FileVersion : 2, 0, 7, 0 ProductVersion : 2, 0, 7, 0 CompanyName : Matsushita Electric Industrial Co., Ltd. FileDescription : Service of RAMAsst for Windows XP LegalCopyright : Copyright (C) Matsushita Electric Industrial Co., Ltd. 2002 - 2003 OriginalFilename : DVDRAMSV.EXE #:20 [navapsvc.exe] FilePath : C:\Programme\Norton Internet Security\Norton AntiVirus\ ProcessID : 1796 ThreadCreationTime : 05.01.2005 14:57:32 BasePriority : Normal FileVersion : 11.0.2.4 ProductVersion : 11.0.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:21 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 700 ThreadCreationTime : 05.01.2005 14:57:36 BasePriority : Normal FileVersion : 6.14.10.6177 ProductVersion : 6.14.10.6177 ProductName : NVIDIA Driver Helper Service, Version 61.77 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 61.77 InternalName : NVSVC LegalCopyright : (C) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:22 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1476 ThreadCreationTime : 05.01.2005 14:57:36 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:23 [symlcsvc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\ ProcessID : 1984 ThreadCreationTime : 05.01.2005 14:57:36 BasePriority : Normal FileVersion : 1, 8, 54, 478 ProductVersion : 1, 8, 54, 478 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright (C) 2003 OriginalFilename : symlcsvc.exe #:24 [ccevtmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1072 ThreadCreationTime : 05.01.2005 14:57:47 BasePriority : Normal FileVersion : 103.0.2.10 ProductVersion : 103.0.2.10 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:25 [totalcmd.exe] FilePath : C:\Programme\Total Commander\ ProcessID : 1076 ThreadCreationTime : 05.01.2005 14:57:55 BasePriority : Normal FileVersion : 6.03 ProductVersion : 6.03 ProductName : Total Commander CompanyName : C. Ghisler & Co. FileDescription : Total Commander 32 bit international version, file manager replacement for Windows InternalName : TOTALCMD LegalCopyright : Copyright © 1993-2004 Christian Ghisler #:26 [firefox.exe] FilePath : C:\Programme\Mozilla Firefox\ ProcessID : 304 ThreadCreationTime : 05.01.2005 14:59:57 BasePriority : Normal #:27 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3296 ThreadCreationTime : 05.01.2005 15:07:06 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Disk Scan Result for C:\WINDOWS\System32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Disk Scan Result for C:\DOKUME~1\RIKER1~1\LOKALE~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\microsoft\office\9.0\excel\recent files Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\ahead\nero wave editor\recent file list Description : list of recently used files in nero wave editor MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\jasc\paint shop pro 8\recent file list Description : list of recently used files in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\ahead\cover designer\recent file list Description : list of recently used files in ahead cover designer MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Riker120277\recent Description : list of recently opened documents Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 27 16:09:04 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:00:40.875 Objects scanned:55141 Objects identified:0 Objects ignored:0 New critical objects:0 und der von hijack: Logfile of HijackThis v1.99.0 Scan saved at 16:10:14, on 05.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\cFosNT\cFosDNT.exe C:\Programme\Steganos AntiSpyware 7\aspy7.exe C:\WINDOWS\Downloaded Program Files\eBayTBar.exe C:\Programme\MSI\PC Alert III\alert.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Total Commander\TOTALCMD.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\DOKUME~1\RIKER1~1\LOKALE~1\Temp\_tc\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=9 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=9 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-onine.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=9 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-onine.de O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [cFosDNT] C:\cFosNT\cFosDNT.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: eBay Toolbar.LNK = ? O4 - Global Startup: PC Alert III.lnk = C:\Programme\MSI\PC Alert III\alert.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ANYCOM\Blue USB-120-240\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ANYCOM\Blue USB-120-240\btsendto_ie.htm O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} (eBay Helper Object) - http://download.ebay.com/toolbar/de/eBayTBar.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/201839e7097a64aca106/netzip/RdxIE601_de.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C28C134E-9A5C-4D74-86A4-ABE181BD2240}: NameServer = 145.253.2.75 195.50.140.250 O20 - AppInit_DLLs: 6jfkpcdj59i6s9ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Programme\ANYCOM\Blue USB-120-240\bin\by the way.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: ISSvc - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ich hoffe das wir der lösung näher kommen gruß riker |
