Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   hartnäckiger Website Viewer (https://www.trojaner-board.de/14479-hartnaeckiger-website-viewer.html)

BeateG 25.02.2005 09:28
hartnäckiger Website Viewer
 
Hi! Ich versuch seit ein paar Wochen einen Website Viewer oder Dailer (weiß nicht) zu entfernen. Wenn ich den Computer einschate, dann öffnet sich ein Fenster mit Damen in entsprechenen Posen. Dabei gibts auch eine Menüfunktion in der man die Software deinstallieren könnte - geht nicht. Es gibt auch ein Symbol auf dem Desktop mit nem Mädchen und Sex als Bezeichnung. Und irgendwas versucht sich in gewissen Abständen irgendwo einzuwählen, was gottseidank wegen Kabelabschuss nicht geht. Ich hab Norton Antivirus, Adaware, Spybot Search & Destroy und CW Shredder schon durchlaufen lassen, auch im Abgesicherten Modus. Aber spätestens nach 4 Stunden hab ich wieder das geiche Problem. Hier mein Logfile:

Logfile of HijackThis v1.99.0
Scan saved at 23:26:53, on 23.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\NMain.exe
C:\Dokumente und Einstellungen\Beate\Eigene Dateien\Beate\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.chello.at/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0000_ho
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von chello broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.chello.at/autoconfig/deat.ins
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gate.tuwien.datentankstelle
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {34116E43-B756-4658-BCA7-BCC18D6A9786} - C:\WINDOWS\System32\bfb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll (file missing)
O2 - BHO: STIEbarBHO Class - {D797AD6C-6447-4DB4-91D0-090344408E72} - C:\Programme\0CAT YellowPages\STIEbar2.dll
O3 - Toolbar: 0CAT Yellow Pages - {679695BC-A811-4A9D-8CDF-BA8C795F261A} - C:\Programme\0CAT YellowPages\STIEbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\prvdi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [NoAds] "C:\Programme\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\prvdi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: My button - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Programme\0CAT YellowPages\STIEbar2.dll
O9 - Extra 'Tools' menuitem: My menu - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Programme\0CAT YellowPages\STIEbar2.dll
O9 - Extra button: Descarregas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\nge-kazemule-de\local.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.chello.at/
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binarie...1022_EN_XP.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binarie...tc32_EN_XP.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binarie...ia32_EN_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binarie...hv32_EN_XP.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/...ler/dwnldr.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binarie...pe32_EN_XP.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ias.tuwien.ac.at
O17 - HKLM\Software\..\Telephony: DomainName = ias.tuwien.ac.at
O17 - HKLM\System\CCS\Services\Tcpip\..\{37B004E1-F219-43D1-8EA5-88A7CDED63D2}: Domain = ias.tuwien.ac.at
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F6EDC08-1ED8-44AC-A033-2D41AD80DBED}: Domain = ias.tuwien.ac.at
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F6EDC08-1ED8-44AC-A033-2D41AD80DBED}: NameServer = 195.34.133.18,195.34.133.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A2888B4-D1B8-4440-B736-5EE2DB15BAB4}: NameServer = 195.34.133.10,195.34.133.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ias.tuwien.ac.at
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ias.tuwien.ac.at,tuwien.ac.at,ioc.tuwien.ac.at
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ias.tuwien.ac.at,tuwien.ac.at,ioc.tuwien.ac.at
O18 - Filter: text/html - {42EE888C-9471-49ED-99E7-8063ED1D3560} - C:\WINDOWS\System32\bfb.dll
O18 - Filter: text/plain - {42EE888C-9471-49ED-99E7-8063ED1D3560} - C:\WINDOWS\System32\bfb.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

Danke

Lutz 25.02.2005 10:17
Hallo BeateG,

bitte fixe mit HijackThis im abgesicherten Modus folgende Einträge:
Zitat:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0000_ho
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
O2 - BHO: (no name) - {34116E43-B756-4658-BCA7-BCC18D6A9786} - C:\WINDOWS\System32\bfb.dll (file missing)
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll (file missing)

O2 - BHO: STIEbarBHO Class - {D797AD6C-6447-4DB4-91D0-090344408E72} - C:\Programme\0CAT YellowPages\STIEbar2.dll
O3 - Toolbar: 0CAT Yellow Pages - {679695BC-A811-4A9D-8CDF-BA8C795F261A} - C:\Programme\0CAT YellowPages\STIEbar2.dll
(es sei denn, es handelt sich um eine von Dir gewollt installierte Toolbar, ich kenne diese allerdings nicht!)

