Home » Spyware & Browser Hijacker Support Forum » Virus ohne Namen? jkkli.dll wird als Risiko angezeigt » Themenansicht
Virus ohne Namen? jkkli.dll wird als Risiko angezeigt |
||
|---|---|---|
| #0
| ||
|
13.11.2005, 21:49
Member
Themenstarter Beiträge: 12 |
#16
da öffnet sich leider nichts, das vundofix-fenster geht zu und das war es
|
|
 
|
|
|
|
13.11.2005, 21:56
Ehrenmitglied
 Beiträge: 29434 |
#17
nun weiss ich auch nicht weiter...( ist noch nie passiert....)
KILLBOX http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: D:\WINDOWS\SYSTEM32\jkkli.dll D:\WINDOWS\SYSTEM32\mllji.dll D:\WINDOWS\SYSTEM32\intercept.dll D:\WINDOWS\SYSTEM32\mcrh.tmp D:\WINDOWS\SYSTEM32\ijllm.tmp D:\WINDOWS\SYSTEM32\ds1ils.dll D:\Programme\SinEspias\no-spy.exe D:\WINDOWS\winexec.exe und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" loesche: D:\Programme\SinEspias arbeite mit CleanUp http://virus-protect.org/cleanup.html scanne mit Kaspersky und poste den scanreport http://virus-protect.org/onlinescan.html __________ scanne mit spysweepwer und poste mir den scanreport http://virus-protect.org/spysweeper.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
14.11.2005, 21:57
Member
Themenstarter Beiträge: 12 |
#18
Hallo Sabina,
bin wieder da und habe "nur" noch den Trojaner, wenn ich das richtig sehe. ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Monday, November 14, 2005 06:59:47 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 13/11/2005 Kaspersky Anti-Virus database records: 149957 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ Scan Statistics: Total number of scanned objects: 73359 Number of viruses found: 3 Number of infected objects: 15 Number of suspicious objects: 0 Duration of the scan process: 27988 sec Infected Object Name - Virus Name D:\!KillBox\ds1ils.dll Infected: Trojan.Win32.Crypt.t D:\Programme\Norton AntiVirus\Quarantine\3F664FCF.dll Infected: Trojan-Downloader.Win32.Agent.yf D:\Programme\Norton AntiVirus\Quarantine\3FCC45D6.dll Infected: Trojan-Downloader.Win32.Agent.yf D:\Programme\Norton AntiVirus\Quarantine\4A702D1D.exe Infected: Trojan.Win32.Crypt.t D:\Programme\Norton AntiVirus\Quarantine\5AFE5E54.exe Infected: Trojan.Win32.Crypt.t D:\Programme\Norton AntiVirus\Quarantine\5B010850.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei D:\Programme\Norton AntiVirus\Quarantine\6112487F.dll Infected: Trojan-Downloader.Win32.Agent.yf D:\Programme\Norton AntiVirus\Quarantine\61361658.dll Infected: Trojan-Downloader.Win32.Agent.yf D:\Programme\Norton AntiVirus\Quarantine\629A76D0.dll Infected: Trojan-Downloader.Win32.Agent.yf D:\Programme\Norton AntiVirus\Quarantine\630F5E4F.dll Infected: Trojan-Downloader.Win32.Agent.yf D:\Programme\Norton AntiVirus\Quarantine\635A23FC.dll Infected: Trojan-Downloader.Win32.Agent.yf D:\Programme\Norton AntiVirus\Quarantine\652B1E36.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei D:\Programme\Norton AntiVirus\Quarantine\75A05584.dll Infected: Trojan-Downloader.Win32.Agent.yf D:\System Volume Information\_restore{28DC624E-DEA4-46D9-BEDB-396A575C7E9A}\RP175\A0009608.exe Infected: Trojan.Win32.Crypt.t D:\System Volume Information\_restore{28DC624E-DEA4-46D9-BEDB-396A575C7E9A}\RP177\A0009877.dll Infected: Trojan.Win32.Crypt.t Scan process completed. ******** 21:07: | Start of Session, Montag, 14. November 2005 | 21:07: Spy Sweeper started 21:07: Sweep initiated using definitions version 556 21:07: Starting Memory Sweep 21:07: Warning: Failed to load image: D:\WINDOWS\system32\jkkli.dll 21:10: Memory Sweep Complete, Elapsed Time: 00:02:14 21:10: Starting Registry Sweep 21:10: Found Trojan Horse: trojan-downloader-conhook 21:10: HKLM\software\classes\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833627) 21:10: HKCR\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833628) 21:10: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (ID = 833629) 21:10: Registry Sweep Complete, Elapsed Time:00:00:43 21:10: Starting Cookie Sweep 21:10: Cookie Sweep Complete, Elapsed Time: 00:00:00 21:10: Starting File Sweep 21:32: File Sweep Complete, Elapsed Time: 00:21:36 21:32: Full Sweep has completed. Elapsed time 00:24:36 21:32: Traces Found: 9 21:41: Removal process initiated 21:41: Quarantining All Traces: trojan-downloader-conhook 21:41: Removal process completed. Elapsed time 00:00:03 21:43: Deletion from quarantine initiated 21:43: Processing: trojan-downloader-conhook 21:43: Deletion from quarantine completed. Elapsed time 00:00:00 ******** 20:01: | Start of Session, Montag, 14. November 2005 | 20:01: Spy Sweeper started 20:01: Sweep initiated using definitions version 556 20:01: Starting Memory Sweep 