Home » Viren, Trojaner & Malware Forum » Trojanische Pferd TR/Dldr.Swizzor.CO wie entfernen? » Themenansicht
Trojanische Pferd TR/Dldr.Swizzor.CO wie entfernen?Thema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
27.08.2005, 21:54
Member
Beiträge: 19 |
||
 
|
|
|
|
27.08.2005, 22:19
...neu hier
Beiträge: 6 |
||
|
|
|
|
|
28.08.2005, 00:41
Ehrenmitglied
 Beiträge: 29434 |
#78
-siltent-
Fixe mit dem HijackThis: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jivuzghsip.biz/CFz25am1zxJ1lgrqj6HlYdwXMIkOm1T28PugjvJpbe_1uk7f0WPbZa2DaLZdOpX4.htm O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O20 - AppInit_DLLs: MsgPlusLoader.dll neustarten MsgPlusLoader.dll C:\Programme\MessengerPlus! 3\MsgPlus.exe loeschen und alles vom MsgPlus (der ist Schuld an der verseuchung) vielleicht scannst du noch mal mit escan  noch mal eine neue Startseite einstellen und das neue log posten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
28.08.2005, 13:37
Member
Beiträge: 19 |
#79
hallo Sabina,
hier ist mein neuer escan logfile: -------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Sun Aug 28 12:54:35 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Anwendungsdaten\Microsoft\Office\Zuletzt verwendet\INFECTED.LNK 2: Sun Aug 28 12:54:50 2005 => Scanning Folder: C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\*.* 3: Sun Aug 28 12:54:50 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR 4: Sun Aug 28 12:54:56 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 5: Sun Aug 28 12:54:56 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR00 6: Sun Aug 28 12:54:56 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR00 infected by "Trojan-Downloader.Win32.Swizzor.dg" Virus! Action Taken: No Action Taken. 7: Sun Aug 28 12:54:56 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR01 8: Sun Aug 28 12:54:57 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR01 infected by "Trojan-Downloader.Win32.Swizzor.dg" Virus! Action Taken: No Action Taken. 9: Sun Aug 28 12:54:57 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR02 10: Sun Aug 28 12:54:57 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR02 infected by "Trojan-Downloader.Win32.Swizzor.dg" Virus! Action Taken: No Action Taken. 11: Sun Aug 28 12:54:57 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR03 12: Sun Aug 28 12:54:57 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR03 infected by "Trojan-Downloader.Win32.Swizzor.dg" Virus! Action Taken: No Action Taken. 13: Sun Aug 28 12:54:57 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR04 14: Sun Aug 28 12:54:57 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR04 infected by "Trojan-Downloader.Win32.Swizzor.dg" Virus! Action Taken: No Action Taken. 15: Sun Aug 28 12:54:57 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR05 16: Sun Aug 28 12:54:57 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR05 infected by "Trojan-Downloader.Win32.Swizzor.dg" Virus! Action Taken: No Action Taken. 17: Sun Aug 28 12:54:57 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR06 18: Sun Aug 28 12:54:57 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR06 infected by "Trojan-Downloader.Win32.Swizzor.dg" Virus! Action Taken: No Action Taken. 19: Sun Aug 28 12:54:57 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR07 20: Sun Aug 28 12:54:58 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR07 tagged as "not-a-virus:AdWare.Lop.x". Action Taken: No Action Taken. 21: Sun Aug 28 12:54:58 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR08 22: Sun Aug 28 12:54:58 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR08 tagged as "not-a-virus:AdWare.Lop.x". Action Taken: No Action Taken. 23: Sun Aug 28 12:54:58 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR09 24: Sun Aug 28 12:54:58 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR09 tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 25: Sun Aug 28 12:54:58 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR10 26: Sun Aug 28 12:54:58 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR10 tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 27: Sun Aug 28 12:54:58 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR11 28: Sun Aug 28 12:54:58 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR11 tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 29: Sun Aug 28 12:56:27 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Word Dokumente\INFECTED.doc 30: Sun Aug 28 12:58:35 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Recent\INFECTED.lnk 31: Sun Aug 28 13:24:16 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089186.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 32: Sun Aug 28 13:24:16 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089187.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 33: Sun Aug 28 13:24:16 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089188.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 34: Sun Aug 28 13:24:17 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089190.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 35: Sun Aug 28 13:24:17 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089191.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 36: Sun Aug 28 13:24:17 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089192.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 37: Sun Aug 28 13:24:17 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089193.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 38: Sun Aug 28 13:24:18 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089194.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 39: Sun Aug 28 13:24:18 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089195.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 40: Sun Aug 28 13:24:19 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089198.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 41: Sun Aug 28 13:24:19 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089200.exe infected by "Trojan-Downloader.Win32.Swizzor.do" Virus! Action Taken: No Action Taken. -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Sun Aug 28 12:54:56 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 2: Sun Aug 28 12:54:58 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR07 tagged as "not-a-virus:AdWare.Lop.x". Action Taken: No Action Taken. 3: Sun Aug 28 12:54:58 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR08 tagged as "not-a-virus:AdWare.Lop.x". Action Taken: No Action Taken. 4: Sun Aug 28 12:54:58 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR09 tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 5: Sun Aug 28 12:54:58 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR10 tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 6: Sun Aug 28 12:54:58 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR11 tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 7: Sun Aug 28 13:24:16 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089183.exe tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 8: Sun Aug 28 13:24:17 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089189.exe tagged as "not-a-virus:AdWare.Lop.ab". Action Taken: No Action Taken. 9: Sun Aug 28 13:24:19 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089197.exe tagged as "not-a-virus:AdWare.Lop.ab". Action Taken: No Action Taken. 10: Sun Aug 28 13:24:19 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089199.exe tagged as "not-a-virus:AdWare.Lop.p". Action Taken: No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Sun Aug 28 12:48:09 2005 => ERROR!!! Invalid Entry SB Audigy 2 Startup Menu = /L:GER (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 2: Sun Aug 28 12:48:16 2005 => ERROR!!! Invalid Entry System32\DRIVERS\wATV03nt.sys in SYSTEM\CurrentControlSet\Services\iAimTV2... 3: Sun Aug 28 12:49:42 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\CTDetect.cpl". Action Taken: No Action Taken. 4: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ahead\NeroDigital\settings.xml". Action Taken: No Action Taken. 5: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken. 6: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-cht.nls". Action Taken: No Action Taken. 7: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken. 8: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken. 9: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken. 10: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken. 11: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-kor.nls". Action Taken: No Action Taken. 12: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken. 13: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken. 14: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken. 15: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken. 16: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken. 17: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken. 18: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-chs.nls". Action Taken: No Action Taken. 19: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken. 20: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken. 21: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken. 22: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken. 23: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken. 24: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-tha.nls". Action Taken: No Action Taken. 25: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken. 26: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken. 27: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken. 28: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Chs.nls". Action Taken: No Action Taken. 29: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Cht.nls". Action Taken: No Action Taken. 30: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Esp.nls". Action Taken: No Action Taken. 31: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Fra.nls". Action Taken: No Action Taken. 32: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Ita.nls". Action Taken: No Action Taken. 33: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Jpn.nls". Action Taken: No Action Taken. 34: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-kor.nls". Action Taken: No Action Taken. 35: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Nld.nls". Action Taken: No Action Taken. 36: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Ptg.nls". Action Taken: No Action Taken. 37: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Chs.nls". Action Taken: No Action Taken. 38: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Cht.nls". Action Taken: No Action Taken. 39: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Csy.nls". Action Taken: No Action Taken. 40: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Dan.nls". Action Taken: No Action Taken. 41: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Ell.nls". Action Taken: No Action Taken. 42: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Esl.nls". Action Taken: No Action Taken. 43: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Esp.nls". Action Taken: No Action Taken. 44: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Fin.nls". Action Taken: No Action Taken. 45: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Fra.nls". Action Taken: No Action Taken. 46: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Hun.nls". Action Taken: No Action Taken. 47: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Ita.nls". Action Taken: No Action Taken. 48: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Jpn.nls". Action Taken: No Action Taken. 49: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Kor.nls". Action Taken: No Action Taken. 50: Sun Aug 28 12:49:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Nld.nls". Action Taken: No Action Taken. 51: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Nor.nls". Action Taken: No Action Taken. 52: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Plk.nls". Action Taken: No Action Taken. 53: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Ptb.nls". Action Taken: No Action Taken. 54: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Ptg.nls". Action Taken: No Action Taken. 55: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Rus.nls". Action Taken: No Action Taken. 56: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Sky.nls". Action Taken: No Action Taken. 57: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Slv.nls". Action Taken: No Action Taken. 58: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Sve.nls". Action Taken: No Action Taken. 59: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Tha.nls". Action Taken: No Action Taken. 60: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Trk.nls". Action Taken: No Action Taken. 61: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Chs.nls". Action Taken: No Action Taken. 62: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Cht.nls". Action Taken: No Action Taken. 63: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Deu.nls". Action Taken: No Action Taken. 64: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Esp.nls". Action Taken: No Action Taken. 65: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Fra.nls". Action Taken: No Action Taken. 66: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ita.nls". Action Taken: No Action Taken. 67: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken. 68: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Kor.nls". Action Taken: No Action Taken. 69: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Nld.nls". Action Taken: No Action Taken. 70: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: No Action Taken. 71: Sun Aug 28 12:49:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\Skins\Icy.bmp". Action Taken: No Action Taken. 72: Sun Aug 28 12:49:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\Colin\Spiele\Far Cry\Support\Readme (DE).rtf". Action Taken: No Action Taken. 73: Sun Aug 28 12:49:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Sonic Shared\sonicmpgvout.004". Action Taken: No Action Taken. 74: Sun Aug 28 12:49:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Sonic Shared\sonicmpgvout.003". Action Taken: No Action Taken. 75: Sun Aug 28 12:49:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Sonic Shared\sonicmpgvout.002". Action Taken: No Action Taken. 76: Sun Aug 28 12:49:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Sonic Shared\sonicmpgvout.001". Action Taken: No Action Taken. 77: Sun Aug 28 12:49:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken. 78: Sun Aug 28 12:49:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken. 79: Sun Aug 28 12:49:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Dell_TrueMobile_WINDOWS" refers to invalid object "C:\Programme\Dell TrueMobile\TrueMobile 1300 USB 2.0 WLAN\Dell_TrueMobile_WINDOWS". Action Taken: No Action Taken. 80: Sun Aug 28 12:49:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken. 81: Sun Aug 28 12:49:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Programme\ATI Technologies\ATI Control Panel\setup.exe". Action Taken: No Action Taken. 82: Sun Aug 28 12:49:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\DOKUME~1\Besitzer\LOKALE~1\Temp\yourapp.Exe". Action Taken: No Action Taken. 83: Sun Aug 28 12:49:46 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jasc Software Inc\Paint Shop Pro 8\Cache\". Action Taken: No Action Taken. 84: Sun Aug 28 12:49:46 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jasc Software Inc\Paint Shop Pro 8\". Action Taken: No Action Taken. 85: Sun Aug 28 12:49:46 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jasc Software Inc\". Action Taken: No Action Taken. 86: Sun Aug 28 12:49:46 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\My PSP8 Files\Skripts (eingeschränkt)\". Action Taken: No Action Taken. 87: Sun Aug 28 12:49:46 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\My PSP8 Files\". Action Taken: No Action Taken. 88: Sun Aug 28 12:49:47 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".0". Action Taken: No Action Taken. 89: Sun Aug 28 12:49:47 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".20". Action Taken: No Action Taken. 90: Sun Aug 28 12:49:47 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".74317". Action Taken: No Action Taken. 91: Sun Aug 28 12:49:47 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".A". Action Taken: No Action Taken. 92: Sun Aug 28 12:49:47 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ace". Action Taken: No Action Taken. 93: Sun Aug 28 12:49:47 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".blob". Action Taken: No Action Taken. 94: Sun Aug 28 12:49:47 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DSC". Action Taken: No Action Taken. 95: Sun Aug 28 12:49:47 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MSW". Action Taken: No Action Taken. 96: Sun Aug 28 12:49:47 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken. 97: Sun Aug 28 12:49:47 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken. 98: Sun Aug 28 12:49:47 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken. 99: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken. 100: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817611". Action Taken: No Action Taken. 101: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken. 102: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken. 103: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken. 104: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken. 105: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken. 106: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken. 107: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB834030". Action Taken: No Action Taken. 108: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken. 109: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken. 110: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB838989". Action Taken: No Action Taken. 