O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\prvdi.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\prvdi.exe

O9 - Extra button: My button - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Programme\0CAT YellowPages\STIEbar2.dll
O9 - Extra 'Tools' menuitem: My menu - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Programme\0CAT YellowPages\STIEbar2.dll
(siehe Anmerkung oben!)

O9 - Extra button: Descarregas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\nge-kazemule-de\local.html

O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binari..._1022_EN_XP.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binari...dtc32_EN_XP.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binari...tia32_EN_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binari...thv32_EN_XP.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download...ller/dwnldr.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binari...tpe32_EN_XP.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

O18 - Filter: text/html - {42EE888C-9471-49ED-99E7-8063ED1D3560} - C:\WINDOWS\System32\bfb.dll
O18 - Filter: text/plain - {42EE888C-9471-49ED-99E7-8063ED1D3560} - C:\WINDOWS\System32\bfb.dll
Einige Einträge/Dateien sind mir nicht klar.
Mach mal einen Scan mit eScan (siehe Signatur - Anleitung genau beachten!) und poste anschließend, was gefunden wurde.
Öffne dazu die mwav.log -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen.

BeateG 25.02.2005 13:08
Ich schick die kopierten Treffer vom e-scan mit Treffer auf infected:

Mon Feb 28 23:35:41 2005 => File C:\WINDOWS\System32\msvcrta.dll infected by "Trojan.Win32.Agent.q" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:35:50 2005 => File C:\WINDOWS\System32\prvdi.exe infected by "Trojan-Dropper.Win32.Small.rd" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:35:53 2005 => File C:\Programme\WebSiteViewer\127021.dlr infected by "not-a-virus:PornWare.Dialer.Tibs" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:36:05 2005 => File C:\WINDOWS\System32\msvcrta.dll infected by "Trojan.Win32.Agent.q" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:36:18 2005 => File C:\WINDOWS\System32\prvdi.exe infected by "Trojan-Dropper.Win32.Small.rd" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:36:53 2005 => File C:\WINDOWS\System32\dload.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:37:25 2005 => File C:\WINDOWS\System32\ds.exe infected by "not-a-virus:AdWare.EnergyPlugin.a" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:38:34 2005 => File C:\WINDOWS\System32\Mservice.dll infected by "Trojan-Downloader.Win32.Wintrim.cj" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:38:38 2005 => File C:\WINDOWS\System32\p2esocks_1022.dll infected by "Trojan.Win32.P2E.ai" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:39:03 2005 => File C:\WINDOWS\System32\EGCOMLIB_1035.dll infected by "not-a-virus:PornWare.Dialer.InstantAccess" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:41:36 2005 => File C:\DOKUME~1\Beate\LOKALE~1\Temp\sp.html infected by "Trojan.JS.StartPage.u" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:41:54 2005 => File C:\DOKUME~1\Beate\LOKALE~1\Temp\ishield.cmd infected by "Trojan.Win32.Agent.q" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:41:54 2005 => File C:\DOKUME~1\Beate\LOKALE~1\Temp\prvdi.exe infected by "Trojan-Dropper.Win32.Small.rd" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:41:55 2005 => File C:\DOKUME~1\Beate\LOKALE~1\Temp\0catyellowpages.exe infected by "not-a-virus:AdWare.ToolBar.STIEBar.a" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:41:56 2005 => File C:\DOKUME~1\Beate\LOKALE~1\Temp\jar_cache36013.tmp infected by "Trojan.Java.ClassLoader.k" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:41:56 2005 => File C:\DOKUME~1\Beate\LOKALE~1\Temp\jar_cache36014.tmp infected by "Trojan.Java.ClassLoader.k" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:41:56 2005 => File C:\DOKUME~1\Beate\LOKALE~1\Temp\jar_cache36015.tmp infected by "Trojan.Java.ClassLoader.k" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:42:00 2005 => File C:\DOKUME~1\Beate\LOKALE~1\Temp\prvdi1.exe infected by "Trojan-Dropper.Win32.Small.rd" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:46:55 2005 => File C:\DOKUME~1\Beate\LOKALE~1\TEMPOR~1\Content.IE5\SLMNC5EN\127021[1].exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:49:52 2005 => File C:\DOKUME~1\Beate\LOKALE~1\TEMPOR~1\Content.IE5\320VJ9CP\a577ae75[1].js infected by "Trojan-Downloader.JS.Small.af" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:10:22 2005 => File C:\WINDOWS\system32\dload.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:11:10 2005 => File C:\WINDOWS\system32\ds.exe infected by "not-a-virus:AdWare.EnergyPlugin.a" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:12:38 2005 => File C:\WINDOWS\system32\Mservice.dll infected by "Trojan-Downloader.Win32.Wintrim.cj" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:12:48 2005 => File C:\WINDOWS\system32\p2esocks_1022.dll infected by "Trojan.Win32.P2E.ai" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:16:43 2005 => File C:\WINDOWS\system32\EGCOMLIB_1035.dll infected by "not-a-virus:PornWare.Dialer.InstantAccess" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:20:40 2005 => File C:\WINDOWS\Temp\PR2E2.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:20:48 2005 => File C:\WINDOWS\Temp\PR2E3.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:20:55 2005 => File C:\WINDOWS\Temp\PR2E4.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:21:01 2005 => File C:\WINDOWS\Temp\PR2E5.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:21:08 2005 => File C:\WINDOWS\Temp\PR2E6.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:21:14 2005 => File C:\WINDOWS\Temp\PR2E7.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:21:20 2005 => File C:\WINDOWS\Temp\PR2E8.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:21:27 2005 => File C:\WINDOWS\Temp\PR2E9.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:21:33 2005 => File C:\WINDOWS\Temp\PR2EA.