Windows Security Center Popup

#1 hi,

seit gestern abend erscheind bei mir alle paar min (10-15) ein popup mit folgender fehlermeldung:

"WARNING: Windows Firewall detected suspicious network activity on your computer. Malicious software codes try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passwords.

Do you want to lern how to protect your computer?"

wenn man dann auf yes klick kommt man auf eine angebliche antispyware site.

ich hoffe ihr könnt mir helfe, das ding ist echt störend denn wenn man zb. ein spiel rennen hat, macht es das einfach zu :/

hier mein log file:

Logfile of HijackThis v1.99.0 (BETA)
Scan saved at 19:48:32, on 05.06.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\Winamp\Winampa.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Norton AntiVirus\OPScan.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\ICQ\ICQ.exe
D:\Eigene Dateien\Download\anti spy tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogsoft-games.de/Forum/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O1 - Hosts: 69.64.35.177 auto.search.msn.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O12 - Plugin for .tga: C:\Programme\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programme\AutoCAD 2002 Deu\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday-Steuerung) - file://C:\Programme\AutoCAD 2002 Deu\AcDcToday.ocx
O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programme\AutoCAD 2002 Deu\InstBanr.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview-Steuerung) - file://C:\Programme\AutoCAD 2002 Deu\AcPreview.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

den eintrag: O1 - Hosts: 69.64.35.177 auto.search.msn.com hab ich schon ein paar mal gelöscht der kommt aber immer wieder.

edit: jetzt ist grad eben ein anders popup aufgegangen mit einer werbung für ein online casino, das war aber jetzt das erste mal.

#2 Nimm bitte von HijackThis die neue Version 1.99.1

#3 Hallo@daishi

Lade: rkfiles.zip
http://bilder.informationsarchiv.net/Nikitas_Tools/rkfiles.zip
-->entpacken-->
gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/virus/savemode.shtml
-->Doppelklick(Ausfuehren)-->rkfiles.bat--> warten bis sich
das DOS-Fenster schliesst--->poste C:\log.txt

Start--> Ausfuehren--> cmd--> kopiere nur die Eintraege der letzten Tage raus

einzeln reinkopieren:

cd\
cd %windir%\system32
dir /a:-d /o:-d > %systemdrive%\system32.txt
start %systemdrive%\system32.txt
cls
exit

cd\
cd %temp%\
dir /a:-d /o:-d > %systemdrive%\systemtemp.txt
start %systemdrive%\systemtemp.txt
cls
exit

cd\
cd %windir%
dir /a:-d /o:-d > %systemdrive%\system.txt
start %systemdrive%\system.txt
cls
exit

cd\
dir /a:-d /o:-d > %systemdrive%\sys.txt
start %systemdrive%\sys.txt
cls
exit
__________
MfG Sabina

rund um die PC-Sicherheit

#4 hier der log von der neuen version:
Logfile of HijackThis v1.99.1
Scan saved at 22:57:03, on 05.06.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\Winamp\Winampa.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
D:\Eigene Dateien\Download\anti spy tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogsoft-games.de/Forum/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O12 - Plugin for .tga: C:\Programme\Internet Explorer\PLUGINS\npqtplugin5.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programme\AutoCAD 2002 Deu\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday-Steuerung) - file://C:\Programme\AutoCAD 2002 Deu\AcDcToday.ocx
O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programme\AutoCAD 2002 Deu\InstBanr.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview-Steuerung) - file://C:\Programme\AutoCAD 2002 Deu\AcPreview.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

danke @sabina ich werd das morgen in der früh machen und meld mich dann wieder.

edit: hier die daten aus allen files:

log.txt:
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\svcproc.exe: UPX!
C:\WINDOWS\unSpySweeper.exe: UPX!
Finished
bye

system32.txt:
kein file das in den letzten tagen geändertwurde

systemtemp.txt:
06.06.2005 09:41 117 prof.log
06.06.2005 09:41 117 events.log
06.06.2005 09:36 699 TWAIN.LOG
06.06.2005 09:36 5 Twain001.Mtx
06.06.2005 09:36 156 Twunk001.MTX
06.06.2005 09:35 0 ACI4C01D.ac$
06.06.2005 09:35 46.080 ~e5d141.tmp
05.06.2005 23:02 11.685 temp.frD79C
05.06.2005 09:13 16.384 ~DFFAF4.tmp
01.06.2005 12:00 65.536 ~DFFC19.tmp

system.txt:
06.06.2005 09:52 0 0.log
06.06.2005 09:51 54.156 QTFont.qfn
06.06.2005 09:51 2.048 bootstat.dat
06.06.2005 09:50 32.512 SchedLgU.Txt
06.06.2005 09:42 1.065 winamp.ini
06.06.2005 09:36 354 wiadebug.log
06.06.2005 09:36 50 wiaservc.log
05.06.2005 09:21 1.409 QTFont.for
04.06.2005 23:43 0 wotmp11.tmp
04.06.2005 23:28 1 q47240140_disk.dll
04.06.2005 23:28 4.456 rdt.ini
02.06.2005 09:53 8.296 SYMEVENT.LOG

sys.txt:
06.06.2005 10:16 0 sys.txt
06.06.2005 10:15 7.132 system.txt
06.06.2005 10:11 50.306 systemtemp.txt
06.06.2005 10:11 104.221 system32.txt
06.06.2005 10:06 764 log.txt
06.06.2005 10:06 65 windows.txt
06.06.2005 10:04 216 win.txt
06.06.2005 10:00 0 start.txt
06.06.2005 09:51 2.147.483.648 pagefile.sys

hoffe ihr könnt was damit anfangen

#5 Hallo@daishi

poste dennoch die letzten 15 Tage:

cd\
cd %windir%\system32
dir /a:-d /o:-d > %systemdrive%\system32.txt
start %systemdrive%\system32.txt
cls
exit

•Download Registry Search Tool :
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
Doppelklick:regsrch.vbs

reinkopieren:

SvcProc

Press 'OK'
warten, bis die Suche beendet ist. (Ergebnis bitte posten)
Meldung (Symantec)--
warnmeldung:bösartiges skript entdeckt --> ignorieren
Object: Windows Script Host Shell Object
Activity: Run

C:\WINDOWS\svcproc.exe <---loeschen

CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html



•HOSTFILE:
#öffne das HijackThis
"Do a system scan only"-->Config--> Misc Tools-->Open Hosts file Manager--> delet line(s) -->/Click the "Open In Notepad" button
lösche alles , lasse nur stehen:
127.0.0.1 localhost