20:01: Warning: Failed to load image: D:\WINDOWS\system32\jkkli.dll 20:02: Found Adware: virtumonde 20:02: Detected running Thread: D:\WINDOWS\system32\mllji.dll (ID = 77) 20:03: Memory Sweep Complete, Elapsed Time: 00:02:19 20:03: Starting Registry Sweep 20:04: HKCR\msevents.msevents\ (5 subtraces) (ID = 749130) 20:04: HKCR\msevents.msevents.1\ (3 subtraces) (ID = 749136) 20:04: HKLM\software\classes\msevents.msevents\ (5 subtraces) (ID = 749153) 20:04: HKLM\software\classes\msevents.msevents.1\ (3 subtraces) (ID = 749157) 20:04: Found Trojan Horse: trojan-downloader-conhook 20:04: HKLM\software\classes\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833627) 20:04: HKCR\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833628) 20:04: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (ID = 833629) 20:04: Found Adware: ist yoursitebar 20:04: HKU\S-1-5-21-2000478354-412668190-1606980848-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {86227d9c-0efe-4f8a-aa55-30386a3f5686} (ID = 147853) 20:05: Registry Sweep Complete, Elapsed Time:00:01:02 20:05: Starting Cookie Sweep 20:05: Cookie Sweep Complete, Elapsed Time: 00:00:00 20:05: Starting File Sweep 20:18: Found Adware: apropos 20:18: wingenerics.dll (ID = 50187) 20:23: File Sweep Complete, Elapsed Time: 00:18:13 20:23: Full Sweep has completed. Elapsed time 00:21:36 20:23: Traces Found: 32 20:34: Removal process initiated 20:34: Quarantining All Traces: trojan-downloader-conhook 20:34: Quarantining All Traces: apropos 20:34: apropos is in use. It will be removed on reboot. 20:34: wingenerics.dll is in use. It will be removed on reboot. 20:34: Quarantining All Traces: ist yoursitebar 20:34: Quarantining All Traces: virtumonde 20:34: virtumonde is in use. It will be removed on reboot. 20:34: D:\WINDOWS\system32\mllji.dll is in use. It will be removed on reboot. 20:34: Warning: Timed out waiting for explorer.exe 20:34: Warning: Timed out waiting for explorer.exe 20:35: Warning: Timed out waiting for explorer.exe 20:35: Warning: Quarantine process could not restart Explorer. 20:35: Preparing to restart your computer. Please wait... 20:35: Removal process completed. Elapsed time 00:01:10 21:07: Deletion from quarantine initiated 21:07: Processing: apropos 21:07: Processing: ist yoursitebar 21:07: Processing: trojan-downloader-conhook 21:07: Processing: virtumonde 21:07: Deletion from quarantine completed. Elapsed time 00:00:00 21:07: | End of Session, Montag, 14. November 2005 | ******** 19:55: | Start of Session, Montag, 14. November 2005 | 19:55: Spy Sweeper started 20:01: | End of Session, Montag, 14. November 2005 | So, der Letzte ist aber sehr seßhaft. Habe jeweils nach den Scans neu gebootet, aber der bleibt. Gruß Daniela |
|
|
|
|
|
|
15.11.2005, 00:33
Ehrenmitglied
Beiträge: 29434 |
#19
Zitat 26.10.2005 07:06 28.173 jkkli.dllkopiere noch mal in Vundofix: D:\WINDOWS\system32\mllji.dll D:\WINDOWS\system32\ijllm.* loeschst du mit der Killbox: D:\WINDOWS\system32\jkkli.dll __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
15.11.2005, 19:55
Member
Themenstarter Beiträge: 12 |
#20
Hallo Sabina,
Vundofix: habe diesmal bei beiden strings eine Reaktion, aber kein verlangen nach neustart Killbox: kein erfolg, kein verlangen nach neustart Kaspersky: habe den scanbereich auf D: eingeschränkt ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Tuesday, November 15, 2005 18:32:18 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 15/11/2005 Kaspersky Anti-Virus database records: 150246 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - Folders: D:\ Scan Statistics: Total number of scanned objects: 23346 Number of viruses found: 3 Number of infected objects: 16 Number of suspicious objects: 0 Duration of the scan process: 2190 sec Infected Object Name - Virus Name D:\!KillBox\ds1ils.dll Infected: Trojan.Win32.Crypt.t D:\Programme\Norton AntiVirus\Quarantine\3F664FCF.dll Infected: Trojan-Downloader.Win32.Agent.yf D:\Programme\Norton AntiVirus\Quarantine\3FCC45D6.dll Infected: Trojan-Downloader.Win32.Agent.yf D:\Programme\Norton AntiVirus\Quarantine\4A702D1D.exe Infected: Trojan.Win32.Crypt.t D:\Programme\Norton AntiVirus\Quarantine\5AFE5E54.exe Infected: Trojan.Win32.Crypt.t D:\Programme\Norton AntiVirus\Quarantine\5B010850.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei D:\Programme\Norton AntiVirus\Quarantine\6112487F.dll Infected: Trojan-Downloader.Win32.Agent.yf D:\Programme\Norton AntiVirus\Quarantine\61361658.dll Infected: Trojan-Downloader.Win32.Agent.yf D:\Programme\Norton AntiVirus\Quarantine\629A76D0.dll Infected: Trojan-Downloader.Win32.Agent.yf D:\Programme\Norton AntiVirus\Quarantine\630F5E4F.dll Infected: Trojan-Downloader.Win32.Agent.yf D:\Programme\Norton AntiVirus\Quarantine\635A23FC.dll Infected: Trojan-Downloader.Win32.Agent.yf D:\Programme\Norton AntiVirus\Quarantine\652B1E36.