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:21:47 2005 => File C:\WINDOWS\Temp\PR2EB.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:21:55 2005 => File C:\WINDOWS\Temp\PR2EC.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:22:03 2005 => File C:\WINDOWS\Temp\PR2ED.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:22:09 2005 => File C:\WINDOWS\Temp\PR2EE.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:22:17 2005 => File C:\WINDOWS\Temp\PR2EF.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:22:25 2005 => File C:\WINDOWS\Temp\PR2F0.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:22:31 2005 => File C:\WINDOWS\Temp\PR2F1.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:22:37 2005 => File C:\WINDOWS\Temp\PR2F2.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:22:44 2005 => File C:\WINDOWS\Temp\PR2F3.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:22:51 2005 => File C:\WINDOWS\Temp\PR2F4.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:23:01 2005 => File C:\WINDOWS\Temp\PR2F5.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:23:09 2005 => File C:\WINDOWS\Temp\PR2F6.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:23:17 2005 => File C:\WINDOWS\Temp\PR2F7.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:23:22 2005 => File C:\WINDOWS\Temp\PR2F8.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:23:27 2005 => File C:\WINDOWS\Temp\PR2F9.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:23:31 2005 => File C:\WINDOWS\Temp\PR2FA.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:23:36 2005 => File C:\WINDOWS\Temp\PR2FB.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:23:40 2005 => File C:\WINDOWS\Temp\PR2FC.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:23:46 2005 => File C:\WINDOWS\Temp\PR2FD.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:23:50 2005 => File C:\WINDOWS\Temp\PR2FE.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:23:54 2005 => File C:\WINDOWS\Temp\PR2FF.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:23:58 2005 => File C:\WINDOWS\Temp\PR300.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:24:03 2005 => File C:\WINDOWS\Temp\PR301.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:24:07 2005 => File C:\WINDOWS\Temp\PR302.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:24:11 2005 => File C:\WINDOWS\Temp\PR303.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:24:15 2005 => File C:\WINDOWS\Temp\PR304.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:24:19 2005 => File C:\WINDOWS\Temp\PR305.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:24:22 2005 => File C:\WINDOWS\Temp\PR306.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:24:25 2005 => File C:\WINDOWS\Temp\PR307.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:24:29 2005 => File C:\WINDOWS\Temp\PR308.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:24:32 2005 => File C:\WINDOWS\Temp\PR309.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:24:36 2005 => File C:\WINDOWS\Temp\PR30A.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:24:39 2005 => File C:\WINDOWS\Temp\PR30B.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:24:42 2005 => File C:\WINDOWS\Temp\PR30C.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:24:48 2005 => File C:\WINDOWS\Temp\PR30E.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:24:51 2005 => File C:\WINDOWS\Temp\PR30F.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:24:54 2005 => File C:\WINDOWS\Temp\PR310.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:24:57 2005 => File C:\WINDOWS\Temp\PR311.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:25:00 2005 => File C:\WINDOWS\Temp\PR312.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:25:03 2005 => File C:\WINDOWS\Temp\PR313.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:25:19 2005 => File C:\WINDOWS\Temp\PRB29.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:25:29 2005 => File C:\WINDOWS\Temp\PRB2A.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:25:36 2005 => File C:\WINDOWS\Temp\PRB2B.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:25:44 2005 => File C:\WINDOWS\Temp\PRB2C.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:25:49 2005 => File C:\WINDOWS\Temp\PRB2D.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:25:59 2005 => File C:\WINDOWS\Temp\PRB2E.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:26:08 2005 => File C:\WINDOWS\Temp\PRB2F.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:26:16 2005 => File C:\WINDOWS\Temp\PRB30.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:26:37 2005 => File C:\WINDOWS\Temp\PRB31.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:26:47 2005 => File C:\WINDOWS\Temp\PRB32.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:26:52 2005 => File C:\WINDOWS\Temp\PR627.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:26:56 2005 => File C:\WINDOWS\Temp\PR628.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:27:01 2005 => File C:\WINDOWS\Temp\PR629.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:27:05 2005 => File C:\WINDOWS\Temp\PR62A.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:27:09 2005 => File C:\WINDOWS\Temp\PR62B.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:27:13 2005 => File C:\WINDOWS\Temp\PR62C.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:27:17 2005 => File C:\WINDOWS\Temp\PR62D.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:27:21 2005 => File C:\WINDOWS\Temp\PR62E.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:27:25 2005 => File C:\WINDOWS\Temp\PR62F.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:27:32 2005 => File C:\WINDOWS\Temp\PR631.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:27:38 2005 => File C:\WINDOWS\Temp\PRB33.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:27:43 2005 => File C:\WINDOWS\Temp\PRB34.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:27:49 2005 => File C:\WINDOWS\Temp\PRB35.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.

Mon Feb 28 23:27:55 2005 => File C:\WINDOWS\Temp\PRB36.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:28:02 2005 => File C:\WINDOWS\Temp\PRB37.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:28:07 2005 => File C:\WINDOWS\Temp\PRB38.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:28:13 2005 => File C:\WINDOWS\Temp\PRB39.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:28:18 2005 => File C:\WINDOWS\Temp\PRB3A.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:28:25 2005 => File C:\WINDOWS\Temp\PRB3B.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:28:30 2005 => File C:\WINDOWS\Temp\PRB3C.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:28:35 2005 => File C:\WINDOWS\Temp\PRB3D.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:28:44 2005 => File C:\WINDOWS\Temp\PRB40.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:28:52 2005 => File C:\WINDOWS\Temp\PRB41.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:29:00 2005 => File C:\WINDOWS\Temp\PRB42.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:29:08 2005 => File C:\WINDOWS\Temp\PRB43.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:29:20 2005 => File C:\WINDOWS\Temp\PRB45.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:29:27 2005 => File C:\WINDOWS\Temp\PRB46.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:29:34 2005 => File C:\WINDOWS\Temp\PRB47.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:29:41 2005 => File C:\WINDOWS\Temp\PRB49.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:29:48 2005 => File C:\WINDOWS\Temp\PRB4A.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:30:04 2005 => File C:\WINDOWS\Temp\PRB4B.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:30:15 2005 => File C:\WINDOWS\Temp\PRB4C.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:30:22 2005 => File C:\WINDOWS\Temp\PRB4D.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:30:30 2005 => File C:\WINDOWS\Temp\PRB4E.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:30:36 2005 => File C:\WINDOWS\Temp\PRB4F.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:30:42 2005 => File C:\WINDOWS\Temp\PRB50.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:30:48 2005 => File C:\WINDOWS\Temp\PRB51.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:30:54 2005 => File C:\WINDOWS\Temp\PRB52.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.

Mon Feb 28 23:31:01 2005 => File C:\WINDOWS\Temp\PRB53.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:31:06 2005 => File C:\WINDOWS\Temp\PRB55.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:31:10 2005 => File C:\WINDOWS\Temp\PRB56.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:31:14 2005 => File C:\WINDOWS\Temp\PRB57.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:31:22 2005 => File C:\WINDOWS\Temp\PRB58.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:31:30 2005 => File C:\WINDOWS\Temp\PRB59.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:31:37 2005 => File C:\WINDOWS\Temp\PRB5A.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:31:44 2005 => File C:\WINDOWS\Temp\PRB5B.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:31:52 2005 => File C:\WINDOWS\Temp\PRB5C.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:31:58 2005 => File C:\WINDOWS\Temp\PRB5D.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:32:06 2005 => File C:\WINDOWS\Temp\PRB5E.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:32:14 2005 => File C:\WINDOWS\Temp\PRB60.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:32:19 2005 => File C:\WINDOWS\Temp\PRB62.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:32:24 2005 => File C:\WINDOWS\Temp\PRB63.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:32:30 2005 => File C:\WINDOWS\Temp\PRB65.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:32:36 2005 => File C:\WINDOWS\Temp\PRB66.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:32:42 2005 => File C:\WINDOWS\Temp\PRB67.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:32:48 2005 => File C:\WINDOWS\Temp\PRB68.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:32:52 2005 => File C:\WINDOWS\Temp\PRB69.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:32:58 2005 => File C:\WINDOWS\Temp\PRB6A.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:33:05 2005 => File C:\WINDOWS\Temp\PRB6B.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:33:12 2005 => File C:\WINDOWS\Temp\PRB6C.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:33:18 2005 => File C:\WINDOWS\Temp\PRB6D.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:33:24 2005 => File C:\WINDOWS\Temp\PRB6E.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:33:29 2005 => File C:\WINDOWS\Temp\PRB6F.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.

Mon Feb 28 23:33:35 2005 => File C:\WINDOWS\Temp\PRB70.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:33:40 2005 => File C:\WINDOWS\Temp\PRB71.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:33:45 2005 => File C:\WINDOWS\Temp\PRB72.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:33:51 2005 => File C:\WINDOWS\Temp\PRB73.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:33:57 2005 => File C:\WINDOWS\Temp\PRB74.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:34:01 2005 => File C:\WINDOWS\Temp\PRB75.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:34:06 2005 => File C:\WINDOWS\Temp\PRB76.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:34:10 2005 => File C:\WINDOWS\Temp\PRB77.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:34:15 2005 => File C:\WINDOWS\Temp\PRB78.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:34:20 2005 => File C:\WINDOWS\Temp\PRB79.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:34:25 2005 => File C:\WINDOWS\Temp\PRB7A.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:34:31 2005 => File C:\WINDOWS\Temp\PRB7C.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:34:39 2005 => File C:\WINDOWS\Temp\PRB7D.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:34:44 2005 => File C:\WINDOWS\Temp\PRB7E.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:34:50 2005 => File C:\WINDOWS\Temp\PRB7F.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:34:56 2005 => File C:\WINDOWS\Temp\PRB80.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:35:02 2005 => File C:\WINDOWS\Temp\PRB81.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
Mon Feb 28 23:35:07 2005 => File C:\WINDOWS\Temp\PRB83.tmp infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.