Zitat

# Dies ist eine HOSTS-Beispieldatei, die von Microsoft TCP/IP
#
# Diese Datei enthält die Zuordnungen der IP-Adressen zu Hostnamen.
# Jeder Eintrag muss in einer eigenen Zeile stehen. Die IP-
# Adresse sollte in der ersten Spalte gefolgt vom zugehörigen
# Hostnamen stehen.
# Die IP-Adresse und der Hostname müssen durch mindestens ein
# Leerzeichen getrennt sein.
#
# 102.54.94.97 rhino.acme.com # Quellserver
# 38.25.63.10 x.acme.com # x-Clienthost

127.0.0.1 localhost
69.64.35.177 auto.search.msn.com <--loeschen

DLLCompare
http://downloads.subratam.org/DllCompare.exe
<klick: Locate.com button.
wenn der Scan beendet ist
<klick:Compare button
<klick: und erstelle das Log--->bitte posten

arbeite das bitte ab und poste alle "infected", die du ueber die "Suche" findest.
http://virus-protect.org/escan.html

----------------------------------------------------------------------------
INFO:
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
__________
MfG Sabina

rund um die PC-Sicherheit

#6 ich hab gestern bevor ich den hijackthis log gepostet hab auch eine auswertung gemacht und alles gelöscht was zum löschen war. seit her kommen keine popups und es ist alles wieder normal. werd noch escan drüber rennen lassen.

thx für die ganze mühe

edit: hab mich wohl zu früh gefreut, heut hat das ding wieder zugeschlagen :/

hab mal alles gemacht wast du geschrieben hast, hier die ergebnise:

system32.txt:
26.05.2005 10:16 2.262 wpa.dbl
13.05.2005 19:50 91.856 S32EVNT1.DLL
02.05.2005 21:23 43.520 CmdLineExt03.dll

Registry Search Tool log:
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "SvcProc" 07.06.2005 10:42:46

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCPROC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCPROC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCPROC\0000]
"Service"="SvcProc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc\Enum]
"0"="Root\\LEGACY_SVCPROC\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCPROC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCPROC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCPROC\0000]
"Service"="SvcProc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SvcProc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SvcProc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCPROC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCPROC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCPROC\0000]
"Service"="SvcProc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc\Enum]
"0"="Root\\LEGACY_SVCPROC\\0000"


DLLCompare log:
* DLLCompare Log version()
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\nrad.dll Sun 28 Nov 2004 23:37:30 A.S.. 180.224 176,00 K
C:\WINDOWS\SYSTEM32\oem.dll Sun 28 Nov 2004 1:03:44 A.S.. 53.248 52,00 K
C:\WINDOWS\SYSTEM32\rad.dll Mon 29 Nov 2004 6:09:48 A.S.. 438.272 428,00 K
C:\WINDOWS\SYSTEM32\radclkr.dll Mon 29 Nov 2004 6:09:16 A.S.. 122.880 120,00 K
C:\WINDOWS\SYSTEM32\raddeu.dll Sun 28 Nov 2004 1:05:44 A.S.. 61.440 60,00 K
C:\WINDOWS\SYSTEM32\radenu.dll Sun 28 Nov 2004 1:06:06 A.S.. 61.440 60,00 K
C:\WINDOWS\SYSTEM32\radesp.dll Sun 28 Nov 2004 1:06:26 A.S.. 61.440 60,00 K
C:\WINDOWS\SYSTEM32\radexe.dll Sun 28 Nov 2004 23:39:08 A.S.. 212.992 208,00 K
C:\WINDOWS\SYSTEM32\radfra.dll Sun 28 Nov 2004 1:07:08 A.S.. 65.536 64,00 K
C:\WINDOWS\SYSTEM32\radhun.dll Sun 28 Nov 2004 1:07:26 A.S.. 61.440 60,00 K
C:\WINDOWS\SYSTEM32\radita.dll Sun 28 Nov 2004 1:07:44 A.S.. 65.536 64,00 K
C:\WINDOWS\SYSTEM32\radmnu.dll Mon 29 Nov 2004 6:08:46 A.S.. 520.192 508,00 K
C:\WINDOWS\SYSTEM32\radnlb.dll Sun 28 Nov 2004 1:08:40 A.S.. 61.440 60,00 K
C:\WINDOWS\SYSTEM32\radplk.dll Sun 28 Nov 2004 1:09:00 A.S.. 65.536 64,00 K
C:\WINDOWS\SYSTEM32\radregs.dll Sun 28 Nov 2004 23:40:16 A.S.. 65.536 64,00 K
C:\WINDOWS\SYSTEM32\radtype.dll Sun 28 Nov 2004 23:40:56 A.S.. 163.909 160,07 K
________________________________________________

1.247 items found: 1.247 files (16 H/S), 0 directories.
Total of file sizes: 253.745.923 bytes 241,99 M

Administrator Account = Wahr

--------------------End log---------------------

mwav.log:
Tue Jun 07 11:53:17 2005 => ***** Scanning complete. *****

Tue Jun 07 11:53:17 2005 => Total Number of Files Scanned: 75878
Tue Jun 07 11:53:17 2005 => Total Number of Virus(es) Found: 61
Tue Jun 07 11:53:17 2005 => Total Number of Disinfected Files: 0
Tue Jun 07 11:53:17 2005 => Total Number of Files Renamed: 4
Tue Jun 07 11:53:17 2005 => Total Number of Deleted Files: 32
Tue Jun 07 11:53:17 2005 => Total Number of Errors: 2
Tue Jun 07 11:53:17 2005 => Time Elapsed: 00:48:00
Tue Jun 07 11:53:17 2005 => Virus Database Date: 2005/06/07
Tue Jun 07 11:53:17 2005 => Virus Database Count: 133796

Tue Jun 07 11:53:17 2005 => Scan Completed.

ich hab leider jetzt keine zeit die ganzen 61 zeilen zu suchen (gibt vielleicht eine möglichkeit das er mir nur diese zeilen anzeigt? achja ich komme nicht in den abgesichertenmodus, ich kann soviel F8 drücken was ich will, kann das an meiner USB tastatur liegen? hab das jetzt alles im normal modus gemacht, hab alles ausgeschaltet was zum ausschalten ging.

trotz allem kommt diese popup immer noch und zusätzlich komme ich ab und zu wenn ich auf einen link klick auf eine seite für medikamente.