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei D:\Programme\Norton AntiVirus\Quarantine\75A05584.dll Infected: Trojan-Downloader.Win32.Agent.yf D:\System Volume Information\_restore{28DC624E-DEA4-46D9-BEDB-396A575C7E9A}\RP175\A0009608.exe Infected: Trojan.Win32.Crypt.t D:\System Volume Information\_restore{28DC624E-DEA4-46D9-BEDB-396A575C7E9A}\RP177\A0009877.dll Infected: Trojan.Win32.Crypt.t D:\System Volume Information\_restore{28DC624E-DEA4-46D9-BEDB-396A575C7E9A}\RP178\A0010892.dll Infected: Trojan.Win32.Crypt.t Scan process completed. ------------------------------------- habe dann den Inhalt vom Quarantäne-Ordner von Norten gelöscht und noch mal gescannt: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Tuesday, November 15, 2005 18:57:39 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 15/11/2005 Kaspersky Anti-Virus database records: 150246 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - Folders: D:\Programme\ D:\System Volume Information\ Scan Statistics: Total number of scanned objects: 11119 Number of viruses found: 1 Number of infected objects: 3 Number of suspicious objects: 0 Duration of the scan process: 1025 sec Infected Object Name - Virus Name D:\System Volume Information\_restore{28DC624E-DEA4-46D9-BEDB-396A575C7E9A}\RP175\A0009608.exe Infected: Trojan.Win32.Crypt.t D:\System Volume Information\_restore{28DC624E-DEA4-46D9-BEDB-396A575C7E9A}\RP177\A0009877.dll Infected: Trojan.Win32.Crypt.t D:\System Volume Information\_restore{28DC624E-DEA4-46D9-BEDB-396A575C7E9A}\RP178\A0010892.dll Infected: Trojan.Win32.Crypt.t Scan process completed. Spy Sweeper: ******** 18:59: | Start of Session, Dienstag, 15. November 2005 | 18:59: Spy Sweeper started 18:59: Sweep initiated using definitions version 556 18:59: Starting Memory Sweep 18:59: Warning: Failed to load image: D:\WINDOWS\system32\jkkli.dll 19:02: Memory Sweep Complete, Elapsed Time: 00:02:59 19:02: Starting Registry Sweep 19:02: Found Trojan Horse: trojan-downloader-conhook 19:02: HKLM\software\classes\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833627) 19:02: HKCR\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833628) 19:02: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (ID = 833629) 19:02: Registry Sweep Complete, Elapsed Time:00:00:37 19:02: Starting Cookie Sweep 19:02: Cookie Sweep Complete, Elapsed Time: 00:00:00 19:02: Starting File Sweep 19:21: File Sweep Complete, Elapsed Time: 00:18:42 19:21: Full Sweep has completed. Elapsed time 00:22:21 19:21: Traces Found: 9 19:26: Removal process initiated 19:26: Quarantining All Traces: trojan-downloader-conhook 19:26: trojan-downloader-conhook is in use. It will be removed on reboot. 19:26: clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ is in use. It will be removed on reboot. 19:26: Preparing to restart your computer. Please wait... 19:26: Removal process completed. Elapsed time 00:00:10 ******** auch nach gewünschtem neustart keine änderung |
|
|
|
|
|
|
16.11.2005, 00:25
Ehrenmitglied
Beiträge: 29434 |
#21
Zitat Vundofix:niemand verlangt nach Neustart....ich denke mal, du muss neustarten, wenn sich das HijackThis geoeffnet hat und du die Eintraege gefixt hast, die ich angegeben hatte) Zitat Killbox: kein erfolg, kein verlangen nach neustartauch hier: start du neu  __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
16.11.2005, 07:10
Member
Themenstarter Beiträge: 12 |
#22
in den beschreibungen zu den programmen steht es manchmal anders.
ich habe aber immer neu gestartet!!! fällt dir jetzt noch etwas ein, was man machen kann? ich habe sogar versucht, per hand die angezeigten reg-schlüssel zu löschen, HKLM\software\classes\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833627) HKCR\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833628) HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (ID = 833629) wollte damit versuchen, die jkkli.dll zum löschen zu bekommen, die ist aber nicht zu fassen. die schlüssel sind nicht mehr da, trotzdem werden sie im hijackthis angezeigt (der letzte schlüssel) und lassen sich fixen. aber sofort danach zeigt spy sweeper an, das BHO versucht, über winlogon.exe die jkkli.dll zu installieren. Logfile of HijackThis v1.99.1 Scan saved at 21:49:32, on 15.