|
|
|
|
|
|
05.01.2005, 16:32
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo@
Deaktivieren Wiederherstellung «XP http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924 Gehe sofort in den abgesicherten Modus #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" (nicht neustarten) R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=9 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=9 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=9 O20 - AppInit_DLLs: 6jfkpcdj59i6s9ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.d Datenträgerbereinigung: und Löschen der Temporary-Dateien <Start<Ausfuehren--> reinschreiben : cleanmgr loesche nur: #Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. #Click:Temporäre Dateien, o.k dann scanne noch mal mit eSCan,--->(denn beim Booten wird der Krepper geloescht)--> starte neu, in den Normalmodus ---------------------------------------------------------------------------------------- MRU-Clear XP 1.2 Windows merkt sich von jedem Benutzer die zuletzt benutzten Dateien und ausgeführten Funktionen. Diese Einstellungen werden nicht in einer extra Datei, sondern in der Registrierdatenbank abgelegt. Auf diese MRU-Einträge der einzelnen USER kann aber auch ein anderer Benutzer über die Registry zugreifen und so feststellen, was der Anwender denn so als letztes auf seinem Rechner gemacht hat. Diese MRU-Listen können Sie mit MRU-Clear XP anzeigen und löschen. http://www.ok-s.de/download/download.html #TuneUp2004 (30 Tage free) http://www.tuneup.de/products/tuneup-utilities/ Cleanup repair -->TuneUp Diskcleaner Cleanup repair -->Registry Cleaner #ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs - Autovervollständigen-Einträge in Web-Formularen des IE (bisher nur Win9x/ME) - Download-Listen des Netscape/Opera #Hoster-Tool : http://members.aol.com/toadbee/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. #Trend-Micro (Online) http://de.trendmicro-europe.com/enterprise/products/housecall_pre.php #BitDefender Scan www.bitdefender.com/scan/Msie/index.php #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 05.01.2005 um 16:42 Uhr von Sabina editiert.
|
|
|
|
|
|
|
06.01.2005, 13:53
...neu hier
Themenstarter Beiträge: 4 |
#7
hi vielen dank für deine hilfe leider hat sich mein system gestern abend komplett verabschiedet und ich durfte format c machen.
allerdings hat sich auf diese weise gleich mein problem gelöst. trotzdem nochmals danke für deine tolle hilfe. danke danke danke danke danke danke danke liebe grüße riker |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
meine startseite vom ie hat sich verändert und bekomm es nicht korrigiert
hier nun dir log von hijackthis
Logfile of HijackThis v1.99.0
Scan saved at 10:52:47, on 04.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\Server.exe
C:\WINDOWS\Downloaded Program Files\eBayTBar.exe
C:\cFosNT\cfosdnt.exe
C:\WINDOWS\soundman.exe
C:\Programme\MSI\PC Alert III\alert.exe
C:\Programme\Java\j2re1.4.2_04\bin\javaw.exe
C:\Programme\eMule\emule.exe
C:\Programme\Steganos AntiSpyware 7\aspy7.exe
C:\Programme\Total Commander\TOTALCMD.EXE
C:\DOKUME~1\RIKER1~1\LOKALE~1\Temp\_tc\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-onine.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-onine.de
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\5626K1~1.DLL
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [cFosDNT] C:\cFosNT\cFosDNT.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [msci] C:\DOKUME~1\RIKER1~1\LOKALE~1\Temp\20051222651_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOKUME~1\RIKER1~1\LOKALE~1\Temp\20051222651_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\RunServices: [RunAlert] C:\Programme\MSI\PC Alert III\AService.exe
O4 - HKCU\..\Run: [AntiSpyware7] "C:\Programme\Steganos AntiSpyware 7\aspy7.exe" /0
O4 - HKCU\..\Run: [Scan Spyware] "C:\Programme\ScanSpyware v3.7\Scanner.exe"
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: eBay Toolbar.LNK = ?
O4 - Global Startup: PC Alert III.lnk = C:\Programme\MSI\PC Alert III\alert.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} (eBay Helper Object) - http://download.ebay.com/toolbar/de/eBayTBar.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/201839e7097a64aca106/netzip/RdxIE601_de.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f007.mail.lycos.de/app/uploader/FileUploader.cab
O16 - DPF: {C886256C-7A63-4213-AD2F-02AD3735DF06} (AtlCtrl Class) - http://dl.adshooter.com/code/SYSsfitb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C28C134E-9A5C-4D74-86A4-ABE181BD2240}: NameServer = 145.253.2.75 195.50.140.250
O20 - AppInit_DLLs: 6jfkpcdj59i6s9ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.
dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dl
l.dll.dll.dll.dll.dll.dll.dll.dll.dll
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Programme\ANYCOM\Blue USB-120-240\bin\by the way.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ISSvc - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
ich hoffe mir kann geholfen werden
danke sagt riker