111: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken. 112: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken. 113: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "VirusScan Online". Action Taken: No Action Taken. 114: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{89A344E4-A54B-4C5E-97BD-040B4B300816}". Action Taken: No Action Taken. 115: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600137}". Action Taken: No Action Taken. 116: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}". Action Taken: No Action Taken. 117: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600777}". Action Taken: No Action Taken. 118: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600813}". Action Taken: No Action Taken. 119: Sun Aug 28 12:49:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F08DAD55-0EB9-46FD-B083-6AC2B3B816B7}". Action Taken: No Action Taken. 120: Sun Aug 28 12:49:48 2005 => Entry "HKCR\CLSID\{0514B040-84EA-11D0-A8BF-00A0C9008A48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 121: Sun Aug 28 12:49:48 2005 => Entry "HKCR\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" refers to invalid object "C:\WINDOWS\System32\msjava.dll". Action Taken: No Action Taken. 122: Sun Aug 28 12:49:48 2005 => Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Shell\psicon.dll". Action Taken: No Action Taken. 123: Sun Aug 28 12:49:50 2005 => Entry "HKCR\CLSID\{5A63D47D-1BA2-48ff-9955-31207899BE01}" refers to invalid object "c:\programme\mcafee.com\shared\mcinfo.exe". Action Taken: No Action Taken. 124: Sun Aug 28 12:49:51 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken. 125: Sun Aug 28 12:49:51 2005 => Entry "HKCR\CLSID\{86FC1FD1-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\Colin\LOKALE~1\Temp\ZipNrun.tmp\mDxEmul.mom". Action Taken: No Action Taken. 126: Sun Aug 28 12:49:51 2005 => Entry "HKCR\CLSID\{86FC1FD3-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\Colin\LOKALE~1\Temp\ZipNrun.tmp\mDxEmul.mom". Action Taken: No Action Taken. 127: Sun Aug 28 12:49:52 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken. 128: Sun Aug 28 12:49:52 2005 => Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken. 129: Sun Aug 28 12:49:53 2005 => Entry "HKCR\CLSID\{BFFFD262-7705-11D0-B5DC-444553540000}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 130: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA5665-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 131: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA566B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 132: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA5671-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 133: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA5677-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 134: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA567D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 135: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA5683-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 136: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA5689-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 137: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA568F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 138: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA5695-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 139: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA569B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 140: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA56A1-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 141: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA56A7-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 142: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA56AD-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 143: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA56B3-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 144: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA56B9-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 145: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA56BF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 146: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA56C5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 147: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA56CB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 148: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA56D1-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 149: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA56D7-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 150: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA56DD-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 151: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA56E3-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 152: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA56E9-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 153: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA56EF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 154: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA56F5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 155: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA56FB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 156: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA5701-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 157: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA5707-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 158: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA570D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 159: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA5713-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 160: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA571F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 161: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA572B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 162: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA5731-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 163: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA5737-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 164: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA573D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 165: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA5749-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 166: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA574F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 167: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA5755-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 168: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA575B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 169: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA5767-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 170: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA5791-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 171: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA57DF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 172: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA57E5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 173: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{F3CA57EB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 174: Sun Aug 28 12:49:55 2005 => Entry "HKCR\CLSID\{FACF11A2-5095-11D3-A9DE-00C0268E5C48}" refers to invalid object "C:\DOKUME~1\Colin\LOKALE~1\Temp\ZipNrun.tmp\mDxEmul.mom". Action Taken: No Action Taken. 175: Sun Aug 28 12:49:56 2005 => Entry "HKCR\TypeLib\{86FC1FC2-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\Colin\LOKALE~1\Temp\ZipNrun.tmp\mDxEmul.mom". Action Taken: No Action Taken. 176: Sun Aug 28 12:49:56 2005 => Entry "HKCR\TypeLib\{A73B6F3D-FD35-4992-AB4B-4AD729BB20E7}" refers to invalid object "c:\programme\mcafee.com\shared\mcinfo.exe". Action Taken: No Action Taken. 177: Sun Aug 28 12:49:56 2005 => Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken. 178: Sun Aug 28 12:49:56 2005 => Entry "HKCR\TypeLib\{F3CA5660-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 179: Sun Aug 28 12:49:56 2005 => Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken. 180: Sun Aug 28 12:49:56 2005 => Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken. 181: Sun Aug 28 12:49:56 2005 => Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken. 182: Sun Aug 28 12:49:56 2005 => Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken. 183: Sun Aug 28 12:49:56 2005 => Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken. 184: Sun Aug 28 12:49:56 2005 => Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken. 185: Sun Aug 28 12:49:56 2005 => Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken. 186: Sun Aug 28 12:49:56 2005 => Entry "HKCR\.gst" refers to invalid object "MSMap.Datainst.8". Action Taken: No Action Taken. 187: Sun Aug 28 12:49:57 2005 => Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken. 188: Sun Aug 28 12:49:57 2005 => Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken. 189: Sun Aug 28 12:49:57 2005 => Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken. 190: Sun Aug 28 12:49:57 2005 => Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken. 191: Sun Aug 28 12:49:57 2005 => Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken. 192: Sun Aug 28 12:49:57 2005 => Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken. 193: Sun Aug 28 12:49:57 2005 => Entry "HKCR\Adobe.workflow.files\shell\open\command" refers to invalid object ""C:\Programme\Gemeinsame Dateien\Adobe\WorkFlow\AdobeWorkGroupHelper.exe "%1""". Action Taken: No Action Taken. 194: Sun Aug 28 12:49:57 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. 195: Sun Aug 28 12:49:57 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. 196: Sun Aug 28 12:49:58 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken. 197: Sun Aug 28 12:50:01 2005 => Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken. 198: Sun Aug 28 12:50:03 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. 199: Sun Aug 28 12:50:03 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. 200: Sun Aug 28 12:50:03 2005 => Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken. 201: Sun Aug 28 12:50:04 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. 202: Sun Aug 28 12:50:04 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. 203: Sun Aug 28 12:50:05 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. 204: Sun Aug 28 12:50:05 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. 205: Sun Aug 28 12:54:08 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit.zip is Not Scanned 206: Sun Aug 28 12:54:08 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit1.zip is Not Scanned 207: Sun Aug 28 12:54:08 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit2.zip is Not Scanned 208: Sun Aug 28 12:54:08 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit3.zip is Not Scanned 209: Sun Aug 28 12:54:08 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit4.zip is Not Scanned -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR00 => Trojan-Downloader.Win32.Swizzor.dg 2: C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR01 => Trojan-Downloader.Win32.Swizzor.dg 3: C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR02 => Trojan-Downloader.Win32.Swizzor.dg 4: C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR03 => Trojan-Downloader.Win32.Swizzor.dg 5: C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR04 => Trojan-Downloader.Win32.Swizzor.dg 6: C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR05 => Trojan-Downloader.Win32.Swizzor.dg 7: C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR06 => Trojan-Downloader.Win32.Swizzor.dg 8: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089186.exe => Trojan-Downloader.Win32.Swizzor.de 9: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089187.exe => Trojan-Downloader.Win32.Swizzor.de 10: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089188.exe => Trojan-Downloader.Win32.Swizzor.de 11: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089190.exe => Trojan-Downloader.Win32.Swizzor.de 12: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089191.exe => Trojan-Downloader.Win32.Swizzor.de 13: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089192.exe => Trojan-Downloader.Win32.Swizzor.de 14: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089193.exe => Trojan-Downloader.Win32.Swizzor.de 15: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089194.exe => Trojan-Downloader.Win32.Swizzor.de 16: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089195.exe => Trojan-Downloader.Win32.Swizzor.de 17: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089198.exe => Trojan-Downloader.Win32.Swizzor.de 18: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089200.exe => Trojan-Downloader.Win32.Swizzor.do -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Sun Aug 28 13:34:17 2005 => Total Objects Scanned: 107876 Sun Aug 28 13:34:17 2005 => Total Virus(es) Found: 28 Sun Aug 28 13:34:17 2005 => Total Errors: 209 Sun Aug 28 13:34:17 2005 => Virus Database Date: 2005/08/27 Sun Aug 28 13:34:17 2005 => Virus Database Count: 145891 MfG -silent- |
|
|
|
|
|
|
28.08.2005, 19:19
Ehrenmitglied
Beiträge: 29434 |
#80
Hallo@
- Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein + poste das HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
28.08.2005, 19:35
Member
Beiträge: 19 |
#81
hallo Sabina,
hier mein hijack this Logfile of HijackThis v1.99.1 Scan saved at 19:34:45, on 28.08.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\AVWUPSRV.EXE C:\WINDOWS\System32\CTsvcCDA.exe C:\Programme\Intel\Intel Application Accelerator\iaantmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\System32\PRISMSVR.EXE C:\Programme\Intel\Intel Application Accelerator\iaanotif.exe C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Mouse Razer\razertra.exe C:\WINDOWS\MXOALDR.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programme\QuickTime\qttask.exe C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Mouse Razer\razerhid.exe C:\Programme\Messenger\msmsgs.exe C:\Dokumente und Einstellungen\Colin\Eigene Dateien\hp guard\HGuard\Guard.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\notepad.exe C:\Programme\HijackThis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\spybot 1.4\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [razertra] C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Mouse Razer\razertra.exe O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Dokumente und Einstellungen\Colin\Eigene Dateien\I-tunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:GER O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Homepage Guard] "C:\Dokumente und Einstellungen\Colin\Eigene Dateien\hp guard\HGuard\Guard.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Dokumente und Einstellungen\Colin\Eigene Dateien\spybot 1.4\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Mit dem LeechGet Wizard laden - file://C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Leechget\LeechGet 2004\\Wizard.html O8 - Extra context menu item: Mit LeechGet herunterladen - file://C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Leechget\LeechGet 2004\\AddUrl.html O8 - Extra context menu item: Mit LeechGet parsen - file://C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Leechget\LeechGet 2004\\Parser.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\AVWUPSRV.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Programme\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe und mein finjobs.bat: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 88ED-52C9 Verzeichnis von C:\WINDOWS\tasks 27.08.2005 21:11 <DIR> . 27.08.2005 21:11 <DIR> .. 29.08.2002 06:00 65 DESKTOP.INI 04.10.2004 15:18 258 ISP-Anmeldungserinnerung 1.job 28.08.2005 19:09 6 SA.DAT 3 Datei(en) 329 Bytes Verzeichnis von C:\Dokumente und Einstellungen\Colin\Desktop MfG -silent- |
|
|
|
|
|
|
28.08.2005, 19:45
Ehrenmitglied
Beiträge: 29434 |
#82
Hallo@-silent-
na also und aufpassen mit Downloads von suspekten Programmen......Alles in Ordnung __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
28.08.2005, 19:50
Member
Beiträge: 19 |
#83
Wow danke für alles echt hat mich und dich viele stunden gebraucht den endlich weg zu bekommen...ich danke dir für alles und vllt. hören wir uns ja bald mal wieder wenn ich ein neues prob habe
MfG -silent- |
|
|
|
|
|
|
04.09.2005, 22:25
...neu hier
Beiträge: 1 |
#84
Mein Antivir zeigt immer diesen trojan an
 wie kann ich ihn entfernen?? Trojanische Pferd TR/Dldr.Swizzor.CO Mein HjackThis von jetzt: Logfile of HijackThis v1.99.1 Scan saved at 22:25:30, on 04.09.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BROWSER\BROWSER.EXE C:\Programme\MessengerPlus! 3\MsgPlus.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Gadu-Gadu\gg.exe C:\Programme\Gadu-Gadu\gg.exe C:\DOKUME~1\Sanny\LOKALE~1\Temp\Temporäres Verzeichnis 2 für hijackthis.zip\HijackThis.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programme\Gadu-Gadu\gg.exe" /tray O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{59A50312-F6F8-40D9-8D92-CB938D164C16}: NameServer = 217.237.150.97 217.237.149.161 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE |
|
|
|
|
|
|
04.09.2005, 22:40
Ehrenmitglied
Beiträge: 29434 |
#85
Hallo@sanny
1. deinstalliere MessengerPlus! 3 2.CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html 3. scanne mit escan und poste alles. http://virus-protect.org/escan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
24.09.2005, 21:42
Member
Beiträge: 19 |
#86
hallo Sabina ich bins wieder silent ich hab zwar überhauptnichts gemacht, hab aber irgendwie wieder einen Swizzor.CO...