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe D:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe D:\Programme\Norton Personal Firewall\ISSVC.exe D:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe D:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe D:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe D:\WINDOWS\system32\spoolsv.exe D:\Programme\AVPersonal\AVGUARD.EXE D:\Programme\AVPersonal\AVWUPSRV.EXE D:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe D:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe D:\Programme\Norton AntiVirus\navapsvc.exe D:\Programme\Norton AntiVirus\IWP\NPFMntor.exe D:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe D:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe D:\WINDOWS\system32\hkcmd.exe D:\Programme\Analog Devices\Core\smax4pnp.exe D:\Programme\Java\j2re1.4.2_03\bin\jusched.exe D:\WINDOWS\system32\dla\tfswctrl.exe D:\Programme\CyberLink\PowerDVD\DVDLauncher.exe D:\Programme\T-DSL SpeedManager\SpeedMgr.exe D:\Programme\PestPatrol\PPMemCheck.exe D:\Programme\T-DSL SpeedManager\tsmsvc.exe D:\Programme\CA\eTrust PestPatrol\PPActiveDetection.exe D:\Programme\AVPersonal\AVGNT.EXE D:\Programme\Messenger\msmsgs.exe D:\WINDOWS\system32\ctfmon.exe D:\Programme\WinZip\WZQKPICK.EXE D:\Programme\Webroot\Spy Sweeper\SpySweeper.exe D:\Dokumente und Einstellungen\Besitzer\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - D:\WINDOWS\system32\jkkli.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - D:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SoundMAXPnP] D:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [dla] D:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "D:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDLauncher] "D:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [T-DSL SpeedMgr] "D:\Programme\T-DSL SpeedManager\SpeedMgr.exe" O4 - HKLM\..\Run: [PPMemCheck] D:\Programme\PestPatrol\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] D:\Programme\PestPatrol\CookiePatrol.exe O4 - HKLM\..\Run: [ccApp] "D:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [eTrustPPAP] "D:\Programme\CA\eTrust PestPatrol\PPActiveDetection.exe" O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\RunServices: [DJSNetCN] D:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = D:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: jkkli - D:\WINDOWS\SYSTEM32\jkkli.dll O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Programme\Norton Personal Firewall\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - D:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - D:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TSMService - T-Systems Nova, Berkom - D:\Programme\T-DSL SpeedManager\tsmsvc.exe -------------------------------- ******** 21:03: | Start of Session, Dienstag, 15. November 2005 | 21:03: Spy Sweeper started 21:03: Sweep initiated using definitions version 556 21:03: Starting Memory Sweep 21:03: Warning: Failed to load image: D:\WINDOWS\system32\jkkli.dll 21:06: Memory Sweep Complete, Elapsed Time: 00:03:11 21:06: Starting Registry Sweep 21:07: Found Trojan Horse: trojan-downloader-conhook 21:07: HKLM\software\classes\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833627) 21:07: HKCR\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833628) 21:07: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (ID = 833629) 21:07: Registry Sweep Complete, Elapsed Time:00:00:36 21:07: Starting Cookie Sweep 21:07: Cookie Sweep Complete, Elapsed Time: 00:00:00 21:07: Starting File Sweep 21:18: File Sweep Complete, Elapsed Time: 00:11:12 21:18: Full Sweep has completed. Elapsed time 00:15:02 21:18: Traces Found: 9 21:19: Removal process initiated 21:19: Quarantining All Traces: trojan-downloader-conhook 21:19: Removal process completed. Elapsed time 00:00:03 21:59: BHO Shield: found: -- BHO installation denied at user request 21:59: BHO Shield: found: -- BHO installation denied at user request 21:59: BHO Shield: found: -- BHO installation denied at user request 21:59: BHO Shield: found: -- BHO installation denied at user request 21:59: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 