#7

Zitat

ich war wohl zu voreillig, diese popup ist wieder gekommen. ich hab alles was du geschrieben hast gemacht, aber da ich keine doppelposts machen darf hab ich's rein editiert, schau dir den thread bitte an

das habe ich erwartet, dass du das noch schreibst

wenn du nicht in den abgesicherten Modus kommst, aber als Administrator angemeldet bist, kannst du auch alles im Normalmodus machen:

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.


REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BolgerDll.BolgerDllObj]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BolgerDll.BolgerDllObj.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{302A3240-4805-4a34-97D7-1645A0B08410}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}]
[-HKEY_CURRENT_USER\Software\Bolger]
[-HKEY_CURRENT_USER\Software\aurora]
[-HKEY_CURRENT_USER\Software\ceres]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCPROC]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SVCPROC]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SvcProc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCPROC]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCPROC]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SvcProc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{302A3240-4805-4a34-97D7-1645A0B08410}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\ZepMon]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\ZepMon]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Print\Monitors\ZepMon]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon]
[-HKEY_CLASSES_ROOT\mfiltis]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"


Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken


Oeffne den Editor und kopiere rein:

@ECHO OFF
cd\windows
Nail.exe /FULLREMOVE
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h nail.exe
attrib -s -r -h svcproc.exe
del nail.exe
del svcproc.exe
exit


abspeichern als remove.bat 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. boote den PC in den abgesicherten Modus (F8 druecken, wenn der PC hochfaehrt) und klicke die remove.bat


--------------------------------------------

dann mache einen Onlinescan (Panda und andere) und berichte, was geloescht+ nicht geloescht wurde)
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#8 hab alles gemacht

hier die logs:

nail.exe:

Microsoft Windows XP [Version 5.1.2600]
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Dont delete file's in the section without guidance
If any doubt back them up first

* UPX! C:\WINDOWS\System32\CISVVC.EXE
* UPX! C:\WINDOWS\UNSPYS~1.EXE

»»»»» lagitamate file's can/will show in this section.

»»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»» Checking Windir\svcproc.exe and nail.exe.

»»»»» Checking for System32\DrPMon.dll.

»»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder.

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8432-BEB3

Verzeichnis von C:\WINDOWS\SYSTEM32

»»»»» Checking for SAHAgent ico files.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8432-BEB3

Verzeichnis von C:\WINDOWS\system32

12.11.2004 03:10 20.254 ATI_CUBE.ICO
22.09.2003 01:41 318 omega_drivers.ico
2 Datei(en) 20.572 Bytes
0 Verzeichnis(se), 1.741.021.184 Bytes frei

»»»»»»»»»»»»»»»»»»»»»»»».


ewido:
---------------------------------------------------------
ewido security suite - Scan Report
---------------------------------------------------------

+ Erstellt am: 17:29:09, 08.06.2005
+ Report-Checksumme: 6C689B9

+ Datum der Signaturen: 08.06.2005
+ Version der Scanengine: v3.0

+ Suchdauer: 62 min
+ Untersuchte Dateien: 110808
+ Geschwindigkeit: 29.49 Dateien/Sekunden
+ Infizierte Dateien: 8
+ Entfernte Dateien: 8
+ Unter Quarantäne gestellte Dateien: 8
+ Dateien, die nicht geöffnet werden konnten: 0
+ Dateien, die nicht gesäubert werden konnten: 0

+ Binder: Ja
+ Packer: Ja
+ Archive: Ja

+ Gescannt wurde:
C:\
D:\

+ Scanergebnis:
C:\Dokumente und Einstellungen\Alex\Cookies\alex@atdmt[2].txt -> Spyware.Tracking-Cookie -> Gesäubert mit Backup
C:\Dokumente und Einstellungen\Alex\Cookies\alex@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Gesäubert mit Backup
C:\Dokumente und Einstellungen\Alex\Cookies\alex@fastclick[1].txt -> Spyware.Tracking-Cookie -> Gesäubert mit Backup
C:\Dokumente und Einstellungen\Alex\Cookies\alex@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Gesäubert mit Backup
C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0043056.dll -> Spyware.SBSoft.h -> Gesäubert mit Backup
C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0043065.exe -> Trojan.Nail -> Gesäubert mit Backup
C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0043066.exe -> Spyware.BetterInternet -> Gesäubert mit Backup
D:\Eigene Dateien\Download\anti spy tools\backups\backup-20050605-092116-580.dll -> Spyware.SBSoft.h -> Gesäubert mit Backup


::Report Ende


was soll ich mit nailfix machen? hab beide datein entpackt und ausgeführt, aber es geht bei beiden nur kurz eine dosbox auf und verschwindet wieder.

#9 mache einen Onlinescan mit Panda+ berichte

http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#10 hier der log:


Incident Status Location

Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\AdultGambling.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Free Online Dating.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\F*** Real Girls.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Kill Annoying Popups.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Online Sex Poker Rooms.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Play Adult-Poker.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Remove Toolbars.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Spyware Uninstall.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\XXX personal photos.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\AdultGambling.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Free Online Dating.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\F*** Real Girls.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Kill Annoying Popups.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Online Sex Poker Rooms.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Play Adult-Poker.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Remove Toolbars.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Spyware Uninstall.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\XXX personal photos.url
Virus:W32/Randon.E Disinfected C:\mIRC\backup\mirc.exe
Adware:Adware/Fastvideoplayer No disinfected C:\WINDOWS\inf\fastvideoplayer.inf
Adware:Adware/WUpd No disinfected C:\WINDOWS\LastGood\Downloaded Program Files\BridgeX.inf
Adware:Adware/Fastvideoplayer No disinfected C:\WINDOWS\LastGood\INF\fastvideoplayer.inf
Virus:Trj/Downloader.AEE Disinfected D:\Eigene Dateien\Download\anti spy tools\backups\backup-20041023-101554-328.inf

gebracht hat das scannen aber nicht viel, nicht mal die sachen aus den favorites sind weg.

#11 die favoriten, das musst du loeschen:

ClaerProg..lade die neuste Version <1.5.1
http://virus-protect.org/temp.html
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Verlauf
- Temporäre Internetfiles (Cache)
- URLs
- index.dat


dann loesche mit der killbox:

•KillBox
http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

•Delete File on Reboot <--anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\LastGood\Downloaded Program Files\BridgeX.inf
C:\WINDOWS\inf\fastvideoplayer.inf
C:\WINDOWS\LastGood\INF\fastvideoplayer.inf
D:\Eigene Dateien\Download\anti spy tools\backups\backup-20041023-101554-328.inf

PC neustarten

dann scanne noch mal

-----------------------------------------
danach:

•Ad-aware SE Personal 1.05 Updated
http://virus-protect.org/antispywaretools.html
Laden--> Updaten-->Konfigurieren
http://virus-protect.org/adaware.html
#VOR jedem Scanvorgang das Programm Updaten!
waehrend des Scanvorganges müssen ALLE sonstige
Anwendungen beendet werden und alle Browserfenster müssen
geschlossen sein!
scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann

danach:

#Alternativbrowser zum IE
Firefox
http://www.firefox-browser.de/windows.php
http://www.mozilla-europe.org/de/
Installation+Konfiguration Firefox
http://www.pcwelt.de/know-how/software/103924/index1.html
__________
MfG Sabina

rund um die PC-Sicherheit

#12 hier der log:

Ad-Aware SE Build 1.05
Logfile Created ononnerstag, 09. Juni 2005 12:47:05
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):35 total references
Tracking Cookie(TAC index:3):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R49 31.05.2005
Internal build : 57
File location : C:\Programme\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 481469 Bytes
Total size : 1455496 Bytes
Signature data size : 1423833 Bytes
Reference data size : 31151 Bytes
Signatures total : 40572
Fingerprints total : 902
Fingerprints size : 31096 Bytes
Target categories : 15
Target families : 692


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:55 %
Total physical memory:523764 kb
Available physical memory:287804 kb
Total page file size:2590928 kb
Available on page file:2395876 kb
Total virtual memory:2097024 kb
Available virtual memory:2047492 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


09.06.2005 12:47:05 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 400
ThreadCreationTime : 09.06.2005 10:46:12
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 500
ThreadCreationTime : 09.06.2005 10:46:15
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 532
ThreadCreationTime : 09.06.2005 10:46:16
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 576
ThreadCreationTime : 09.06.2005 10:46:17
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 588
ThreadCreationTime : 09.06.2005 10:46:17
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 744
ThreadCreationTime : 09.06.2005 10:46:17
BasePriority : Normal
FileVersion : 6.14.10.4110
ProductVersion : 6.14.10.4110.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 800
ThreadCreationTime : 09.06.2005 10:46:17
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 872
ThreadCreationTime : 09.06.2005 10:46:17
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1056
ThreadCreationTime : 09.06.2005 10:46:17
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1116
ThreadCreationTime : 09.06.2005 10:46:18
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsetmgr.exe]
ModuleName : C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
Command Line : "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"
ProcessID : 1256
ThreadCreationTime : 09.06.2005 10:46:19
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1276
ThreadCreationTime : 09.06.2005 10:46:19
BasePriority : Normal
FileVersion : 6.14.10.4110
ProductVersion : 6.14.10.4110.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:13 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1332
ThreadCreationTime : 09.06.2005 10:46:19
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:14 [ccevtmgr.exe]
ModuleName : C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1364
ThreadCreationTime : 09.06.2005 10:46:19
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:15 [qttask.exe]
ModuleName : C:\Programme\QuickTime\qttask.exe
Command Line : "C:\Programme\QuickTime\qttask.exe" -atboottime
ProcessID : 1428
ThreadCreationTime : 09.06.2005 10:46:19
BasePriority : Normal
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2002
OriginalFilename : QTTask.exe

#:16 [em_exec.exe]
ModuleName : C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
Command Line : "C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE"
ProcessID : 1456
ThreadCreationTime : 09.06.2005 10:46:19
BasePriority : Normal
FileVersion : 9.70.216
ProductVersion : 9.70
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2002.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:17 [winampa.exe]
ModuleName : C:\Programme\Winamp\Winampa.exe
Command Line : "C:\Programme\Winamp\Winampa.exe"
ProcessID : 1704
ThreadCreationTime : 09.06.2005 10:46:20
BasePriority : Normal


#:18 [usrprmpt.exe]
ModuleName : C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
Command Line : "C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe"
ProcessID : 1736
ThreadCreationTime : 09.06.2005 10:46:20
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Helper
InternalName : UsrPrmpt.dll
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
OriginalFilename : UsrPrmpt.dll

#:19 [ccapp.exe]
ModuleName : C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
Command Line : "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
ProcessID : 1748
ThreadCreationTime : 09.06.2005 10:46:20
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:20 [itouch.exe]
ModuleName : C:\Programme\Logitech\iTouch\iTouch.exe
Command Line : "C:\Programme\Logitech\iTouch\iTouch.exe"
ProcessID : 1852
ThreadCreationTime : 09.06.2005 10:46:20
BasePriority : Normal
FileVersion : 2.22.289
ProductVersion : 2.22.289
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : (C) 1998-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team

#:21 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 2028
ThreadCreationTime : 09.06.2005 10:46:21
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:22 [cdac11ba.exe]
ModuleName : C:\WINDOWS\System32\drivers\CDAC11BA.EXE
Command Line : C:\WINDOWS\System32\drivers\CDAC11BA.EXE
ProcessID : 288
ThreadCreationTime : 09.06.2005 10:46:27
BasePriority : Normal
FileVersion : 4.20.030
ProductVersion : 4.20.030 Windows NT 2002/01/29
ProductName : SafeCast Windows NT
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright (c) 1998-2003 Macrovision Corp.
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:23 [cdantsrv.exe]
ModuleName : C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
Command Line : C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
ProcessID : 712
ThreadCreationTime : 09.06.2005 10:46:31
BasePriority : Normal
FileVersion : 3.27.000
ProductVersion : 3.27.000 Windows NT 2002/09/12
ProductName : CD-Secure/CD-Compress Windows NT
CompanyName : C-Dilla Ltd
FileDescription : C-Dilla RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright (c) Macrovision 1993-2002
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:24 [ewidoctrl.exe]
ModuleName : C:\Programme\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Programme\ewido\security suite\ewidoctrl.exe"
ProcessID : 824
ThreadCreationTime : 09.06.2005 10:46:31
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:25 [navapsvc.exe]
ModuleName : C:\Programme\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Programme\Norton AntiVirus\navapsvc.exe"
ProcessID : 892
ThreadCreationTime : 09.06.2005 10:46:31
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:26 [savscan.exe]
ModuleName : C:\Programme\Norton AntiVirus\SAVScan.exe
Command Line : "C:\Programme\Norton AntiVirus\SAVScan.exe"
ProcessID : 1004
ThreadCreationTime : 09.06.2005 10:46:39
BasePriority : Normal

ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright (c) 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:27 [ad-aware.exe]
ModuleName : C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2472
ThreadCreationTime : 09.06.2005 10:46:56
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Alex\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\ahead\nero wave editor\recent file list
Description : list of recently used files in nero wave editor


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1303643608-1417001333-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@doubleclick[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:alex@doubleclick.net/
Expires : 07.06.2005 13:11:28
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:alex@atdmt.com/
Expires : 08.06.2010 02:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@spylog[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:alex@spylog.com/
Expires : 06.12.2005 10:25:32
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@as1.falkag[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:alex@as1.falkag.de/
Expires : 09.07.2005 10:27:14
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:alex@z1.adserver.com/
Expires : 07.06.2006 13:13:16
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@fastclick[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:alex@fastclick.net/
Expires : 09.06.2005 13:13:18
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@2o7[1].txt
Category : Data Miner
Comment : Hits:16
Value : Cookie:alex@2o7.net/
Expires : 07.06.2010 21:32:28
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@adtech[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:alex@adtech.de/
Expires : 05.06.2015 12:56:36
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 43



Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43


Deep scanning and examining files (D
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 43




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43

12:59:53 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:47.609
Objects scanned:144613
Objects identified:8
Objects ignored:0
New critical objects:8


ich hoffe damit hab ich das endlich von meinen rechner

edit: ist noch immer drauf, das ding ist echt hartnäckig

#13 Hallo@daishi

manuell loeschen:

C:\Dokumente und Einstellungen\Alex\Favoriten\AdultGambling.url
C:\Dokumente und Einstellungen\Alex\Favoriten\Free Online Dating.url
C:\Dokumente und Einstellungen\Alex\Favoriten\F*** Real Girls.url

anderes Benutzerkonto:
C:\Dokumente und Einstellungen\All Users\Favoriten\AdultGambling.url

usw.....

Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Kill Annoying Popups.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Online Sex Poker Rooms.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Play Adult-Poker.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Remove Toolbars.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\Spyware Uninstall.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\Alex\Favoriten\XXX personal photos.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\AdultGambling.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Free Online Dating.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\F*** Real Girls.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Kill Annoying Popups.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Online Sex Poker Rooms.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Play Adult-Poker.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Remove Toolbars.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\Spyware Uninstall.url
Adware:Adware/CWS No disinfected C:\Dokumente und Einstellungen\All Users\Favoriten\XXX personal photos.url


arbeite das bitte ab und poste alles :
http://virus-protect.org/escan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#14 hier der log, ganz schön viel, sag mir bitte was ich davon löschen soll:

--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Fri Jun 10 11:19:43 2005 => System found infected with DyFuCA Spyware/Adware ({AA4939C3-DECA-4A48-A454-97CD587C0EF5})! Action taken: No Action Taken.
2: Fri Jun 10 11:19:43 2005 => System found infected with SideFind Spyware/Adware ({8cba1b49-8144-4721-a7b1-64c578c9eed7})! Action taken: No Action Taken.
3: Fri Jun 10 11:19:43 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
4: Fri Jun 10 11:37:14 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0041045.exe infected by "Trojan-Dropper.Win32.Small.zx" Virus! Action Taken: No Action Taken.
5: Fri Jun 10 11:37:14 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0043057.dll infected by "Trojan.Win32.StartPage.xb" Virus! Action Taken: No Action Taken.
6: Fri Jun 10 11:37:14 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0043068.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
7: Fri Jun 10 11:37:14 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0043070.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
8: Fri Jun 10 11:37:19 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0043299.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
9: Fri Jun 10 11:37:20 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0043316.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
10: Fri Jun 10 11:37:20 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0043318.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
11: Fri Jun 10 11:37:20 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044316.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
12: Fri Jun 10 11:37:20 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044329.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
13: Fri Jun 10 11:37:20 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044337.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
14: Fri Jun 10 11:37:21 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044374.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
15: Fri Jun 10 11:37:21 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044393.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
16: Fri Jun 10 11:37:21 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044395.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
17: Fri Jun 10 11:37:22 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044407.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
18: Fri Jun 10 11:37:22 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044409.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
19: Fri Jun 10 11:37:25 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044511.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
20: Fri Jun 10 11:37:25 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044524.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
21: Fri Jun 10 11:37:26 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044526.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
22: Fri Jun 10 11:37:26 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044540.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
23: Fri Jun 10 11:37:26 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044548.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
24: Fri Jun 10 11:37:26 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044552.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
25: Fri Jun 10 11:37:26 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044562.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
26: Fri Jun 10 11:37:27 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP281\A0044577.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
27: Fri Jun 10 11:37:28 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP281\A0044584.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
28: Fri Jun 10 11:37:28 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP281\A0044590.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
29: Fri Jun 10 11:37:28 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP281\A0044592.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
30: Fri Jun 10 11:37:30 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP283\A0044620.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
31: Fri Jun 10 11:37:31 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP283\A0044657.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
32: Fri Jun 10 11:37:37 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP283\A0044922.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
33: Fri Jun 10 11:37:37 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP283\A0044929.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
34: Fri Jun 10 11:37:38 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP284\A0044946.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
35: Fri Jun 10 11:37:38 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP284\A0044948.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
36: Fri Jun 10 11:50:14 2005 => File D:\Eigene Dateien\Download\anti spy tools\backups\backup-20050605-092116-581.dll infected by "Trojan.Win32.StartPage.xb" Virus! Action Taken: No Action Taken.
37: Fri Jun 10 11:54:52 2005 => Scanning File D:\Games\Edge of Chaos - Indepedence War 2\streams\audio\speech\a3_master_dialogue_infected_female_begging.wav [**]
38: Fri Jun 10 11:54:52 2005 => Scanning File D:\Games\Edge of Chaos - Indepedence War 2\streams\audio\speech\a3_master_dialogue_infected_female_scream.wav [**]
39: Fri Jun 10 11:54:52 2005 => Scanning File D:\Games\Edge of Chaos - Indepedence War 2\streams\audio\speech\a3_master_dialogue_infected_male_no_you_bastards.wav [**]
40: Fri Jun 10 11:54:52 2005 => Scanning File D:\Games\Edge of Chaos - Indepedence War 2\streams\audio\speech\a3_master_dialogue_infected_male_scream.wav [**]

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Fri Jun 10 11:18:51 2005 => File C:\Dokumente und Einstellungen\Alex\Desktop\Neuer Ordner\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
2: Fri Jun 10 11:22:46 2005 => File C:\DOKUME~1\Alex\LOKALE~1\TEMPOR~1\Content.IE5\G5W5M70L\Nailfix[1].zip tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
3: Fri Jun 10 11:23:22 2005 => File C:\ACCLAIM\BUBBLE\TEST.COM tagged as not-a-virus:Effect.DOS.TheDraw. No Action Taken.
4: Fri Jun 10 11:24:59 2005 => File C:\bubble\TEST.COM tagged as not-a-virus:Effect.DOS.TheDraw. No Action Taken.
5: Fri Jun 10 11:25:31 2005 => File C:\Dokumente und Einstellungen\Alex\Desktop\Neuer Ordner\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
6: Fri Jun 10 11:25:41 2005 => File C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Temporary Internet Files\Content.IE5\G5W5M70L\Nailfix[1].zip tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
7: Fri Jun 10 11:26:38 2005 => File C:\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken.
8: Fri Jun 10 11:37:14 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0043064.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
9: Fri Jun 10 11:37:14 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP278\A0043069.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
10: Fri Jun 10 11:37:20 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0043317.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
11: Fri Jun 10 11:37:21 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044394.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
12: Fri Jun 10 11:37:22 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP279\A0044408.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
13: Fri Jun 10 11:37:26 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044525.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
14: Fri Jun 10 11:37:26 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP280\A0044551.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
15: Fri Jun 10 11:37:27 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP281\A0044583.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
16: Fri Jun 10 11:37:28 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP281\A0044591.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
17: Fri Jun 10 11:37:28 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP281\A0044594.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.02. No Action Taken.
18: Fri Jun 10 11:37:37 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP283\A0044928.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
19: Fri Jun 10 11:37:38 2005 => File C:\System Volume Information\_restore{926C12F4-2D33-4219-8ECB-7BD61D7EEF60}\RP284\A0044947.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
20: Fri Jun 10 11:50:11 2005 => File D:\Eigene Dateien\Download\aida\aida32ne_388.zip tagged as not-a-virus:Tool.Win32.AIDA.3862. No Action Taken.
21: Fri Jun 10 11:50:13 2005 => File D:\Eigene Dateien\Download\aida\Neuer Ordner\aida32.bin tagged as not-a-virus:Tool.Win32.AIDA.3862. No Action Taken.
22: Fri Jun 10 11:50:13 2005 => File D:\Eigene Dateien\Download\aida\Neuer Ordner\aida32.exe tagged as not-a-virus:Tool.Win32.AIDA.3862. No Action Taken.
23: Fri Jun 10 11:50:19 2005 => File D:\Eigene Dateien\Download\anti spy tools\Nailfix.zip tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
24: Fri Jun 10 11:50:38 2005 => File D:\Eigene Dateien\Download\mirc\mirc614.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken.
25: Fri Jun 10 12:00:24 2005 => File D:\texturen\Neuer Ordner\Utility\AT&T\Vnc\Win32\vncviewer\vncviewer.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.333. No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Fri Jun 10 11:19:34 2005 => ERROR!!! Invalid Entry \??\F:\INSTALL\GMSIPCI.SYS in SYSTEM\CurrentControlSet\Services\GMSIPCI...
2: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\avsniff.dll". Action Taken: No Action Taken.
3: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\axload.dll". Action Taken: No Action Taken.
4: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\BridgeX.dll". Action Taken: No Action Taken.
5: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ghdlctl.dll". Action Taken: No Action Taken.
6: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll". Action Taken: No Action Taken.
7: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstBanr.ocx". Action Taken: No Action Taken.
8: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstFred.ocx". Action Taken: No Action Taken.
9: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ISTactivex.dll". Action Taken: No Action Taken.
10: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.
11: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\PrevAdX.dll". Action Taken: No Action Taken.
12: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\qp2.dll". Action Taken: No Action Taken.
13: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\retro64_loader.dll". Action Taken: No Action Taken.
14: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: No Action Taken.
15: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SimCityX.ocx". Action Taken: No Action Taken.
16: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SysVerChk.ocx". Action Taken: No Action Taken.
17: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinadX.dll". Action Taken: No Action Taken.
18: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinTaskAdX.dll". Action Taken: No Action Taken.
19: Fri Jun 10 11:20:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ysbactivex.dll". Action Taken: No Action Taken.
20: Fri Jun 10 11:20:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\Alex\LOKALE~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken.
21: Fri Jun 10 11:20:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\UniDist.ocx". Action Taken: No Action Taken.
22: Fri Jun 10 11:20:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll". Action Taken: No Action Taken.
23: Fri Jun 10 11:20:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstBanr.ocx". Action Taken: No Action Taken.
24: Fri Jun 10 11:20:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SysVerChk.ocx". Action Taken: No Action Taken.
25: Fri Jun 10 11:20:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstFred.ocx". Action Taken: No Action Taken.
26: Fri Jun 10 11:20:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\pxwma.dll". Action Taken: No Action Taken.
27: Fri Jun 10 11:20:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\operation walker\Operation_Walker\ODE_DLL.dll". Action Taken: No Action Taken.
28: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\qp2.dll". Action Taken: No Action Taken.
29: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\MARXDEV3.SYS". Action Taken: No Action Taken.
30: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\MARXDEV2.SYS". Action Taken: No Action Taken.
31: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\MARXDEV1.SYS". Action Taken: No Action Taken.
32: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\TDLPT.SYS". Action Taken: No Action Taken.
33: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\ASPI32.NT". Action Taken: No Action Taken.
34: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\WINASPI.NT". Action Taken: No Action Taken.
35: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\WNASPI32.NT". Action Taken: No Action Taken.
36: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\WOWPOST.NT". Action Taken: No Action Taken.
37: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\mmrtkrnl.sys". Action Taken: No Action Taken.
38: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\mmrtkrnl.inf". Action Taken: No Action Taken.
39: Fri Jun 10 11:20:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\CBUSB.inf". Action Taken: No Action Taken.
40: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\CBUSB.sys". Action Taken: No Action Taken.
41: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP4.DIR\TDXMW32.DLL". Action Taken: No Action Taken.
42: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\ijl10.dll". Action Taken: No Action Taken.
43: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\retro64_loader.dll". Action Taken: No Action Taken.
44: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\32sy32SPsy.exe". Action Taken: No Action Taken.
45: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\BridgeX.dll". Action Taken: No Action Taken.
46: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.
47: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\avsniff.dll". Action Taken: No Action Taken.
48: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: No Action Taken.
49: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinadX.dll". Action Taken: No Action Taken.
50: Fri Jun 10 11:20:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ISTactivex.dll". Action Taken: No Action Taken.
51: Fri Jun 10 11:20:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ghdlctl.dll". Action Taken: No Action Taken.
52: Fri Jun 10 11:20:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinTaskAdX.dll". Action Taken: No Action Taken.
53: Fri Jun 10 11:20:31 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\axload.dll". Action Taken: No Action Taken.
54: Fri Jun 10 11:20:31 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\PrevAdX.dll". Action Taken: No Action Taken.
55: Fri Jun 10 11:20:31 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ysbactivex.dll". Action Taken: No Action Taken.
56: Fri Jun 10 11:20:31 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SimCityX.ocx". Action Taken: No Action Taken.
57: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{0FD95BFE-8321-11D2-B10D-00805F88185D}" refers to invalid object "C:\Programme\AutoCAD 2002 Deu\express\axrtext.dll". Action Taken: No Action Taken.
58: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{117A2298-A910-41E9-B6A6-5D31B8F609EB}" refers to invalid object "AcMPolygonCOM.dll". Action Taken: No Action Taken.
59: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{1F831FA3-42FC-11D4-95A6-0080AD30DCE1}" refers to invalid object "C:\WINDOWS\DOWNLO~1\InstFred.ocx". Action Taken: No Action Taken.
60: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2413D4E4-DDBA-11D3-8CC5-0010830243CE}" refers to invalid object "acstlay.dll". Action Taken: No Action Taken.
61: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D483-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
62: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D485-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
63: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D488-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
64: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D48B-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
65: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D48D-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
66: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D48F-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
67: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D491-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
68: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D493-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
69: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D497-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
70: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D499-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
71: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D49B-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
72: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D49D-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
73: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D49F-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
74: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4A1-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
75: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4A3-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
76: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4A5-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
77: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4A7-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
78: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4A9-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
79: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4AB-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
80: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4AD-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
81: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4AF-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
82: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4B1-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
83: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4B3-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
84: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4B5-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
85: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4B7-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
86: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4B9-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
87: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4BB-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
88: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4BD-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
89: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4BF-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
90: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4C1-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
91: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4C4-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
92: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4C6-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
93: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4C8-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
94: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4CA-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
95: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4CC-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
96: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4CE-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
97: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4D0-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
98: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4D2-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
99: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4D4-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
100: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4D6-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
101: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4DA-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
102: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4DC-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
103: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4DE-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
104: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4E1-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
105: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4E3-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
106: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4E5-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
107: Fri Jun 10 11:20:32 2005 => Entry "HKCR\CLSID\{2928D4E7-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
108: Fri Jun 10 11:20:33 2005 => Entry "HKCR\CLSID\{2D29F8DF-372D-4027-B638-8938F1587691}" refers to invalid object "AcMPolygonCOM.dll". Action Taken: No Action Taken.
109: Fri Jun 10 11:20:33 2005 => Entry "HKCR\CLSID\{307A6C42-0000-0010-8000-00AA00389B71}" refers to invalid object "d:\games\warcraft iii\blizzard.ax". Action Taken: No Action Taken.
110: Fri Jun 10 11:20:33 2005 => Entry "HKCR\CLSID\{3BA25F7F-AF5B-11D4-9690-0010B547D1F7}" refers to invalid object "AcInetUI.dll". Action Taken: No Action Taken.
111: Fri Jun 10 11:20:33 2005 => Entry "HKCR\CLSID\{40B4DD9D-83C1-11D2-B340-0060B0B3B2E6}" refers to invalid object "C:\Programme\AutoCAD 2002 Deu\express\axctextapp.dll". Action Taken: No Action Taken.
112: Fri Jun 10 11:20:33 2005 => Entry "HKCR\CLSID\{41600CBD-0A19-11D2-B54A-080009D023F9}" refers to invalid object "C:\Programme\AutoCAD 2002 Deu\shapes.arx". Action Taken: No Action Taken.
113: Fri Jun 10 11:20:33 2005 => Entry "HKCR\CLSID\{45905B7E-E3EF-11D3-8CCA-0010830243CE}" refers to invalid object "AcStMgr.dll". Action Taken: No Action Taken.
114: Fri Jun 10 11:20:33 2005 => Entry "HKCR\CLSID\{4BBDAF3B-923B-11D3-A38C-0040052AA8EA}" refers to invalid object "AcedInetActiveX.ocx". Action Taken: No Action Taken.
115: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{5AAAB218-46F5-11d4-8CEC-0010830243CE}" refers to invalid object "acstdstyle.dll". Action Taken: No Action Taken.
116: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{5B57EEA1-CA9A-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
117: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{5B57EEA3-CA9A-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
118: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{6465547D-10B8-11d4-96BA-0060B0FB3211}" refers to invalid object "acstltype.dll". Action Taken: No Action Taken.
119: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{64EEB33B-1704-11D0-BDB6-00AA00575603}" refers to invalid object "shelllnk.dll". Action Taken: No Action Taken.
120: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{6BFE6808-9534-0A92-8520-115578A02F4F}" refers to invalid object "C:\WINDOWS\System32\glih.dll". Action Taken: No Action Taken.
121: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{6D4C7DF1-704F-11D2-B6D2-0060B087E235}" refers to invalid object "AXDB15.DLL". Action Taken: No Action Taken.
122: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{781877D3-B9B1-11D1-A551-00805F0255A9}" refers to invalid object "CAO15.DLL". Action Taken: No Action Taken.
123: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{79FB6771-A201-11D3-AAA0-00108302FDB2}" refers to invalid object "LiveUpdate.dll". Action Taken: No Action Taken.
124: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{7BA4BB1A-E71C-478C-A555-1DD90C28DF20}" refers to invalid object "C:\WINDOWS\System32\igacgn.dll". Action Taken: No Action Taken.