Lutz 25.02.2005 15:05
Hallo Beate,

lade Dir als erstes das Programm ClearProg herunter und leere damit die temporären Ordner C:\DOKUME~1\Beate\LOKALE~1\Temp\, C:\WINDOWS\Temp\ und C:\DOKUME~1\Beate\LOKALE~1\TEMPOR~1\Content.IE5\

Anschließend schau mal nach, ob es unter Systemsteuerung -> Software einen solchen (oder ähnlichen) Eintrag gibt.
Zitat:
WebSiteViewer
Wenn ja, deinstalliere das Programm von dort aus. Wenn nicht, lösche den kompletten Ordner C:\Programme\WebSiteViewer

Danach lösche folgende Dateien manuell im abgesicherten Modus:
Zitat:
C:\WINDOWS\System32\msvcrta.dll
C:\WINDOWS\System32\prvdi.exe
C:\WINDOWS\System32\msvcrta.dll
C:\WINDOWS\System32\prvdi.exe
C:\WINDOWS\System32\dload.exe
C:\WINDOWS\System32\ds.exe
C:\WINDOWS\System32\Mservice.dll
C:\WINDOWS\System32\p2esocks_1022.dll
C:\WINDOWS\System32\EGCOMLIB_1035.dll.
BTW: Wenn Du nicht über DSL ins Web gehst, bzw. auch ein (Fax-)Modem oder z.B. eine Telefonanlage am PC angeschlossen hast, solltest Du die o.g. Dateien zur evtl. Beweissicherung vorher auf Diskette speichern, falls es mal zu einer erhöhten Telefonrechnung kommt.

Anschließend lösche bitte die Log-Datei von eScan, also die Datei mwav.log aus dem Verzeichnis c:\bases und scanne mit eScan erneut, um sicher zu gehen, dass nichts übersehen wurde.

Boote dann im normalen Modus und erstelle ein neues Log mit HijackThis. Poste dieses hier.

Achja, ein Besuch bei www.windowsupdates.com dürfte Dir einige Sicherheitspachtes bringen... ;)

BeateG 25.02.2005 19:13
Alles Gemacht, hier das neueste Hijack File:

ogfile of HijackThis v1.99.0
Scan saved at 23:09:06, on 28.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Netscape\Netscape\Netscp.exe
C:\Programme\NoAds\NoAds.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\Beate\Eigene Dateien\Beate\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.chello.at/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von chello broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.chello.at/autoconfig/deat.ins
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gate.tuwien.datentankstelle
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [NoAds] "C:\Programme\NoAds\NoAds.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.chello.at/
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ias.tuwien.ac.at
O17 - HKLM\Software\..\Telephony: DomainName = ias.tuwien.ac.at
O17 - HKLM\System\CCS\Services\Tcpip\..\{37B004E1-F219-43D1-8EA5-88A7CDED63D2}: Domain = ias.tuwien.ac.at
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F6EDC08-1ED8-44AC-A033-2D41AD80DBED}: Domain = ias.tuwien.ac.at
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F6EDC08-1ED8-44AC-A033-2D41AD80DBED}: NameServer = 195.34.133.18,195.34.133.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A2888B4-D1B8-4440-B736-5EE2DB15BAB4}: NameServer = 195.34.133.10,195.34.133.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ias.tuwien.ac.at
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ias.tuwien.ac.at,tuwien.ac.at,ioc.tuwien.ac.at
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ias.tuwien.ac.at,tuwien.ac.at,ioc.tuwien.ac.at
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

Lutz 25.02.2005 20:30
Dieser Eintrag ist jetzt neu:
Zitat:
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
Überprüfe mal die Datei C:\WINDOWS\cerbmod.dll bei http://virusscan.jotti.org/. Ansonsten sieht das Log imho jetzt sauber aus.

BeateG 26.02.2005 10:53
DANKE DANKE DANKE DANKE!!!
Ich bin ganz begeistert von der schnellen und kompetenten Hilfe. Alle Probleme beseitigt.

lg Beate

Lutz 26.02.2005 11:04
Eines ist mir gerade noch aufgefallen.
Zitat:
C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
Du könntest/solltest Deine Java-Version mal aktualisieren -> http://www.java.com/de/download/windows_xpi.jsp

Außerdem ist Dein Windows und Dein InternetExplorer nicht 'up to date'. Dies solltest Du auf www.windowsupdate.com noch nachholen...

BeateG 26.02.2005 16:36
Alles upgedatet, danke !!


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131