21:59: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:00: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:00: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:00: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:00: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:00: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:00: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:00: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:00: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:00: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:01: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:02: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:02: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:02: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:02: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:02: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:02: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:02: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:03: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:08: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:08: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:08: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:08: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:08: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:08: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:08: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:09: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:10: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:10: BHO Shield: found: -- BHO installation denied at user request 22:10: BHO Shield: found: -- BHO installation denied at user request 22:11: BHO Shield: found: -- BHO installation denied at user request 22:12: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:12: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:12: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:12: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:12: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:13: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:14: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:14: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:15: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:16: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:17: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:18: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:19: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:20: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:20: BHO Shield: found: -- BHO installation denied at user request 22:21: BHO Shield: found: -- BHO installation denied at user request 22:22: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:23: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:24: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:25: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:25: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:25: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:25: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:25: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:25: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:25: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:26: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:26: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:26: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:26: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:26: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:26: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:26: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:27: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:28: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:28: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:29: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:30: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:30: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:31: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:31: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:31: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:31: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:31: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:31: BHO Shield: found: jkkli.dll-- BHO installation denied at user request 22:52: BHO Shield: found: jkkli.dll-- BHO installation denied at user request ******** habe dann den pc "abgewürgt", hatte die nase voll, spy sweeper hat nicht mehr aufgehört |
|
|
|
|
|
|
16.11.2005, 12:31
Ehrenmitglied
Beiträge: 29434 |
#23
http://virus-protect.org/artikel/tools/processexplorer.html
hier gibt es auch eine Erklaerung in Englisch, wie du der dll beikommen kannst...versuche es mal dann die dll noch mal mit der Killbox oder manuell loeschen....aber alles im abgesichertem Modus __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
17.11.2005, 22:50
Member
Themenstarter Beiträge: 12 |
#24
hallo sabina,
vielen dank für deine bemühungen,ABER es hat leider nichts gebracht. habe die partition neu formatiert und betriebssystem neu gemacht, ging leider nicht anders. hoffe, so etwas bleibt mir in zukunft erspart. liebe grüße daniela |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten