|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
December 11th, 2004, 01:05 AM
|
|||
|
|||
|
Plz take a look at my log
Hi, have this old iexpiorer (i not L) and cannot get ride of it. At least this is what norton always finds.
Here is my log: Logfile of HijackThis v1.98.2 Scan saved at 01:15:48, on 11.12.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\aim95.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\aim95.exe C:\Programme\Internet Explorer\iexplore.exe C:\DOKUME~1\Mama\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [norton updated] nvsv32.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [AIM95 Startup] aim95.exe O4 - HKLM\..\RunServices: [AIM95 Startup] aim95.exe O4 - HKLM\..\RunServices: [norton updated] nvsv32.exe O4 - HKLM\..\RunOnce: [AIM95 Startup] aim95.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM95 Startup] aim95.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\RunOnce: [AIM95 Startup] aim95.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102675437278 
|
|
#2
December 11th, 2004, 01:11 AM
|
||||
|
||||
|
It sounds like you have a worm known as WORM_AGOBOT.ET. Try following these removal instructions.
|
|
#3
December 11th, 2004, 01:42 AM
|
|||
|
|||
|
okay, i used the tool and removed them. Just want to check if i am clean now:
Logfile of HijackThis v1.98.2 Scan saved at 01:53:17, on 11.12.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\aim95.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Mama\Desktop\troya\jojack\HijackThis .exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [AIM95 Startup] aim95.exe O4 - HKLM\..\RunServices: [AIM95 Startup] aim95.exe O4 - HKLM\..\RunOnce: [AIM95 Startup] aim95.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM95 Startup] aim95.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\RunOnce: [AIM95 Startup] aim95.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102675437278
|
|
#4
December 11th, 2004, 01:52 AM
|
||||
|
||||
|
raven182,
As far as I can tell, your log looks clean. You have several instances of AOL Instant Messenger in your startup, but we won't touch on that if it is not causing you any problems. I recommend running Spybot and Ad-Aware SE regularly - at least once every week or two. Links to both softwares are found in my signature. Be sure to update.
|
|
#6
December 11th, 2004, 02:19 AM
|
|||
|
|||
|
Hi raven182,
Please disable your current AV Click Here and run RAV online scan, Copy and paste back the log into this thread when it has finished, Along with a fresh HJT log please. Be sure and enable your AV when done with the above, You still have a nasty running in your start ups
|
|
#7
December 11th, 2004, 02:23 AM
|
||||
|
||||
|
This appears to be the worm that you have on your system:
http://www.sophos.com/virusinfo/analyses/w32rbotdk.html Try the Recovery tab for instructions on removing it. For now, I will look for further information. Also, are there any problems you notice that could be caused by this worm other than the presence of iexpiorer.exe and the other files Norton found?
|
|
#8
December 11th, 2004, 02:39 AM
|
|||
|
|||
|
Hi,
Okay I ran the spy tool and the ad-aware tool. They both found stuff delete it but it all seem to come again. I am now running the online tool don77 suggested. I formated the computer new today: downloaded service pack 2, installed norton, then problems began. I have two computer this one direct connected to internet and the otherone through the first computer (first computer has to network places one for internet one for the other computer)
|
|
#9
December 11th, 2004, 02:57 AM
|
|||
|
|||
|
okay here we go: this is what the online tool found don:
Scan started at 11.12.2004 02:50:56 Scanning memory... Scanning boot sectors... Scanning files... C:\Dokumente und Einstellungen\Mama\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MHGNMHCF\mark[1].exe->(CABSfx)->niamx - IRC/Generic* -> Suspicious C:\Dokumente und Einstellungen\Mama\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MRM7I3IB\tw[1].exe->(CABSfx)->b.b - Worm:IRC/Randon* -> Infected C:\Dokumente und Einstellungen\Mama\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MRM7I3IB\tw[1].exe->(CABSfx)->copy.exe - Worm:IRC/Randon* -> Infected C:\Dokumente und Einstellungen\Mama\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MRM7I3IB\tw[1].exe->(CABSfx)->won.exe->(Petite 2.2) - Exploit:Win32/Lsass.gen! -> Suspicious C:\Dokumente und Einstellungen\Mama\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MRM7I3IB\tw[1].exe->(CABSfx)->wsock32.exe->(UPXW) - Tool:Win32/HideWindows -> Infected C:\WINDOWS\mark.exe->(CABSfx)->niamx - IRC/Generic* -> Suspicious C:\WINDOWS\tw.exe->(CABSfx)->b.b - Worm:IRC/Randon* -> Infected C:\WINDOWS\tw.exe->(CABSfx)->copy.exe - Worm:IRC/Randon* -> Infected C:\WINDOWS\tw.exe->(CABSfx)->won.exe->(Petite 2.2) - Exploit:Win32/Lsass.gen! -> Suspicious C:\WINDOWS\tw.exe->(CABSfx)->wsock32.exe->(UPXW) - Tool:Win32/HideWindows -> Infected C:\WINDOWS\system32\expiorer.exe - Backdoor:Win32/Rbot -> Infected C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0XORUXI5\mark[1].exe->(CABSfx)->niamx - IRC/Generic* -> Suspicious Scanned ============================ Objects: 19458 Directories: 1027 Archives: 675 Size(Kb): -1527107 Infected files: 7 Found ============================ Viruses found: 3 Suspicious files: 5 Disinfected files: 0 Mail files: 32 and this is the hijack log: Logfile of HijackThis v1.98.2 Scan saved at 03:03:21, on 11.12.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\aim95.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\devldr32.exe C:\Programme\Windows NT\Zubehör\wordpad.exe C:\Dokumente und Einstellungen\Mama\Desktop\troya\jojack\HijackThis .exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [AIM95 Startup] aim95.exe O4 - HKLM\..\RunServices: [AIM95 Startup] aim95.exe O4 - HKLM\..\RunOnce: [AIM95 Startup] aim95.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM95 Startup] aim95.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\RunOnce: [AIM95 Startup] aim95.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102675437278 O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab btw: norton makes trouble with my little network I think. Do you recommend to uninstall Norton or is it any good?
|
|
#10
December 11th, 2004, 03:03 AM
|
|||
|
|||
|
okay spybot always find DSO Exploit (5 entries). I delete them but after next check they seemed to be here again.
edit: iexpiorer still on my system as the advanced administrative tools shows me Last edited by raven182; December 11th, 2004 at 03:10 AM.
|
|
#11
December 11th, 2004, 03:17 AM
|
||||
|
||||
|
Download and install DSO Exploit fix in my signature. Then run Spybot again.
|
|
#12
December 11th, 2004, 03:25 AM
|
|||
|
|||
|
okay this one is gone but the iexpiorer is still here! Thank you for your help! step by step
 edit sorry here is the log: Logfile of HijackThis v1.98.2 Scan saved at 03:42:45, on 11.12.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\aim95.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\devldr32.exe C:\Dokumente und Einstellungen\Mama\Desktop\troya\jojack\HijackThis .exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [AIM95 Startup] aim95.exe O4 - HKLM\..\RunServices: [AIM95 Startup] aim95.exe O4 - HKLM\..\RunOnce: [AIM95 Startup] aim95.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM95 Startup] aim95.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\RunOnce: [AIM95 Startup] aim95.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102675437278 O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab Guys I will go and take a nap now! I will be back in around 5-6 hours thank you very much! This is just perfect!! Thank you! Last edited by raven182; December 11th, 2004 at 03:32 AM.
|
|
#13
December 11th, 2004, 03:37 AM
|
|||
|
|||
|
OK,
Reboot to safe mode ( By tapping the F8 key on start up) Delete the entire contents of the below Temp folders, but not the TEMP folder itself. Remove all the files and sub-folders from the below TEMP Folders: C:\Documents and Settings\ \Local Settings\Temp C:\temp C:\windows\temp The TIF ( Temporary Internet Files) can also be emptied via: Internet Explorer--Tools--Internet Options--General tab--"Delete Files", Also tick the "delete all offline content" box . Empty your Recycle Bin Next while still in safe mode, Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD C:\WINDOWS\mark.exe C:\WINDOWS\tw.exe copy.exe won.exe wsock32.exe C:\WINDOWS\system32\expiorer.exe Restart your computer, check Nortons for updates and run a full system scan, Run another scan with RAV again copy and paste back the log from it please, Also, Go here http://www.majorgeeks.com/download4392.html and download the fixl version of Spybot, Also do you even have AIM downloaded ? I m thinking whats showing up in your start ups is part of the worms you have on your system,
|
|
#14
December 11th, 2004, 03:41 AM
|
||||
|
||||
|
Yeah, AIM does not run off of a file in the system32 folder, and even then, it isn't called AIM95.exe. Not any of the newer versions anyways.
|
|
#15
December 11th, 2004, 12:22 PM
|
|||
|
|||
|
okay I did as you said but i could not delete the epiorer file. Windos says either it is write protected (which is not) or the system needs it.
Norton still find the same 4 virus. I never installed aim95 or use any of those messenger. As I said the system so now one day old.Here is a new log. Should I better format again? Logfile of HijackThis v1.98.2 Scan saved at 12:31:37, on 11.12.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\aim95.exe C:\WINDOWS\system32\devldr32.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Mama\Desktop\troya\jojack\HijackThis .exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [AIM95 Startup] aim95.exe O4 - HKLM\..\RunServices: [AIM95 Startup] aim95.exe O4 - HKLM\..\RunOnce: [AIM95 Startup] aim95.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM95 Startup] aim95.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\RunOnce: [AIM95 Startup] aim95.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102675437278 O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 03:21 PM.