hier mein logfile: C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Mouse Razer\razertra.exe C:\WINDOWS\MXOALDR.EXE C:\Programme\QuickTime\qttask.exe C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Mouse Razer\razerhid.exe C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Dokumente und Einstellungen\Colin\Eigene Dateien\hp guard\HGuard\Guard.exe C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\AVWUPSRV.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\HijackThis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\spybot 1.4\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [razertra] C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Mouse Razer\razertra.exe O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Dokumente und Einstellungen\Colin\Eigene Dateien\I-tunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:GER O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Homepage Guard] "C:\Dokumente und Einstellungen\Colin\Eigene Dateien\hp guard\HGuard\Guard.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Dokumente und Einstellungen\Colin\Eigene Dateien\spybot 1.4\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Mit dem LeechGet Wizard laden - file://C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Leechget\LeechGet 2004\\Wizard.html O8 - Extra context menu item: Mit LeechGet herunterladen - file://C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Leechget\LeechGet 2004\\AddUrl.html O8 - Extra context menu item: Mit LeechGet parsen - file://C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Leechget\LeechGet 2004\\Parser.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\DOKUMENTE UND EINSTELLUNGEN\COLIN\EIGENE DATEIEN\ANTIVIR\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\AVWUPSRV.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Programme\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe MfG silent |
|
|
|
|
|
|
24.09.2005, 21:57
Ehrenmitglied
Beiträge: 29434 |
#87
-silent-
wo hast du dieses programm geladen? oder ist es von CD ? SB Audigy 2 C:\Programme\Creative\SBAudigy2\Surround Mixer einzelne "exe" ueberpruefen http://www.virustotal.com/flash/index_en.html C:\WINDOWS\MXOALDR.EXE Oben auf der Seite auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten und danach das Ergebnis abkopieren und hier im Beitrag posten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
24.09.2005, 22:11
Member
Beiträge: 19 |
#88
Hallo Sabina,
ich glaube das Programm kommt von einer DVD. Allerdings war es keine illegale gebrannte sonder im Laden gekaufte DVD und das prog. startete sich automatisch. Naja hier das Ergebniss: This is a report processed by VirusTotal on 09/24/2005 at 22:08:45 (CET) after scanning the file "MXOALDR.EXE" file. Antivirus Version Update Result AntiVir 6.32.0.6 09.23.2005 no virus found Avast 4.6.695.0 09.23.2005 no virus found AVG 718 09.23.2005 no virus found Avira 6.32.0.6 09.23.2005 no virus found BitDefender 7.2 09.24.2005 no virus found CAT-QuickHeal 8.00 09.24.2005 no virus found ClamAV devel-20050917 09.23.2005 no virus found DrWeb 4.32b 09.24.2005 no virus found eTrust-Iris 7.1.194.0 09.24.2005 no virus found eTrust-Vet 11.9.1.0 09.23.2005 no virus found F-Prot 3.16c 09.23.2005 no virus found Ikarus 0.2.59.0 09.23.2005 no virus found Kaspersky 4.0.2.24 09.24.2005 no virus found McAfee 4589 09.23.2005 no virus found NOD32v2 1.1231 09.23.2005 no virus found Norman 5.70.10 09.23.2005 no virus found Panda 8.02.00 09.24.2005 no virus found Sophos 3.98.0 09.24.2005 no virus found Symantec 8.0 09.24.2005 no virus found TheHacker 5.8.2.114 09.22.2005 no virus found VBA32 3.10.4 09.21.2005 no virus found VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. |
|
|
|
|
|
|
24.09.2005, 22:14
Ehrenmitglied
Beiträge: 29434 |
#89
nun gut, scanne mit escan, aber loesche vorher die alte log-Datei und poste mir, was angezeigt wird.
Zitat Sollte abschließend ein erneuter Scan mit eScan durchgeführt werden, dann ist es zwingend notwendig, daß die 'mwav.log' zuvor gelöscht wird, da diese nicht überschrieben, sondern nur erweitert wird! __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
24.09.2005, 23:14
Member
Beiträge: 19 |
#90
Hallo sabina,
Hier noch mein eScan logfile: -------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Sat Sep 24 22:25:54 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Anwendungsdaten\Microsoft\Office\Zuletzt verwendet\INFECTED.LNK 2: Sat Sep 24 22:26:15 2005 => Scanning Folder: C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\*.* 3: Sat Sep 24 22:26:15 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR 4: Sat Sep 24 22:26:19 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 5: Sat Sep 24 22:26:19 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR00 6: Sat Sep 24 22:26:19 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR00 infected by "Trojan-Downloader.Win32.Swizzor.dg" Virus! Action Taken: No Action Taken. 7: Sat Sep 24 22:26:19 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR01 8: Sat Sep 24 22:26:19 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR01 infected by "Trojan-Downloader.Win32.Swizzor.dg" Virus! Action Taken: No Action Taken. 9: Sat Sep 24 22:26:19 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR02 10: Sat Sep 24 22:26:19 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR02 infected by "Trojan-Downloader.Win32.Swizzor.dg" Virus! Action Taken: No Action Taken. 11: Sat Sep 24 22:26:19 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR03 12: Sat Sep 24 22:26:19 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR03 infected by "Trojan-Downloader.Win32.Swizzor.dg" Virus! Action Taken: No Action Taken. 13: Sat Sep 24 22:26:19 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR04 14: Sat Sep 24 22:26:19 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR04 infected by "Trojan-Downloader.Win32.Swizzor.dg" Virus! Action Taken: No Action Taken. 15: Sat Sep 24 22:26:19 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR05 16: Sat Sep 24 22:26:20 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR05 infected by "Trojan-Downloader.Win32.Swizzor.dg" Virus! Action Taken: No Action Taken. 17: Sat Sep 24 22:26:20 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR06 18: Sat Sep 24 22:26:20 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR06 infected by "Trojan-Downloader.Win32.Swizzor.dg" Virus! Action Taken: No Action Taken. 19: Sat Sep 24 22:26:20 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR07 20: Sat Sep 24 22:26:20 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR07 tagged as "not-a-virus:AdWare.Lop.x". Action Taken: No Action Taken. 21: Sat Sep 24 22:26:20 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR08 22: Sat Sep 24 22:26:20 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR08 tagged as "not-a-virus:AdWare.Lop.x". Action Taken: No Action Taken. 23: Sat Sep 24 22:26:20 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR09 24: Sat Sep 24 22:26:20 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR09 tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 25: Sat Sep 24 22:26:20 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR10 26: Sat Sep 24 22:26:20 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR10 tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 27: Sat Sep 24 22:26:20 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR11 28: Sat Sep 24 22:26:21 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR11 tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 29: Sat Sep 24 22:30:18 2005 => Scanning File C:\Dokumente und Einstellungen\Colin\Recent\INFECTED.lnk 30: Sat Sep 24 22:57:19 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089186.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 31: Sat Sep 24 22:57:19 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089187.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 32: Sat Sep 24 22:57:19 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089188.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 33: Sat Sep 24 22:57:19 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089190.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 34: Sat Sep 24 22:57:20 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089191.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 35: Sat Sep 24 22:57:20 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089192.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 36: Sat Sep 24 22:57:20 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089193.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 37: Sat Sep 24 22:57:20 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089194.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 38: Sat Sep 24 22:57:20 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089195.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 39: Sat Sep 24 22:57:21 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089198.exe infected by "Trojan-Downloader.Win32.Swizzor.de" Virus! Action Taken: No Action Taken. 40: Sat Sep 24 22:57:22 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089200.exe infected by "Trojan-Downloader.Win32.Swizzor.do" Virus! Action Taken: No Action Taken. -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Sat Sep 24 22:26:19 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 2: Sat Sep 24 22:26:20 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR07 tagged as "not-a-virus:AdWare.Lop.x". Action Taken: No Action Taken. 3: Sat Sep 24 22:26:20 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR08 tagged as "not-a-virus:AdWare.Lop.x". Action Taken: No Action Taken. 4: Sat Sep 24 22:26:20 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR09 tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 5: Sat Sep 24 22:26:20 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR10 tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 6: Sat Sep 24 22:26:21 2005 => File C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR11 tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken. 7: Sat Sep 24 22:57:19 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089189.exe tagged as "not-a-virus:AdWare.Lop.ab". Action Taken: No Action Taken. 8: Sat Sep 24 22:57:21 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089197.exe tagged as "not-a-virus:AdWare.Lop.ab". Action Taken: No Action Taken. 9: Sat Sep 24 22:57:22 2005 => File C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089199.exe tagged as "not-a-virus:AdWare.Lop.p". Action Taken: No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Sat Sep 24 22:18:16 2005 => ERROR!!! Invalid Entry SB Audigy 2 Startup Menu = /L:GER (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 2: Sat Sep 24 22:18:23 2005 => ERROR!!! Invalid Entry System32\DRIVERS\wATV03nt.sys in SYSTEM\CurrentControlSet\Services\iAimTV2... 3: Sat Sep 24 22:19:59 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\CTDetect.cpl". Action Taken: No Action Taken. 4: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ahead\NeroDigital\settings.xml". Action Taken: No Action Taken. 5: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken. 6: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-cht.nls". Action Taken: No Action Taken. 7: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken. 8: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken. 9: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken. 10: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken. 11: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-kor.nls". Action Taken: No Action Taken. 12: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken. 13: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken. 14: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken. 15: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken. 16: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken. 17: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken. 18: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-chs.nls". Action Taken: No Action Taken. 19: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken. 20: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken. 21: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken. 22: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken. 23: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken. 24: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-tha.nls". Action Taken: No Action Taken. 25: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken. 26: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken. 27: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken. 28: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Chs.nls". Action Taken: No Action Taken. 29: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Cht.nls". Action Taken: No Action Taken. 30: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Esp.nls". Action Taken: No Action Taken. 31: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Fra.nls". Action Taken: No Action Taken. 32: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Ita.nls". Action Taken: No Action Taken. 33: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Jpn.nls". Action Taken: No Action Taken. 34: Sat Sep 24 22:20:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-kor.nls". Action Taken: No Action Taken. 35: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Nld.nls". Action Taken: No Action Taken. 36: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Ptg.nls". Action Taken: No Action Taken. 37: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Chs.nls". Action Taken: No Action Taken. 38: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Cht.nls". Action Taken: No Action Taken. 39: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Csy.nls". Action Taken: No Action Taken. 40: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Dan.nls". Action Taken: No Action Taken. 41: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Ell.nls". Action Taken: No Action Taken. 42: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Esl.nls". Action Taken: No Action Taken. 43: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Esp.nls". Action Taken: No Action Taken. 44: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Fin.nls". Action Taken: No Action Taken. 45: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Fra.nls". Action Taken: No Action Taken. 46: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Hun.nls". Action Taken: No Action Taken. 47: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Ita.nls". Action Taken: No Action Taken. 48: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Jpn.nls". Action Taken: No Action Taken. 49: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Kor.nls". Action Taken: No Action Taken. 50: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Nld.nls". Action Taken: No Action Taken. 51: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Nor.nls". Action Taken: No Action Taken. 52: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Plk.nls". Action Taken: No Action Taken. 53: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Ptb.nls". Action Taken: No Action Taken. 54: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Ptg.nls". Action Taken: No Action Taken. 55: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Rus.nls". Action Taken: No Action Taken. 56: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Sky.nls". Action Taken: No Action Taken. 57: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Slv.nls". Action Taken: No Action Taken. 58: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Sve.nls". Action Taken: No Action Taken. 59: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Tha.nls". Action Taken: No Action Taken. 60: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Trk.nls". Action Taken: No Action Taken. 61: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Chs.nls". Action Taken: No Action Taken. 62: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Cht.nls". Action Taken: No Action Taken. 63: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Deu.nls". Action Taken: No Action Taken. 64: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Esp.nls". Action Taken: No Action Taken. 65: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Fra.nls". Action Taken: No Action Taken. 66: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ita.nls". Action Taken: No Action Taken. 67: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken. 68: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Kor.nls". Action Taken: No Action Taken. 69: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Nld.nls". Action Taken: No Action Taken. 70: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: No Action Taken. 71: Sat Sep 24 22:20:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\Skins\Icy.bmp". Action Taken: No Action Taken. 72: Sat Sep 24 22:20:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\Colin\Spiele\Far Cry\Support\Readme (DE).rtf". Action Taken: No Action Taken. 73: Sat Sep 24 22:20:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Sonic Shared\sonicmpgvout.004". Action Taken: No Action Taken. 74: Sat Sep 24 22:20:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Sonic Shared\sonicmpgvout.003". Action Taken: No Action Taken. 75: Sat Sep 24 22:20:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Sonic Shared\sonicmpgvout.002". Action Taken: No Action Taken. 76: Sat Sep 24 22:20:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Sonic Shared\sonicmpgvout.001". Action Taken: No Action Taken. 77: Sat Sep 24 22:20:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken. 78: Sat Sep 24 22:20:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken. 79: Sat Sep 24 22:20:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Dell_TrueMobile_WINDOWS" refers to invalid object "C:\Programme\Dell TrueMobile\TrueMobile 1300 USB 2.0 WLAN\Dell_TrueMobile_WINDOWS". Action Taken: No Action Taken. 80: Sat Sep 24 22:20:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken. 81: Sat Sep 24 22:20:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Programme\ATI Technologies\ATI Control Panel\setup.exe". Action Taken: No Action Taken. 82: Sat Sep 24 22:20:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\DOKUME~1\Besitzer\LOKALE~1\Temp\yourapp.Exe". Action Taken: No Action Taken. 83: Sat Sep 24 22:20:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jasc Software Inc\Paint Shop Pro 8\Cache\". Action Taken: No Action Taken. 84: Sat Sep 24 22:20:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jasc Software Inc\Paint Shop Pro 8\". Action Taken: No Action Taken. 85: Sat Sep 24 22:20:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jasc Software Inc\". Action Taken: No Action Taken. 86: Sat Sep 24 22:20:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\My PSP8 Files\Skripts (eingeschränkt)\". Action Taken: No Action Taken. 87: Sat Sep 24 22:20:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\My PSP8 Files\". Action Taken: No Action Taken. 88: Sat Sep 24 22:20:04 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".0". Action Taken: No Action Taken. 89: Sat Sep 24 22:20:04 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".20". Action Taken: No Action Taken. 90: Sat Sep 24 22:20:04 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".74317". Action Taken: No Action Taken. 91: Sat Sep 24 22:20:04 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".A". Action Taken: No Action Taken. 92: Sat Sep 24 22:20:04 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ace". Action Taken: No Action Taken. 93: Sat Sep 24 22:20:04 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".blob". Action Taken: No Action Taken. 94: Sat Sep 24 22:20:04 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DSC". Action Taken: No Action Taken. 95: Sat Sep 24 22:20:05 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MSW". Action Taken: No Action Taken. 96: Sat Sep 24 22:20:05 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken. 97: Sat Sep 24 22:20:05 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken. 98: Sat Sep 24 22:20:05 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken. 99: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken. 100: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817611". Action Taken: No Action Taken. 101: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken. 102: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken. 103: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken. 104: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken. 105: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken. 106: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken. 107: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB834030". Action Taken: No Action Taken. 108: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken. 109: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken. 110: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB838989". Action Taken: No Action Taken. 111: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken. 112: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken. 113: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "VirusScan Online". Action Taken: No Action Taken. 114: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{01D21D16-B246-4E9A-B4B1-0E37F2AD3446}". Action Taken: No Action Taken. 115: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{89A344E4-A54B-4C5E-97BD-040B4B300816}". Action Taken: No Action Taken. 116: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600137}". Action Taken: No Action Taken. 117: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}". Action Taken: No Action Taken. 118: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600777}". Action Taken: No Action Taken. 119: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600813}". Action Taken: No Action Taken. 120: Sat Sep 24 22:20:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F08DAD55-0EB9-46FD-B083-6AC2B3B816B7}". Action Taken: No Action Taken. 121: Sat Sep 24 22:20:05 2005 => Entry "HKCR\CLSID\{0514B040-84EA-11D0-A8BF-00A0C9008A48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 122: Sat Sep 24 22:20:05 2005 => Entry "HKCR\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" refers to invalid object "C:\WINDOWS\System32\msjava.dll". Action Taken: No Action Taken. 123: Sat Sep 24 22:20:06 2005 => Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Shell\psicon.dll". Action Taken: No Action Taken. 124: Sat Sep 24 22:20:08 2005 => Entry "HKCR\CLSID\{5A63D47D-1BA2-48ff-9955-31207899BE01}" refers to invalid object "c:\programme\mcafee.com\shared\mcinfo.exe". Action Taken: No Action Taken. 125: Sat Sep 24 22:20:09 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken. 126: Sat Sep 24 22:20:09 2005 => Entry "HKCR\CLSID\{86FC1FD1-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\Colin\LOKALE~1\Temp\ZipNrun.tmp\mDxEmul.mom". Action Taken: No Action Taken. 127: Sat Sep 24 22:20:09 2005 => Entry "HKCR\CLSID\{86FC1FD3-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\Colin\LOKALE~1\Temp\ZipNrun.tmp\mDxEmul.mom". Action Taken: No Action Taken. 128: Sat Sep 24 22:20:09 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken. 129: Sat Sep 24 22:20:09 2005 => Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken. 130: Sat Sep 24 22:20:11 2005 => Entry "HKCR\CLSID\{BFFFD262-7705-11D0-B5DC-444553540000}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 131: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA5665-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 132: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA566B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 133: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA5671-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 134: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA5677-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 135: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA567D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 136: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA5683-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 137: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA5689-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 138: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA568F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 139: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA5695-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 140: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA569B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 141: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA56A1-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 142: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA56A7-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 143: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA56AD-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 144: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA56B3-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 145: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA56B9-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 146: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA56BF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 147: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA56C5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 148: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA56CB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 149: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA56D1-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 150: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA56D7-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 151: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA56DD-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 152: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA56E3-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 153: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA56E9-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 154: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA56EF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 155: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA56F5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 156: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA56FB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 157: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA5701-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 158: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA5707-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 159: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA570D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 160: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA5713-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 161: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA571F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 162: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA572B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 163: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA5731-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 164: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA5737-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 165: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA573D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 166: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA5749-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 167: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA574F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 168: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA5755-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 169: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA575B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 170: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA5767-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 171: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA5791-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 172: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA57DF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 173: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA57E5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 174: Sat Sep 24 22:20:12 2005 => Entry "HKCR\CLSID\{F3CA57EB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 175: Sat Sep 24 22:20:13 2005 => Entry "HKCR\CLSID\{FACF11A2-5095-11D3-A9DE-00C0268E5C48}" refers to invalid object "C:\DOKUME~1\Colin\LOKALE~1\Temp\ZipNrun.tmp\mDxEmul.mom". Action Taken: No Action Taken. 176: Sat Sep 24 22:20:13 2005 => Entry "HKCR\TypeLib\{86FC1FC2-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\Colin\LOKALE~1\Temp\ZipNrun.tmp\mDxEmul.mom". Action Taken: No Action Taken. 177: Sat Sep 24 22:20:13 2005 => Entry "HKCR\TypeLib\{A73B6F3D-FD35-4992-AB4B-4AD729BB20E7}" refers to invalid object "c:\programme\mcafee.com\shared\mcinfo.exe". Action Taken: No Action Taken. 178: Sat Sep 24 22:20:14 2005 => Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken. 179: Sat Sep 24 22:20:14 2005 => Entry "HKCR\TypeLib\{F3CA5660-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken. 180: Sat Sep 24 22:20:14 2005 => Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken. 181: Sat Sep 24 22:20:14 2005 => Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken. 182: Sat Sep 24 22:20:14 2005 => Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken. 183: Sat Sep 24 22:20:14 2005 => Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken. 184: Sat Sep 24 22:20:14 2005 => Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken. 185: Sat Sep 24 22:20:14 2005 => Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken. 186: Sat Sep 24 22:20:14 2005 => Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken. 187: Sat Sep 24 22:20:14 2005 => Entry "HKCR\.gst" refers to invalid object "MSMap.Datainst.8". Action Taken: No Action Taken. 188: Sat Sep 24 22:20:14 2005 => Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken. 189: Sat Sep 24 22:20:14 2005 => Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken. 190: Sat Sep 24 22:20:14 2005 => Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken. 191: Sat Sep 24 22:20:15 2005 => Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken. 192: Sat Sep 24 22:20:15 2005 => Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken. 193: Sat Sep 24 22:20:15 2005 => Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken. 194: Sat Sep 24 22:20:15 2005 => Entry "HKCR\Adobe.workflow.files\shell\open\command" refers to invalid object ""C:\Programme\Gemeinsame Dateien\Adobe\WorkFlow\AdobeWorkGroupHelper.exe "%1""". Action Taken: No Action Taken. 195: Sat Sep 24 22:20:15 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. 196: Sat Sep 24 22:20:15 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. 197: Sat Sep 24 22:20:16 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken. 198: Sat Sep 24 22:20:19 2005 => Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken. 199: Sat Sep 24 22:20:21 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. 200: Sat Sep 24 22:20:21 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. 201: Sat Sep 24 22:20:21 2005 => Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken. 202: Sat Sep 24 22:20:21 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. 203: Sat Sep 24 22:20:21 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. 204: Sat Sep 24 22:20:23 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. 205: Sat Sep 24 22:20:23 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. 206: Sat Sep 24 22:25:23 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit.zip is Not Scanned 207: Sat Sep 24 22:25:23 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit1.zip is Not Scanned 208: Sat Sep 24 22:25:23 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit2.zip is Not Scanned 209: Sat Sep 24 22:25:23 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit3.zip is Not Scanned 210: Sat Sep 24 22:25:23 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit4.zip is Not Scanned -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR00 => Trojan-Downloader.Win32.Swizzor.dg 2: C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR01 => Trojan-Downloader.Win32.Swizzor.dg 3: C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR02 => Trojan-Downloader.Win32.Swizzor.dg 4: C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR03 => Trojan-Downloader.Win32.Swizzor.dg 5: C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR04 => Trojan-Downloader.Win32.Swizzor.dg 6: C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR05 => Trojan-Downloader.Win32.Swizzor.dg 7: C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\INFECTED\vc plus team.VIR06 => Trojan-Downloader.Win32.Swizzor.dg 8: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089186.exe => Trojan-Downloader.Win32.Swizzor.de 9: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089187.exe => Trojan-Downloader.Win32.Swizzor.de 10: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089188.exe => Trojan-Downloader.Win32.Swizzor.de 11: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089190.exe => Trojan-Downloader.Win32.Swizzor.de 12: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089191.exe => Trojan-Downloader.Win32.Swizzor.de 13: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089192.exe => Trojan-Downloader.Win32.Swizzor.de 14: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089193.exe => Trojan-Downloader.Win32.Swizzor.de 15: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089194.exe => Trojan-Downloader.Win32.Swizzor.de 16: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089195.exe => Trojan-Downloader.Win32.Swizzor.de 17: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089198.exe => Trojan-Downloader.Win32.Swizzor.de 18: C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP171\A0089200.exe => Trojan-Downloader.Win32.Swizzor.do -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Sat Sep 24 23:10:37 2005 => Total Objects Scanned: 119825 Sat Sep 24 23:10:37 2005 => Total Virus(es) Found: 27 Sat Sep 24 23:10:37 2005 => Total Errors: 210 Sat Sep 24 23:10:37 2005 => Virus Database Date: 2005/08/27 Sat Sep 24 23:10:37 2005 => Virus Database Count: 145891 Sat Sep 24 23:11:46 2005 => Total Objects Scanned: 119825 Sat Sep 24 23:11:46 2005 => Total Virus(es) Found: 27 Sat Sep 24 23:11:46 2005 => Total Errors: 210 MfG -Silent- |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
hier ist mein Hijack logfile:
Logfile of HijackThis v1.99.1
Scan saved at 21:53:43, on 27.08.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\AVWUPSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\PRISMSVR.EXE
C:\Programme\Intel\Intel Application Accelerator\iaanotif.exe
C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Mouse Razer\razertra.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programme\QuickTime\qttask.exe
C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Mouse Razer\razerhid.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\Colin\Eigene Dateien\hp guard\HGuard\Guard.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\HijackThis\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jivuzghsip.biz/CFz25am1zxJ1lgrqj6HlYdwXMIkOm1T28PugjvJpbe_1uk7f0WPbZa2DaLZdOpX4.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\spybot 1.4\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQToolbar\toolbaru.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [razertra] C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Mouse Razer\razertra.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Dokumente und Einstellungen\Colin\Eigene Dateien\I-tunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:GER
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Homepage Guard] "C:\Dokumente und Einstellungen\Colin\Eigene Dateien\hp guard\HGuard\Guard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Dokumente und Einstellungen\Colin\Eigene Dateien\spybot 1.4\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Mit dem LeechGet Wizard laden - file://C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Leechget\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Mit LeechGet herunterladen - file://C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Leechget\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Mit LeechGet parsen - file://C:\Dokumente und Einstellungen\Colin\Eigene Dateien\Leechget\LeechGet 2004\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Dokumente und Einstellungen\Colin\Eigene Dateien\AntiVir\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Programme\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
MfG -silent-