Windows Security Center Popup |
||
---|---|---|
#0
| ||
05.06.2005, 20:00
Member
Beiträge: 64 |
||
|
||
05.06.2005, 20:21
Member
Beiträge: 239 |
#2
Nimm bitte von HijackThis die neue Version 1.99.1
|
|
|
||
05.06.2005, 21:25
Ehrenmitglied
Beiträge: 29434 |
#3
Hallo@daishi
Lade: rkfiles.zip http://bilder.informationsarchiv.net/Nikitas_Tools/rkfiles.zip -->entpacken--> gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml -->Doppelklick(Ausfuehren)-->rkfiles.bat--> warten bis sich das DOS-Fenster schliesst--->poste C:\log.txt Start--> Ausfuehren--> cmd--> kopiere nur die Eintraege der letzten Tage raus einzeln reinkopieren: cd\ cd %windir%\system32 dir /a:-d /o:-d > %systemdrive%\system32.txt start %systemdrive%\system32.txt cls exit cd\ cd %temp%\ dir /a:-d /o:-d > %systemdrive%\systemtemp.txt start %systemdrive%\systemtemp.txt cls exit cd\ cd %windir% dir /a:-d /o:-d > %systemdrive%\system.txt start %systemdrive%\system.txt cls exit cd\ dir /a:-d /o:-d > %systemdrive%\sys.txt start %systemdrive%\sys.txt cls exit __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.06.2005, 22:58
Member
Themenstarter Beiträge: 64 |
#4
hier der log von der neuen version:
Logfile of HijackThis v1.99.1 Scan saved at 22:57:03, on 05.06.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Programme\Winamp\Winampa.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Logitech\iTouch\iTouch.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe D:\Eigene Dateien\Download\anti spy tools\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogsoft-games.de/Forum/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe O12 - Plugin for .tga: C:\Programme\Internet Explorer\PLUGINS\npqtplugin5.dll O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM) O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programme\AutoCAD 2002 Deu\InstFred.ocx O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday-Steuerung) - file://C:\Programme\AutoCAD 2002 Deu\AcDcToday.ocx O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programme\AutoCAD 2002 Deu\InstBanr.ocx O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview-Steuerung) - file://C:\Programme\AutoCAD 2002 Deu\AcPreview.ocx O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe danke @sabina ich werd das morgen in der früh machen und meld mich dann wieder. edit: hier die daten aus allen files: log.txt: PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Files Found in system Folder............ ------------------------ C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213 C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213 Files Found in all users startup Folder............ ------------------------ Files Found in all users windows Folder............ ------------------------ C:\WINDOWS\svcproc.exe: UPX! C:\WINDOWS\unSpySweeper.exe: UPX! Finished bye system32.txt: kein file das in den letzten tagen geändertwurde systemtemp.txt: 06.06.2005 09:41 117 prof.log 06.06.2005 09:41 117 events.log 06.06.2005 09:36 699 TWAIN.LOG 06.06.2005 09:36 5 Twain001.Mtx 06.06.2005 09:36 156 Twunk001.MTX 06.06.2005 09:35 0 ACI4C01D.ac$ 06.06.2005 09:35 46.080 ~e5d141.tmp 05.06.2005 23:02 11.685 temp.frD79C 05.06.2005 09:13 16.384 ~DFFAF4.tmp 01.06.2005 12:00 65.536 ~DFFC19.tmp system.txt: 06.06.2005 09:52 0 0.log 06.06.2005 09:51 54.156 QTFont.qfn 06.06.2005 09:51 2.048 bootstat.dat 06.06.2005 09:50 32.512 SchedLgU.Txt 06.06.2005 09:42 1.065 winamp.ini 06.06.2005 09:36 354 wiadebug.log 06.06.2005 09:36 50 wiaservc.log 05.06.2005 09:21 1.409 QTFont.for 04.06.2005 23:43 0 wotmp11.tmp 04.06.2005 23:28 1 q47240140_disk.dll 04.06.2005 23:28 4.456 rdt.ini 02.06.2005 09:53 8.296 SYMEVENT.LOG sys.txt: 06.06.2005 10:16 0 sys.txt 06.06.2005 10:15 7.132 system.txt 06.06.2005 10:11 50.306 systemtemp.txt 06.06.2005 10:11 104.221 system32.txt 06.06.2005 10:06 764 log.txt 06.06.2005 10:06 65 windows.txt 06.06.2005 10:04 216 win.txt 06.06.2005 10:00 0 start.txt 06.06.2005 09:51 2.147.483.648 pagefile.sys hoffe ihr könnt was damit anfangen Dieser Beitrag wurde am 06.06.2005 um 10:16 Uhr von daishi editiert.
|
|
|
||
06.06.2005, 11:28
Ehrenmitglied
Beiträge: 29434 |
#5
Hallo@daishi
poste dennoch die letzten 15 Tage: cd\ cd %windir%\system32 dir /a:-d /o:-d > %systemdrive%\system32.txt start %systemdrive%\system32.txt cls exit •Download Registry Search Tool : http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip Doppelklick:regsrch.vbs reinkopieren: SvcProc Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) Meldung (Symantec)-- warnmeldung:bösartiges skript entdeckt --> ignorieren Object: Windows Script Host Shell Object Activity: Run C:\WINDOWS\svcproc.exe <---loeschen CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html •HOSTFILE: #öffne das HijackThis "Do a system scan only"-->Config--> Misc Tools-->Open Hosts file Manager--> delet line(s) -->/Click the "Open In Notepad" button lösche alles , lasse nur stehen: 127.0.0.1 localhost Zitat # Dies ist eine HOSTS-Beispieldatei, die von Microsoft TCP/IPDLLCompare http://downloads.subratam.org/DllCompare.exe <klick: Locate.com button. wenn der Scan beendet ist <klick:Compare button <klick: und erstelle das Log--->bitte posten arbeite das bitte ab und poste alle "infected", die du ueber die "Suche" findest. http://virus-protect.org/escan.html ---------------------------------------------------------------------------- INFO: O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.06.2005, 16:37
Member
Themenstarter Beiträge: 64 |
#6
ich hab gestern bevor ich den hijackthis log gepostet hab auch eine auswertung gemacht und alles gelöscht was zum löschen war. seit her kommen keine popups und es ist alles wieder normal. werd noch escan drüber rennen lassen.
thx für die ganze mühe edit: hab mich wohl zu früh gefreut, heut hat das ding wieder zugeschlagen :/ hab mal alles gemacht wast du geschrieben hast, hier die ergebnise: system32.txt: 26.05.2005 10:16 2.262 wpa.dbl 13.05.2005 19:50 91.856 S32EVNT1.DLL 02.05.2005 21:23 43.520 CmdLineExt03.dll Registry Search Tool log: REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "SvcProc" 07.06.2005 10:42:46 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCPROC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCPROC\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCPROC\0000] "Service"="SvcProc" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc\Enum] "0"="Root\\LEGACY_SVCPROC\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCPROC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCPROC\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCPROC\0000] "Service"="SvcProc" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SvcProc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SvcProc\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCPROC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCPROC\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCPROC\0000] "Service"="SvcProc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc\Enum] "0"="Root\\LEGACY_SVCPROC\\0000" DLLCompare log: * DLLCompare Log version() Files Found that Windows does not See or cannot Access *Not everything listed here means you are infected! ________________________________________________ C:\WINDOWS\SYSTEM32\nrad.dll Sun 28 Nov 2004 23:37:30 A.S.. 180.224 176,00 K C:\WINDOWS\SYSTEM32\oem.dll Sun 28 Nov 2004 1:03:44 A.S.. 53.248 52,00 K C:\WINDOWS\SYSTEM32\rad.dll Mon 29 Nov 2004 6:09:48 A.S.. 438.272 428,00 K C:\WINDOWS\SYSTEM32\radclkr.dll Mon 29 Nov 2004 6:09:16 A.S.. 122.880 120,00 K C:\WINDOWS\SYSTEM32\raddeu.dll Sun 28 Nov 2004 1:05:44 A.S.. 61.440 60,00 K C:\WINDOWS\SYSTEM32\radenu.dll Sun 28 Nov 2004 1:06:06 A.S.. 61.440 60,00 K C:\WINDOWS\SYSTEM32\radesp.dll Sun 28 Nov 2004 1:06:26 A.S.. 61.440 60,00 K C:\WINDOWS\SYSTEM32\radexe.dll Sun 28 Nov 2004 23:39:08 A.S.. 212.992 208,00 K C:\WINDOWS\SYSTEM32\radfra.dll Sun 28 Nov 2004 1:07:08 A.S.. 65.536 64,00 K C:\WINDOWS\SYSTEM32\radhun.dll Sun 28 Nov 2004 1:07:26 A.S.. 61.440 60,00 K C:\WINDOWS\SYSTEM32\radita.dll Sun 28 Nov 2004 1:07:44 A.S.. 65.536 64,00 K C:\WINDOWS\SYSTEM32\radmnu.dll Mon 29 Nov 2004 6:08:46 A.S.. 520.192 508,00 K C:\WINDOWS\SYSTEM32\radnlb.dll Sun 28 Nov 2004 1:08:40 A.S.. 61.440 60,00 K C:\WINDOWS\SYSTEM32\radplk.dll Sun 28 Nov 2004 1:09:00 A.S.. 65.536 64,00 K C:\WINDOWS\SYSTEM32\radregs.dll Sun 28 Nov 2004 23:40:16 A.S.. 65.536 64,00 K C:\WINDOWS\SYSTEM32\radtype.dll Sun 28 Nov 2004 23:40:56 A.S.. 163.909 160,07 K ________________________________________________ 1.247 items found: 1.247 files (16 H/S), 0 directories. Total of file sizes: 253.745.923 bytes 241,99 M Administrator Account = Wahr --------------------End log--------------------- mwav.log: Tue Jun 07 11:53:17 2005 => ***** Scanning complete. ***** Tue Jun 07 11:53:17 2005 => Total Number of Files Scanned: 75878 Tue Jun 07 11:53:17 2005 => Total Number of Virus(es) Found: 61 Tue Jun 07 11:53:17 2005 => Total Number of Disinfected Files: 0 Tue Jun 07 11:53:17 2005 => Total Number of Files Renamed: 4 Tue Jun 07 11:53:17 2005 => Total Number of Deleted Files: 32 Tue Jun 07 11:53:17 2005 => Total Number of Errors: 2 Tue Jun 07 11:53:17 2005 => Time Elapsed: 00:48:00 Tue Jun 07 11:53:17 2005 => Virus Database Date: 2005/06/07 Tue Jun 07 11:53:17 2005 => Virus Database Count: 133796 Tue Jun 07 11:53:17 2005 => Scan Completed. ich hab leider jetzt keine zeit die ganzen 61 zeilen zu suchen (gibt vielleicht eine möglichkeit das er mir nur diese zeilen anzeigt? achja ich komme nicht in den abgesichertenmodus, ich kann soviel F8 drücken was ich will, kann das an meiner USB tastatur liegen? hab das jetzt alles im normal modus gemacht, hab alles ausgeschaltet was zum ausschalten ging. trotz allem kommt diese popup immer noch und zusätzlich komme ich ab und zu wenn ich auf einen link klick auf eine seite für medikamente. Dieser Beitrag wurde am 07.06.2005 um 12:32 Uhr von daishi editiert.
|
|
|
||
08.06.2005, 14:53
Ehrenmitglied
Beiträge: 29434 |
#7
Zitat ich war wohl zu voreillig, diese popup ist wieder gekommen. ich hab alles was du geschrieben hast gemacht, aber da ich keine doppelposts machen darf hab ich's rein editiert, schau dir den thread bitte andas habe ich erwartet, dass du das noch schreibst wenn du nicht in den abgesicherten Modus kommst, aber als Administrator angemeldet bist, kannst du auch alles im Normalmodus machen: Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BolgerDll.BolgerDllObj] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BolgerDll.BolgerDllObj.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{302A3240-4805-4a34-97D7-1645A0B08410}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}] [-HKEY_CURRENT_USER\Software\Bolger] [-HKEY_CURRENT_USER\Software\aurora] [-HKEY_CURRENT_USER\Software\ceres] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCPROC] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SVCPROC] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SvcProc] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCPROC] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCPROC] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SvcProc] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{302A3240-4805-4a34-97D7-1645A0B08410}] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\ZepMon] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\ZepMon] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Print\Monitors\ZepMon] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon] [-HKEY_CLASSES_ROOT\mfiltis] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="Explorer.exe" Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken Oeffne den Editor und kopiere rein: @ECHO OFF cd\windows Nail.exe /FULLREMOVE sc config SvcProc start= disabled sc stop SvcProc sc delete SvcProc attrib -s -r -h nail.exe attrib -s -r -h svcproc.exe del nail.exe del svcproc.exe exit abspeichern als remove.bat 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. boote den PC in den abgesicherten Modus (F8 druecken, wenn der PC hochfaehrt) und klicke die remove.bat -------------------------------------------- dann mache einen Onlinescan (Panda und andere) und berichte, was geloescht+ nicht geloescht wurde) http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.06.2005, 17:35
Member
Themenstarter Beiträge: 64 |
#8
hab alles gemacht
hier die logs: nail.exe: Microsoft Windows XP [Version 5.1.2600] PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Dont delete file's in the section without guidance If any doubt back them up first * UPX! C:\WINDOWS\System32\CISVVC.EXE * UPX! C:\WINDOWS\UNSPYS~1.EXE »»»»» lagitamate file's can/will show in this section. »»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»» Checking Windir\svcproc.exe and nail.exe. »»»»» Checking for System32\DrPMon.dll. »»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 8432-BEB3 Verzeichnis von C:\WINDOWS\SYSTEM32 »»»»» Checking for SAHAgent ico files. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 8432-BEB3 Verzeichnis von C:\WINDOWS\system32 12.11.2004 03:10 20.254 ATI_CUBE.ICO 22.09.2003 01:41 318 omega_drivers.ico 2 Datei(en) 20.572 Bytes 0 Verzeichnis(se), 1.741.021.184 Bytes frei »»»»»»»»»»»»»»»»»»»»»»»». ewido: --------------------------------------------------------- ewido security suite - Scan Report --------------------------------------------------------- + Erstellt am: 17:29:09, 08.06.2005 + Report-Checksumme: 6C689B9 + Datum der Signaturen: 08.06.2005 + Version der Scanengine: v3.0 + Suchdauer: 62 min + Untersuchte Dateien: 110808 + Geschwindigkeit: 29.49 Dateien/Sekunden + Infizierte Dateien: 8 + Entfernte Dateien: 8 + Unter Quarantäne gestellte Dateien: 8 + Dateien, die nicht geöffnet werden konnten: 0 + Dateien, die nicht gesäubert werden konnten: 0 + Binder: Ja + Packer: Ja + Archive: Ja + Gescannt wurde: C:\ D:\ + Scanergebnis: C:\Dokumente und Einstellungen\Alex\Cookies\alex@atdmt[2].txt -> Spyware.Tracking-Cookie -> Gesäubert mit Backup C:\Dokumente und Einstellungen\Alex\Cookies\alex@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Gesäubert mit Backup C:\Dokumente und Einstellungen\Alex\Cookies\alex@fastclick[1].txt -> Spyware.Tracking-Cookie -> Gesäubert mit Backup C:\Dokumente und Einstellungen\Alex\Cookies\alex@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Gesäubert mit Backup C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0043056.dll -> Spyware.SBSoft.h -> Gesäubert mit Backup C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0043065.exe -> Trojan.Nail -> Gesäubert mit Backup C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0043066.exe -> Spyware.BetterInternet -> Gesäubert mit Backup D:\Eigene Dateien\Download\anti spy tools\backups\backup-20050605-092116-580.dll -> Spyware.SBSoft.h -> Gesäubert mit Backup ::Report Ende was soll ich mit nailfix machen? hab beide datein entpackt und ausgeführt, aber es geht bei beiden nur kurz eine dosbox auf und verschwindet wieder. |
|
|
||
08.06.2005, 21:25
Ehrenmitglied
Beiträge: 29434 |
#9
mache einen Onlinescan mit Panda+ berichte
http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.06.2005, 10:16
Member
Themenstarter Beiträge: 64 |
#10
hier der log:
Incident Status Location Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\AdultGambling.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Free Online Dating.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\F*** Real Girls.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Kill Annoying Popups.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Online Sex Poker Rooms.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Play Adult-Poker.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Remove Toolbars.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Spyware Uninstall.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\XXX personal photos.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\AdultGambling.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Free Online Dating.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\F*** Real Girls.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Kill Annoying Popups.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Online Sex Poker Rooms.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Play Adult-Poker.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Remove Toolbars.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Spyware Uninstall.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\XXX personal photos.url Virus:W32/Randon.E Disinfected C:\mIRC\backup\mirc.exe Adware:Adware/Fastvideoplayer No disinfected C:\WINDOWS\inf\fastvideoplayer.inf Adware:Adware/WUpd No disinfected C:\WINDOWS\LastGood\Downloaded Program Files\BridgeX.inf Adware:Adware/Fastvideoplayer No disinfected C:\WINDOWS\LastGood\INF\fastvideoplayer.inf Virus:Trj/Downloader.AEE Disinfected D:\Eigene Dateien\Download\anti spy tools\backups\backup-20041023-101554-328.inf gebracht hat das scannen aber nicht viel, nicht mal die sachen aus den favorites sind weg. |
|
|
||
09.06.2005, 10:58
Ehrenmitglied
Beiträge: 29434 |
#11
die favoriten, das musst du loeschen:
ClaerProg..lade die neuste Version <1.5.1 http://virus-protect.org/temp.html <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Verlauf - Temporäre Internetfiles (Cache) - URLs - index.dat dann loesche mit der killbox: •KillBox http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip Anleitung: (bebildert) http://virus-protect.org/killbox.html •Delete File on Reboot <--anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\LastGood\Downloaded Program Files\BridgeX.inf C:\WINDOWS\inf\fastvideoplayer.inf C:\WINDOWS\LastGood\INF\fastvideoplayer.inf D:\Eigene Dateien\Download\anti spy tools\backups\backup-20041023-101554-328.inf PC neustarten dann scanne noch mal ----------------------------------------- danach: •Ad-aware SE Personal 1.05 Updated http://virus-protect.org/antispywaretools.html Laden--> Updaten-->Konfigurieren http://virus-protect.org/adaware.html #VOR jedem Scanvorgang das Programm Updaten! waehrend des Scanvorganges müssen ALLE sonstige Anwendungen beendet werden und alle Browserfenster müssen geschlossen sein! scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann danach: #Alternativbrowser zum IE Firefox http://www.firefox-browser.de/windows.php http://www.mozilla-europe.org/de/ Installation+Konfiguration Firefox http://www.pcwelt.de/know-how/software/103924/index1.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.06.2005, 13:03
Member
Themenstarter Beiträge: 64 |
#12
hier der log:
Ad-Aware SE Build 1.05 Logfile Created ononnerstag, 09. Juni 2005 12:47:05 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R49 31.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):35 total references Tracking Cookie(TAC index:3):8 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R49 31.05.2005 Internal build : 57 File location : C:\Programme\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 481469 Bytes Total size : 1455496 Bytes Signature data size : 1423833 Bytes Reference data size : 31151 Bytes Signatures total : 40572 Fingerprints total : 902 Fingerprints size : 31096 Bytes Target categories : 15 Target families : 692 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium III Memory available:55 % Total physical memory:523764 kb Available physical memory:287804 kb Total page file size:2590928 kb Available on page file:2395876 kb Total virtual memory:2097024 kb Available virtual memory:2047492 kb OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600) Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Write-protect system files after repair (Hosts file, etc.) Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 09.06.2005 12:47:05 - Scan started. (Custom mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 400 ThreadCreationTime : 09.06.2005 10:46:12 BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 500 ThreadCreationTime : 09.06.2005 10:46:15 BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 532 ThreadCreationTime : 09.06.2005 10:46:16 BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 576 ThreadCreationTime : 09.06.2005 10:46:17 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 588 ThreadCreationTime : 09.06.2005 10:46:17 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] ModuleName : C:\WINDOWS\System32\Ati2evxx.exe Command Line : C:\WINDOWS\System32\Ati2evxx.exe ProcessID : 744 ThreadCreationTime : 09.06.2005 10:46:17 BasePriority : Normal FileVersion : 6.14.10.4110 ProductVersion : 6.14.10.4110.02 ProductName : ATI External Event Utility for WindowsNT and Windows9X CompanyName : ATI Technologies Inc. FileDescription : ATI External Event Utility EXE Module InternalName : ATI2EVXX.EXE LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc. OriginalFilename : ATI2EVXX.EXE #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 800 ThreadCreationTime : 09.06.2005 10:46:17 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 872 ThreadCreationTime : 09.06.2005 10:46:17 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 1056 ThreadCreationTime : 09.06.2005 10:46:17 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1116 ThreadCreationTime : 09.06.2005 10:46:18 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [ccsetmgr.exe] ModuleName : C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe Command Line : "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe" ProcessID : 1256 ThreadCreationTime : 09.06.2005 10:46:19 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:12 [ati2evxx.exe] ModuleName : C:\WINDOWS\system32\Ati2evxx.exe Command Line : Ati2evxx.exe -Client ProcessID : 1276 ThreadCreationTime : 09.06.2005 10:46:19 BasePriority : Normal FileVersion : 6.14.10.4110 ProductVersion : 6.14.10.4110.02 ProductName : ATI External Event Utility for WindowsNT and Windows9X CompanyName : ATI Technologies Inc. FileDescription : ATI External Event Utility EXE Module InternalName : ATI2EVXX.EXE LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc. OriginalFilename : ATI2EVXX.EXE #:13 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 1332 ThreadCreationTime : 09.06.2005 10:46:19 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:14 [ccevtmgr.exe] ModuleName : C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe Command Line : "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe" ProcessID : 1364 ThreadCreationTime : 09.06.2005 10:46:19 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:15 [qttask.exe] ModuleName : C:\Programme\QuickTime\qttask.exe Command Line : "C:\Programme\QuickTime\qttask.exe" -atboottime ProcessID : 1428 ThreadCreationTime : 09.06.2005 10:46:19 BasePriority : Normal FileVersion : 6.0.2 ProductVersion : QuickTime 6.0.2 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2002 OriginalFilename : QTTask.exe #:16 [em_exec.exe] ModuleName : C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE Command Line : "C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" ProcessID : 1456 ThreadCreationTime : 09.06.2005 10:46:19 BasePriority : Normal FileVersion : 9.70.216 ProductVersion : 9.70 ProductName : MouseWare CompanyName : Logitech Inc. FileDescription : Control Center InternalName : EM_EXEC LegalCopyright : Copyright © Logitech Inc. 1987-2002. LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc. OriginalFilename : EM_EXEC.CPP Comments : Created by the MouseWare Team #:17 [winampa.exe] ModuleName : C:\Programme\Winamp\Winampa.exe Command Line : "C:\Programme\Winamp\Winampa.exe" ProcessID : 1704 ThreadCreationTime : 09.06.2005 10:46:20 BasePriority : Normal #:18 [usrprmpt.exe] ModuleName : C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe Command Line : "C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe" ProcessID : 1736 ThreadCreationTime : 09.06.2005 10:46:20 BasePriority : Normal FileVersion : 2005.1.2.20 ProductVersion : 2005.1 ProductName : Norton Security Center CompanyName : Symantec Corporation FileDescription : Norton Security Center Helper InternalName : UsrPrmpt.dll LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation OriginalFilename : UsrPrmpt.dll #:19 [ccapp.exe] ModuleName : C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe Command Line : "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" ProcessID : 1748 ThreadCreationTime : 09.06.2005 10:46:20 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:20 [itouch.exe] ModuleName : C:\Programme\Logitech\iTouch\iTouch.exe Command Line : "C:\Programme\Logitech\iTouch\iTouch.exe" ProcessID : 1852 ThreadCreationTime : 09.06.2005 10:46:20 BasePriority : Normal FileVersion : 2.22.289 ProductVersion : 2.22.289 ProductName : iTouch CompanyName : Logitech Inc. FileDescription : iTouch Application InternalName : iTouch LegalCopyright : (C) 1998-2003 Logitech. All rights reserved. LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc. OriginalFilename : iTouch.exe Comments : Created by the iTouch team #:21 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 2028 ThreadCreationTime : 09.06.2005 10:46:21 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:22 [cdac11ba.exe] ModuleName : C:\WINDOWS\System32\drivers\CDAC11BA.EXE Command Line : C:\WINDOWS\System32\drivers\CDAC11BA.EXE ProcessID : 288 ThreadCreationTime : 09.06.2005 10:46:27 BasePriority : Normal FileVersion : 4.20.030 ProductVersion : 4.20.030 Windows NT 2002/01/29 ProductName : SafeCast Windows NT CompanyName : Macrovision FileDescription : Macrovision RTS Service InternalName : CDANTSRV LegalCopyright : Copyright (c) 1998-2003 Macrovision Corp. OriginalFilename : CDANTSRV.EXE Comments : StringFileInfo: U.S. English #:23 [cdantsrv.exe] ModuleName : C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE Command Line : C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE ProcessID : 712 ThreadCreationTime : 09.06.2005 10:46:31 BasePriority : Normal FileVersion : 3.27.000 ProductVersion : 3.27.000 Windows NT 2002/09/12 ProductName : CD-Secure/CD-Compress Windows NT CompanyName : C-Dilla Ltd FileDescription : C-Dilla RTS Service InternalName : CDANTSRV LegalCopyright : Copyright (c) Macrovision 1993-2002 OriginalFilename : CDANTSRV.EXE Comments : StringFileInfo: U.S. English #:24 [ewidoctrl.exe] ModuleName : C:\Programme\ewido\security suite\ewidoctrl.exe Command Line : "C:\Programme\ewido\security suite\ewidoctrl.exe" ProcessID : 824 ThreadCreationTime : 09.06.2005 10:46:31 BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : ewido control CompanyName : ewido networks FileDescription : ewido control InternalName : ewido control LegalCopyright : Copyright © 2004 OriginalFilename : ewidoctrl.exe #:25 [navapsvc.exe] ModuleName : C:\Programme\Norton AntiVirus\navapsvc.exe Command Line : "C:\Programme\Norton AntiVirus\navapsvc.exe" ProcessID : 892 ThreadCreationTime : 09.06.2005 10:46:31 BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:26 [savscan.exe] ModuleName : C:\Programme\Norton AntiVirus\SAVScan.exe Command Line : "C:\Programme\Norton AntiVirus\SAVScan.exe" ProcessID : 1004 ThreadCreationTime : 09.06.2005 10:46:39 BasePriority : Normal ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright (c) 2004 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:27 [ad-aware.exe] ModuleName : C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 2472 ThreadCreationTime : 09.06.2005 10:46:56 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Alex\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\ahead\nero wave editor\recent file list Description : list of recently used files in nero wave editor MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\google\navclient\1.1\history Description : list of recently used search terms in the google toolbar MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-19\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-20\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\office\10.0\clip organizer\search\last query Description : last query in microsoft clip organizer MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\office\10.0\common\general Description : list of recently used symbols in microsoft office MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\office\10.0\excel\recent files Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\nico mak computing\winzip\filemenu Description : winzip recently used archives MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : alex@doubleclick[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:alex@doubleclick.net/ Expires : 07.06.2005 13:11:28 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : alex@atdmt[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:alex@atdmt.com/ Expires : 08.06.2010 02:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : alex@spylog[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:alex@spylog.com/ Expires : 06.12.2005 10:25:32 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : alex@as1.falkag[2].txt Category : Data Miner Comment : Hits:4 Value : Cookie:alex@as1.falkag.de/ Expires : 09.07.2005 10:27:14 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : alex@z1.adserver[1].txt Category : Data Miner Comment : Hits:2 Value : Cookie:alex@z1.adserver.com/ Expires : 07.06.2006 13:13:16 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : alex@fastclick[1].txt Category : Data Miner Comment : Hits:2 Value : Cookie:alex@fastclick.net/ Expires : 09.06.2005 13:13:18 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : alex@2o7[1].txt Category : Data Miner Comment : Hits:16 Value : Cookie:alex@2o7.net/ Expires : 07.06.2010 21:32:28 LastSync : Hits:16 UseCount : 0 Hits : 16 Tracking Cookie Object Recognized! Type : IECache Entry Data : alex@adtech[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:alex@adtech.de/ Expires : 05.06.2015 12:56:36 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 8 Objects found so far: 43 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 43 Deep scanning and examining files (D »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 43 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 43 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 43 12:59:53 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:12:47.609 Objects scanned:144613 Objects identified:8 Objects ignored:0 New critical objects:8 ich hoffe damit hab ich das endlich von meinen rechner edit: ist noch immer drauf, das ding ist echt hartnäckig Dieser Beitrag wurde am 09.06.2005 um 15:37 Uhr von daishi editiert.
|
|
|
||
09.06.2005, 15:49
Ehrenmitglied
Beiträge: 29434 |
#13
Hallo@daishi
manuell loeschen: C:\Dokumente und Einstellungen\Alex\Favoriten\AdultGambling.url C:\Dokumente und Einstellungen\Alex\Favoriten\Free Online Dating.url C:\Dokumente und Einstellungen\Alex\Favoriten\F*** Real Girls.url anderes Benutzerkonto: C:\Dokumente und Einstellungen\All Users\Favoriten\AdultGambling.url usw..... Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Kill Annoying Popups.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Online Sex Poker Rooms.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Play Adult-Poker.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Remove Toolbars.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Spyware Uninstall.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\XXX personal photos.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\AdultGambling.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Free Online Dating.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\F*** Real Girls.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Kill Annoying Popups.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Online Sex Poker Rooms.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Play Adult-Poker.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Remove Toolbars.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Spyware Uninstall.url Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\XXX personal photos.url arbeite das bitte ab und poste alles : http://virus-protect.org/escan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.06.2005, 12:10
Member
Themenstarter Beiträge: 64 |
#14
hier der log, ganz schön viel, sag mir bitte was ich davon löschen soll:
-------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Fri Jun 10 11:19:43 2005 => System found infected with DyFuCA Spyware/Adware ({AA4939C3-DECA-4A48-A454-97CD587C0EF5})! Action taken: No Action Taken. 2: Fri Jun 10 11:19:43 2005 => System found infected with SideFind Spyware/Adware ({8cba1b49-8144-4721-a7b1-64c578c9eed7})! Action taken: No Action Taken. 3: Fri Jun 10 11:19:43 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken. 4: Fri Jun 10 11:37:14 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0041045.exe infected by "Trojan-Dropper.Win32.Small.zx" Virus! Action Taken: No Action Taken. 5: Fri Jun 10 11:37:14 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0043057.dll infected by "Trojan.Win32.StartPage.xb" Virus! Action Taken: No Action Taken. 6: Fri Jun 10 11:37:14 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0043068.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 7: Fri Jun 10 11:37:14 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0043070.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken. 8: Fri Jun 10 11:37:19 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0043299.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 9: Fri Jun 10 11:37:20 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0043316.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 10: Fri Jun 10 11:37:20 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0043318.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken. 11: Fri Jun 10 11:37:20 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044316.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 12: Fri Jun 10 11:37:20 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044329.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 13: Fri Jun 10 11:37:20 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044337.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 14: Fri Jun 10 11:37:21 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044374.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 15: Fri Jun 10 11:37:21 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044393.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 16: Fri Jun 10 11:37:21 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044395.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken. 17: Fri Jun 10 11:37:22 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044407.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 18: Fri Jun 10 11:37:22 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044409.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken. 19: Fri Jun 10 11:37:25 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044511.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 20: Fri Jun 10 11:37:25 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044524.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 21: Fri Jun 10 11:37:26 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044526.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken. 22: Fri Jun 10 11:37:26 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044540.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 23: Fri Jun 10 11:37:26 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044548.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 24: Fri Jun 10 11:37:26 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044552.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken. 25: Fri Jun 10 11:37:26 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044562.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 26: Fri Jun 10 11:37:27 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP281\A0044577.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 27: Fri Jun 10 11:37:28 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP281\A0044584.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken. 28: Fri Jun 10 11:37:28 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP281\A0044590.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 29: Fri Jun 10 11:37:28 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP281\A0044592.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken. 30: Fri Jun 10 11:37:30 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP283\A0044620.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 31: Fri Jun 10 11:37:31 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP283\A0044657.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 32: Fri Jun 10 11:37:37 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP283\A0044922.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 33: Fri Jun 10 11:37:37 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP283\A0044929.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken. 34: Fri Jun 10 11:37:38 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP284\A0044946.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken. 35: Fri Jun 10 11:37:38 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP284\A0044948.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken. 36: Fri Jun 10 11:50:14 2005 => File D:\Eigene Dateien\Download\anti spy tools\backups\backup-20050605-092116-581.dll infected by "Trojan.Win32.StartPage.xb" Virus! Action Taken: No Action Taken. 37: Fri Jun 10 11:54:52 2005 => Scanning File D:\Games\Edge of Chaos - Indepedence War 2\streams\audio\speech\a3_master_dialogue_infected_female_begging.wav [**] 38: Fri Jun 10 11:54:52 2005 => Scanning File D:\Games\Edge of Chaos - Indepedence War 2\streams\audio\speech\a3_master_dialogue_infected_female_scream.wav [**] 39: Fri Jun 10 11:54:52 2005 => Scanning File D:\Games\Edge of Chaos - Indepedence War 2\streams\audio\speech\a3_master_dialogue_infected_male_no_you_bastards.wav [**] 40: Fri Jun 10 11:54:52 2005 => Scanning File D:\Games\Edge of Chaos - Indepedence War 2\streams\audio\speech\a3_master_dialogue_infected_male_scream.wav [**] -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Fri Jun 10 11:18:51 2005 => File C:\Dokumente und Einstellungen\Alex\Desktop\Neuer Ordner\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 2: Fri Jun 10 11:22:46 2005 => File C:\DOKUME~1\Alex\LOKALE~1\TEMPOR~1\Content.IE5\G5W5M70L\Nailfix[1].zip tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 3: Fri Jun 10 11:23:22 2005 => File C:\ACCLAIM\BUBBLE\TEST.COM tagged as not-a-virus:Effect.DOS.TheDraw. No Action Taken. 4: Fri Jun 10 11:24:59 2005 => File C:\bubble\TEST.COM tagged as not-a-virus:Effect.DOS.TheDraw. No Action Taken. 5: Fri Jun 10 11:25:31 2005 => File C:\Dokumente und Einstellungen\Alex\Desktop\Neuer Ordner\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 6: Fri Jun 10 11:25:41 2005 => File C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Temporary Internet Files\Content.IE5\G5W5M70L\Nailfix[1].zip tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 7: Fri Jun 10 11:26:38 2005 => File C:\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken. 8: Fri Jun 10 11:37:14 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0043064.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken. 9: Fri Jun 10 11:37:14 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0043069.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken. 10: Fri Jun 10 11:37:20 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0043317.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken. 11: Fri Jun 10 11:37:21 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044394.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken. 12: Fri Jun 10 11:37:22 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044408.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken. 13: Fri Jun 10 11:37:26 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044525.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken. 14: Fri Jun 10 11:37:26 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044551.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken. 15: Fri Jun 10 11:37:27 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP281\A0044583.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken. 16: Fri Jun 10 11:37:28 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP281\A0044591.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken. 17: Fri Jun 10 11:37:28 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP281\A0044594.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.02. No Action Taken. 18: Fri Jun 10 11:37:37 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP283\A0044928.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken. 19: Fri Jun 10 11:37:38 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP284\A0044947.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken. 20: Fri Jun 10 11:50:11 2005 => File D:\Eigene Dateien\Download\aida\aida32ne_388.zip tagged as not-a-virus:Tool.Win32.AIDA.3862. No Action Taken. 21: Fri Jun 10 11:50:13 2005 => File D:\Eigene Dateien\Download\aida\Neuer Ordner\aida32.bin tagged as not-a-virus:Tool.Win32.AIDA.3862. No Action Taken. 22: Fri Jun 10 11:50:13 2005 => File D:\Eigene Dateien\Download\aida\Neuer Ordner\aida32.exe tagged as not-a-virus:Tool.Win32.AIDA.3862. No Action Taken. 23: Fri Jun 10 11:50:19 2005 => File D:\Eigene Dateien\Download\anti spy tools\Nailfix.zip tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 24: Fri Jun 10 11:50:38 2005 => File D:\Eigene Dateien\Download\mirc\mirc614.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken. 25: Fri Jun 10 12:00:24 2005 => File D:\texturen\Neuer Ordner\Utility\AT&T\Vnc\Win32\vncviewer\vncviewer.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.333. No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Fri Jun 10 11:19:34 2005 => ERROR!!! Invalid Entry \??\F:\INSTALL\GMSIPCI.SYS in SYSTEM\CurrentControlSet\Services\GMSIPCI... 2: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\avsniff.dll". Action Taken: No Action Taken. 3: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\axload.dll". Action Taken: No Action Taken. 4: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\BridgeX.dll". Action Taken: No Action Taken. 5: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ghdlctl.dll". Action Taken: No Action Taken. 6: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll". Action Taken: No Action Taken. 7: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstBanr.ocx". Action Taken: No Action Taken. 8: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstFred.ocx". Action Taken: No Action Taken. 9: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ISTactivex.dll". Action Taken: No Action Taken. 10: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken. 11: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\PrevAdX.dll". Action Taken: No Action Taken. 12: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\qp2.dll". Action Taken: No Action Taken. 13: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\retro64_loader.dll". Action Taken: No Action Taken. 14: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: No Action Taken. 15: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SimCityX.ocx". Action Taken: No Action Taken. 16: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SysVerChk.ocx". Action Taken: No Action Taken. 17: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinadX.dll". Action Taken: No Action Taken. 18: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinTaskAdX.dll". Action Taken: No Action Taken. 19: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ysbactivex.dll". Action Taken: No Action Taken. 20: Fri Jun 10 11:20:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\Alex\LOKALE~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken. 21: Fri Jun 10 11:20:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\UniDist.ocx". Action Taken: No Action Taken. 22: Fri Jun 10 11:20:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll". Action Taken: No Action Taken. 23: Fri Jun 10 11:20:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstBanr.ocx". Action Taken: No Action Taken. 24: Fri Jun 10 11:20:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SysVerChk.ocx". Action Taken: No Action Taken. 25: Fri Jun 10 11:20:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstFred.ocx". Action Taken: No Action Taken. 26: Fri Jun 10 11:20:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\pxwma.dll". Action Taken: No Action Taken. 27: Fri Jun 10 11:20:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\operation walker\Operation_Walker\ODE_DLL.dll". Action Taken: No Action Taken. 28: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\qp2.dll". Action Taken: No Action Taken. 29: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\MARXDEV3.SYS". Action Taken: No Action Taken. 30: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\MARXDEV2.SYS". Action Taken: No Action Taken. 31: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\MARXDEV1.SYS". Action Taken: No Action Taken. 32: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\TDLPT.SYS". Action Taken: No Action Taken. 33: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\ASPI32.NT". Action Taken: No Action Taken. 34: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\WINASPI.NT". Action Taken: No Action Taken. 35: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\WNASPI32.NT". Action Taken: No Action Taken. 36: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\WOWPOST.NT". Action Taken: No Action Taken. 37: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\mmrtkrnl.sys". Action Taken: No Action Taken. 38: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\mmrtkrnl.inf". Action Taken: No Action Taken. 39: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\CBUSB.inf". Action Taken: No Action Taken. 40: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\CBUSB.sys". Action Taken: No Action Taken. 41: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\TDXMW32.DLL". Action Taken: No Action Taken. 42: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\ijl10.dll". Action Taken: No Action Taken. 43: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\retro64_loader.dll". Action Taken: No Action Taken. 44: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\32sy32SPsy.exe". Action Taken: No Action Taken. 45: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\BridgeX.dll". Action Taken: No Action Taken. 46: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken. 47: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\avsniff.dll". Action Taken: No Action Taken. 48: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: No Action Taken. 49: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinadX.dll". Action Taken: No Action Taken. 50: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ISTactivex.dll". Action Taken: No Action Taken. 51: Fri Jun 10 11:20:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ghdlctl.dll". Action Taken: No Action Taken. 52: Fri Jun 10 11:20:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinTaskAdX.dll". Action Taken: No Action Taken. 53: Fri Jun 10 11:20:31 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\axload.dll". Action Taken: No Action Taken. 54: Fri Jun 10 11:20:31 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\PrevAdX.dll". Action Taken: No Action Taken. 55: Fri Jun 10 11:20:31 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ysbactivex.dll". Action Taken: No Action Taken. 56: Fri Jun 10 11:20:31 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SimCityX.ocx". Action Taken: No Action Taken. 57: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{0FD95BFE-8321-11D2-B10D-00805F88185D}" refers to invalid object "C:\Programme\AutoCAD 2002 Deu\express\axrtext.dll". Action Taken: No Action Taken. 58: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{117A2298-A910-41E9-B6A6-5D31B8F609EB}" refers to invalid object "AcMPolygonCOM.dll". Action Taken: No Action Taken. 59: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{1F831FA3-42FC-11D4-95A6-0080AD30DCE1}" refers to invalid object "C:\WINDOWS\DOWNLO~1\InstFred.ocx". Action Taken: No Action Taken. 60: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2413D4E4-DDBA-11D3-8CC5-0010830243CE}" refers to invalid object "acstlay.dll". Action Taken: No Action Taken. 61: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D483-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 62: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D485-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 63: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D488-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 64: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D48B-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 65: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D48D-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 66: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D48F-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 67: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D491-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 68: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D493-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 69: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D497-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 70: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D499-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 71: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D49B-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 72: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D49D-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 73: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D49F-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 74: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4A1-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 75: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4A3-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 76: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4A5-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 77: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4A7-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 78: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4A9-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 79: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4AB-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 80: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4AD-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 81: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4AF-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 82: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4B1-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 83: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4B3-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 84: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4B5-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 85: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4B7-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 86: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4B9-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 87: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4BB-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 88: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4BD-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 89: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4BF-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 90: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4C1-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 91: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4C4-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 92: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4C6-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 93: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4C8-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 94: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4CA-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 95: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4CC-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 96: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4CE-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 97: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4D0-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 98: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4D2-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 99: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4D4-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 100: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4D6-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 101: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4DA-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 102: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4DC-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 103: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4DE-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 104: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4E1-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 105: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4E3-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 106: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4E5-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 107: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4E7-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 108: Fri Jun 10 11:20:33 2005 => Entry "HKCR\CLSID\{2D29F8DF-372D-4027-B638-8938F1587691}" refers to invalid object "AcMPolygonCOM.dll". Action Taken: No Action Taken. 109: Fri Jun 10 11:20:33 2005 => Entry "HKCR\CLSID\{307A6C42-0000-0010-8000-00AA00389B71}" refers to invalid object "d:\games\warcraft iii\blizzard.ax". Action Taken: No Action Taken. 110: Fri Jun 10 11:20:33 2005 => Entry "HKCR\CLSID\{3BA25F7F-AF5B-11D4-9690-0010B547D1F7}" refers to invalid object "AcInetUI.dll". Action Taken: No Action Taken. 111: Fri Jun 10 11:20:33 2005 => Entry "HKCR\CLSID\{40B4DD9D-83C1-11D2-B340-0060B0B3B2E6}" refers to invalid object "C:\Programme\AutoCAD 2002 Deu\express\axctextapp.dll". Action Taken: No Action Taken. 112: Fri Jun 10 11:20:33 2005 => Entry "HKCR\CLSID\{41600CBD-0A19-11D2-B54A-080009D023F9}" refers to invalid object "C:\Programme\AutoCAD 2002 Deu\shapes.arx". Action Taken: No Action Taken. 113: Fri Jun 10 11:20:33 2005 => Entry "HKCR\CLSID\{45905B7E-E3EF-11D3-8CCA-0010830243CE}" refers to invalid object "AcStMgr.dll". Action Taken: No Action Taken. 114: Fri Jun 10 11:20:33 2005 => Entry "HKCR\CLSID\{4BBDAF3B-923B-11D3-A38C-0040052AA8EA}" refers to invalid object "AcedInetActiveX.ocx". Action Taken: No Action Taken. 115: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{5AAAB218-46F5-11d4-8CEC-0010830243CE}" refers to invalid object "acstdstyle.dll". Action Taken: No Action Taken. 116: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{5B57EEA1-CA9A-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 117: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{5B57EEA3-CA9A-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 118: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{6465547D-10B8-11d4-96BA-0060B0FB3211}" refers to invalid object "acstltype.dll". Action Taken: No Action Taken. 119: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{64EEB33B-1704-11D0-BDB6-00AA00575603}" refers to invalid object "shelllnk.dll". Action Taken: No Action Taken. 120: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{6BFE6808-9534-0A92-8520-115578A02F4F}" refers to invalid object "C:\WINDOWS\System32\glih.dll". Action Taken: No Action Taken. 121: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{6D4C7DF1-704F-11D2-B6D2-0060B087E235}" refers to invalid object "AXDB15.DLL". Action Taken: No Action Taken. 122: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{781877D3-B9B1-11D1-A551-00805F0255A9}" refers to invalid object "CAO15.DLL". Action Taken: No Action Taken. 123: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{79FB6771-A201-11D3-AAA0-00108302FDB2}" refers to invalid object "LiveUpdate.dll". Action Taken: No Action Taken. 124: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{7BA4BB1A-E71C-478C-A555-1DD90C28DF20}" refers to invalid object "C:\WINDOWS\System32\igacgn.dll". Action Taken: No Action Taken. 125: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{848B6E69-B50B-11D4-A415-00108302FDFD}" refers to invalid object "C:\WINDOWS\DOWNLO~1\InstBanr.ocx". Action Taken: No Action Taken. 126: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{8ACF1DD3-FBCA-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 127: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{91C0BD29-9C35-11d3-AFCB-0060B0EF3BFF}" refers to invalid object "AdFTP.dll". Action Taken: No Action Taken. 128: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{9D431028-EECA-11D3-8CD0-0010830243CE}" refers to invalid object "AcStMgr.dll". Action Taken: No Action Taken. 129: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A1617E95-FB21-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 130: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A1617E97-FB21-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 131: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A1617E99-FB21-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 132: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A1617E9B-FB21-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 133: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A4D59239-F4D6-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 134: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A4D5923B-F4D6-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 135: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A4D5923D-F4D6-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 136: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A4D5923F-F4D6-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 137: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A4D59241-F4D6-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 138: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A4D59243-F4D6-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 139: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A4D59245-F4D6-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 140: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A4D59247-F4D6-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 141: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A6F7919E-D29C-11D3-8D11-00108302FDA5}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 142: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{AE563724-B4F5-11D4-A415-00108302FDFD}" refers to invalid object "C:\WINDOWS\DOWNLO~1\InstBanr.ocx". Action Taken: No Action Taken. 143: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B2547D90-056E-11d2-B651-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 144: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B2547D91-056E-11d2-B651-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 145: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B2547D93-056E-11d2-B651-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 146: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B2547D95-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 147: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B2BE75F3-9197-11CF-ABF4-08000996E931}" refers to invalid object "C:\WINDOWS\OCCACHE\whip.ocx". Action Taken: No Action Taken. 148: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B2BE75F4-9197-11CF-ABF4-08000996E931}" refers to invalid object "C:\WINDOWS\OCCACHE\whip.ocx". Action Taken: No Action Taken. 149: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B49978B7-F971-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 150: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B49978B9-F971-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 151: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B5DD9A64-5C4B-4a48-BE56-97C1A8F85708}" refers to invalid object "C:\WINDOWS\System32\fastvideoplayer.dll". Action Taken: No Action Taken. 152: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B8B1B2F1-1DE7-11d2-B66E-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 153: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B8B1B2F2-1DE7-11d2-B66E-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 154: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{C16F618E-0B1A-426B-9216-1F588AE91F60}" refers to invalid object "C:\Programme\Ahead\nero\APHandler.dll". Action Taken: No Action Taken. 155: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{C6637287-300D-11D4-AE0A-0010830243BD}" refers to invalid object "C:\WINDOWS\DOWNLO~1\InstFred.ocx". Action Taken: No Action Taken. 156: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{C6A0FF24-2814-11d2-B678-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 157: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{C6A0FF25-2814-11d2-B678-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 158: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{C9CFC0FE-DACF-11D1-A2C2-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken. 159: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{D5D12325-4785-11d4-8CEC-0010830243CE}" refers to invalid object "acsttstyle.dll". Action Taken: No Action Taken. 160: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{E243D2F3-DDA8-11D3-8CC5-0010830243CE}" refers to invalid object "AcStMgr.dll". Action Taken: No Action Taken. 161: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{E9446813-96E7-11D3-B208-0060B0872C1E}" refers to invalid object "AcETransmit.dll". Action Taken: No Action Taken. 162: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{E9446817-96E7-11D3-B208-0060B0872C1E}" refers to invalid object "AcETransmit.dll". Action Taken: No Action Taken. 163: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{E9446819-96E7-11D3-B208-0060B0872C1E}" refers to invalid object "AcETransmit.dll". Action Taken: No Action Taken. 164: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{E944681D-96E7-11D3-B208-0060B0872C1E}" refers to invalid object "AcETransmit.dll". Action Taken: No Action Taken. 165: Fri Jun 10 11:20:37 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. 166: Fri Jun 10 11:20:37 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. 167: Fri Jun 10 11:20:38 2005 => Entry "HKCR\ISTx.Installer" refers to invalid object "{7C559105-9ECF-42b8-B3F7-832E75EDD959}". Action Taken: No Action Taken. 168: Fri Jun 10 11:20:38 2005 => Entry "HKCR\Microsoft.RA.1" refers to invalid object "{006E1ED3-8012-4410-E311-3B8AE46BE117}". Action Taken: No Action Taken. 169: Fri Jun 10 11:20:39 2005 => Entry "HKCR\PrevAdX.Installer" refers to invalid object "{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}". Action Taken: No Action Taken. 170: Fri Jun 10 11:20:39 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken. 171: Fri Jun 10 11:20:40 2005 => Entry "HKCR\YSBactivex.Installer" refers to invalid object "{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}". Action Taken: No Action Taken. 172: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Adbureau.zip is Not Scanned 173: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Adbureau1.zip is Not Scanned 174: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Adbureau2.zip is Not Scanned 175: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Adbureau3.zip is Not Scanned 176: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Adbureau4.zip is Not Scanned 177: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Adbureau5.zip is Not Scanned 178: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom.zip is Not Scanned 179: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom1.zip is Not Scanned 180: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom10.zip is Not Scanned 181: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom11.zip is Not Scanned 182: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom12.zip is Not Scanned 183: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom13.zip is Not Scanned 184: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom14.zip is Not Scanned 185: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom15.zip is Not Scanned 186: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom16.zip is Not Scanned 187: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom17.zip is Not Scanned 188: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom18.zip is Not Scanned 189: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom19.zip is Not Scanned 190: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom2.zip is Not Scanned 191: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom20.zip is Not Scanned 192: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom21.zip is Not Scanned 193: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom22.zip is Not Scanned 194: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom23.zip is Not Scanned 195: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom24.zip is Not Scanned 196: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom25.zip is Not Scanned 197: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom26.zip is Not Scanned 198: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom3.zip is Not Scanned 199: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom4.zip is Not Scanned 200: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom5.zip is Not Scanned 201: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom6.zip is Not Scanned 202: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom7.zip is Not Scanned 203: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom8.zip is Not Scanned 204: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom9.zip is Not Scanned 205: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Adviva.zip is Not Scanned 206: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Adviva1.zip is Not Scanned 207: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip is Not Scanned 208: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc.zip is Not Scanned 209: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc1.zip is Not Scanned 210: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc10.zip is Not Scanned 211: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc11.zip is Not Scanned 212: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc2.zip is Not Scanned 213: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc3.zip is Not Scanned 214: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc4.zip is Not Scanned 215: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc5.zip is Not Scanned 216: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc6.zip is Not Scanned 217: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc7.zip is Not Scanned 218: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc8.zip is Not Scanned 219: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc9.zip is Not Scanned 220: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite.zip is Not Scanned 221: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite1.zip is Not Scanned 222: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite10.zip is Not Scanned 223: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite11.zip is Not Scanned 224: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite12.zip is Not Scanned 225: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite13.zip is Not Scanned 226: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite14.zip is Not Scanned 227: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite15.zip is Not Scanned 228: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite16.zip is Not Scanned 229: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite17.zip is Not Scanned 230: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite18.zip is Not Scanned 231: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite19.zip is Not Scanned 232: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite2.zip is Not Scanned 233: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite20.zip is Not Scanned 234: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite21.zip is Not Scanned 235: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite22.zip is Not Scanned 236: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite23.zip is Not Scanned 237: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite24.zip is Not Scanned 238: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite25.zip is Not Scanned 239: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite26.zip is Not Scanned 240: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite27.zip is Not Scanned 241: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite28.zip is Not Scanned 242: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite29.zip is Not Scanned 243: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite3.zip is Not Scanned 244: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite30.zip is Not Scanned 245: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite31.zip is Not Scanned 246: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite32.zip is Not Scanned 247: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite33.zip is Not Scanned 248: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite34.zip is Not Scanned 249: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite35.zip is Not Scanned 250: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite36.zip is Not Scanned 251: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite37.zip is Not Scanned 252: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite38.zip is Not Scanned 253: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite39.zip is Not Scanned 254: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite4.zip is Not Scanned 255: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite40.zip is Not Scanned 256: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite41.zip is Not Scanned 257: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite42.zip is Not Scanned 258: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite43.zip is Not Scanned 259: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite44.zip is Not Scanned 260: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite45.zip is Not Scanned 261: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite46.zip is Not Scanned 262: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite47.zip is Not Scanned 263: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite48.zip is Not Scanned 264: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite49.zip is Not Scanned 265: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite5.zip is Not Scanned 266: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite50.zip is Not Scanned 267: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite51.zip is Not Scanned 268: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite52.zip is Not Scanned 269: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite53.zip is Not Scanned 270: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite54.zip is Not Scanned 271: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite55.zip is Not Scanned 272: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite56.zip is Not Scanned 273: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite57.zip is Not Scanned 274: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite6.zip is Not Scanned 275: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite7.zip is Not Scanned 276: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite8.zip is Not Scanned 277: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite9.zip is Not Scanned 278: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BFast.zip is Not Scanned 279: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BFast1.zip is Not Scanned 280: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BFast2.zip is Not Scanned 281: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BFast3.zip is Not Scanned 282: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BFast4.zip is Not Scanned 283: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BFast5.zip is Not Scanned 284: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BFast6.zip is Not Scanned 285: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BlazeFindSearchEnhancerISTbar.zip is Not Scanned 286: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BlazeFindSearchEnhancerISTbar1.zip is Not Scanned 287: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BlazeFindSearchEnhancerISTbar2.zip is Not Scanned 288: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BlazeFindSearchEnhancerISTbar3.zip is Not Scanned 289: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BlazeFindSearchEnhancerISTbar4.zip is Not Scanned 290: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CommissionJunction.zip is Not Scanned 291: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CommissionJunction1.zip is Not Scanned 292: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CommissionJunction10.zip is Not Scanned 293: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CommissionJunction11.zip is Not Scanned 294: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! |
|
|
||
10.06.2005, 12:22
Ehrenmitglied
Beiträge: 29434 |
#15
Hallo@
1.) Deaktivieren Wiederherstellung--> dann wieder aktivieren «XP Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. 2.)CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html 3.)gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken so muss geloescht werden: C:\DOKUME~1\Alex\LOKALE~1\TEMPOR~1\Content.IE5\G5W5M70L\Nailfix[1].zip 4.) loesche mit der Killbox: C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx C:\WINDOWS\Downloaded Program Files\retro64_loader.dll C:\WINDOWS\Downloaded Program Files\BridgeX.dll C:\WINDOWS\Downloaded Program Files\WinadX.dll C:\WINDOWS\Downloaded Program Files\ISTactivex.dll C:\WINDOWS\Downloaded Program Files\ghdlctl.dll C:\WINDOWS\Downloaded Program Files\WinTaskAdX.dll C:\WINDOWS\Downloaded Program Files\axload.dll C:\WINDOWS\Downloaded Program Files\PrevAdX.dll C:\WINDOWS\Downloaded Program Files\ysbactivex.dll 5.)TuneUp2004 (30 Tage free) http://virus-protect.org/reinigungstoolsregistry.html Cleanup repair -->TuneUp Diskcleaner Cleanup repair -->Registry Cleaner #RegCleaner (Tip: Lade RegCleaner, stelle das Tool in Deutsch ein und saeubere ueber <Tools<Registry saeubern<alles durchfuehren < den PC (du kannst alles angezeigte Loeschen, denn es verbleibt eine Sicherung) http://virus-protect.org/reinigungstoolsregistry.html dann scanne bitte noch mal mit escan+ berichte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
seit gestern abend erscheind bei mir alle paar min (10-15) ein popup mit folgender fehlermeldung:
"WARNING: Windows Firewall detected suspicious network activity on your computer. Malicious software codes try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passwords.
Do you want to lern how to protect your computer?"
wenn man dann auf yes klick kommt man auf eine angebliche antispyware site.
ich hoffe ihr könnt mir helfe, das ding ist echt störend denn wenn man zb. ein spiel rennen hat, macht es das einfach zu :/
hier mein log file:
Logfile of HijackThis v1.99.0 (BETA)
Scan saved at 19:48:32, on 05.06.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\Winamp\Winampa.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Norton AntiVirus\OPScan.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\ICQ\ICQ.exe
D:\Eigene Dateien\Download\anti spy tools\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogsoft-games.de/Forum/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O1 - Hosts: 69.64.35.177 auto.search.msn.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O12 - Plugin for .tga: C:\Programme\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programme\AutoCAD 2002 Deu\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday-Steuerung) - file://C:\Programme\AutoCAD 2002 Deu\AcDcToday.ocx
O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programme\AutoCAD 2002 Deu\InstBanr.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview-Steuerung) - file://C:\Programme\AutoCAD 2002 Deu\AcPreview.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
den eintrag: O1 - Hosts: 69.64.35.177 auto.search.msn.com hab ich schon ein paar mal gelöscht der kommt aber immer wieder.
edit: jetzt ist grad eben ein anders popup aufgegangen mit einer werbung für ein online casino, das war aber jetzt das erste mal.