125: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{848B6E69-B50B-11D4-A415-00108302FDFD}" refers to invalid object "C:\WINDOWS\DOWNLO~1\InstBanr.ocx". Action Taken: No Action Taken.
126: Fri Jun 10 11:20:34 2005 => Entry "HKCR\CLSID\{8ACF1DD3-FBCA-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
127: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{91C0BD29-9C35-11d3-AFCB-0060B0EF3BFF}" refers to invalid object "AdFTP.dll". Action Taken: No Action Taken.
128: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{9D431028-EECA-11D3-8CD0-0010830243CE}" refers to invalid object "AcStMgr.dll". Action Taken: No Action Taken.
129: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A1617E95-FB21-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
130: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A1617E97-FB21-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
131: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A1617E99-FB21-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
132: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A1617E9B-FB21-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
133: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A4D59239-F4D6-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
134: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A4D5923B-F4D6-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
135: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A4D5923D-F4D6-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
136: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A4D5923F-F4D6-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
137: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A4D59241-F4D6-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
138: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A4D59243-F4D6-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
139: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A4D59245-F4D6-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
140: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A4D59247-F4D6-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
141: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{A6F7919E-D29C-11D3-8D11-00108302FDA5}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
142: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{AE563724-B4F5-11D4-A415-00108302FDFD}" refers to invalid object "C:\WINDOWS\DOWNLO~1\InstBanr.ocx". Action Taken: No Action Taken.
143: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B2547D90-056E-11d2-B651-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
144: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B2547D91-056E-11d2-B651-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
145: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B2547D93-056E-11d2-B651-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
146: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B2547D95-CA93-11D1-B60F-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
147: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B2BE75F3-9197-11CF-ABF4-08000996E931}" refers to invalid object "C:\WINDOWS\OCCACHE\whip.ocx". Action Taken: No Action Taken.
148: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B2BE75F4-9197-11CF-ABF4-08000996E931}" refers to invalid object "C:\WINDOWS\OCCACHE\whip.ocx". Action Taken: No Action Taken.
149: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B49978B7-F971-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
150: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B49978B9-F971-11D1-A2C8-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
151: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B5DD9A64-5C4B-4a48-BE56-97C1A8F85708}" refers to invalid object "C:\WINDOWS\System32\fastvideoplayer.dll". Action Taken: No Action Taken.
152: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B8B1B2F1-1DE7-11d2-B66E-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
153: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{B8B1B2F2-1DE7-11d2-B66E-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
154: Fri Jun 10 11:20:35 2005 => Entry "HKCR\CLSID\{C16F618E-0B1A-426B-9216-1F588AE91F60}" refers to invalid object "C:\Programme\Ahead\nero\APHandler.dll". Action Taken: No Action Taken.
155: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{C6637287-300D-11D4-AE0A-0010830243BD}" refers to invalid object "C:\WINDOWS\DOWNLO~1\InstFred.ocx". Action Taken: No Action Taken.
156: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{C6A0FF24-2814-11d2-B678-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
157: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{C6A0FF25-2814-11d2-B678-0060B087E235}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
158: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{C9CFC0FE-DACF-11D1-A2C2-080009DC639A}" refers to invalid object "AXAUTO15.DLL". Action Taken: No Action Taken.
159: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{D5D12325-4785-11d4-8CEC-0010830243CE}" refers to invalid object "acsttstyle.dll". Action Taken: No Action Taken.
160: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{E243D2F3-DDA8-11D3-8CC5-0010830243CE}" refers to invalid object "AcStMgr.dll". Action Taken: No Action Taken.
161: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{E9446813-96E7-11D3-B208-0060B0872C1E}" refers to invalid object "AcETransmit.dll". Action Taken: No Action Taken.
162: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{E9446817-96E7-11D3-B208-0060B0872C1E}" refers to invalid object "AcETransmit.dll". Action Taken: No Action Taken.
163: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{E9446819-96E7-11D3-B208-0060B0872C1E}" refers to invalid object "AcETransmit.dll". Action Taken: No Action Taken.
164: Fri Jun 10 11:20:36 2005 => Entry "HKCR\CLSID\{E944681D-96E7-11D3-B208-0060B0872C1E}" refers to invalid object "AcETransmit.dll". Action Taken: No Action Taken.
165: Fri Jun 10 11:20:37 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
166: Fri Jun 10 11:20:37 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
167: Fri Jun 10 11:20:38 2005 => Entry "HKCR\ISTx.Installer" refers to invalid object "{7C559105-9ECF-42b8-B3F7-832E75EDD959}". Action Taken: No Action Taken.
168: Fri Jun 10 11:20:38 2005 => Entry "HKCR\Microsoft.RA.1" refers to invalid object "{006E1ED3-8012-4410-E311-3B8AE46BE117}". Action Taken: No Action Taken.
169: Fri Jun 10 11:20:39 2005 => Entry "HKCR\PrevAdX.Installer" refers to invalid object "{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}". Action Taken: No Action Taken.
170: Fri Jun 10 11:20:39 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
171: Fri Jun 10 11:20:40 2005 => Entry "HKCR\YSBactivex.Installer" refers to invalid object "{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}". Action Taken: No Action Taken.
172: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Adbureau.zip is Not Scanned
173: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Adbureau1.zip is Not Scanned
174: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Adbureau2.zip is Not Scanned
175: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Adbureau3.zip is Not Scanned
176: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Adbureau4.zip is Not Scanned
177: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Adbureau5.zip is Not Scanned
178: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom.zip is Not Scanned
179: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom1.zip is Not Scanned
180: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom10.zip is Not Scanned
181: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom11.zip is Not Scanned
182: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom12.zip is Not Scanned
183: Fri Jun 10 11:25:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom13.zip is Not Scanned
184: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom14.zip is Not Scanned
185: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom15.zip is Not Scanned
186: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom16.zip is Not Scanned
187: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom17.zip is Not Scanned
188: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom18.zip is Not Scanned
189: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom19.zip is Not Scanned
190: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom2.zip is Not Scanned
191: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom20.zip is Not Scanned
192: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom21.zip is Not Scanned
193: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom22.zip is Not Scanned
194: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom23.zip is Not Scanned
195: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom24.zip is Not Scanned
196: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom25.zip is Not Scanned
197: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom26.zip is Not Scanned
198: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom3.zip is Not Scanned
199: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom4.zip is Not Scanned
200: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom5.zip is Not Scanned
201: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom6.zip is Not Scanned
202: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom7.zip is Not Scanned
203: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom8.zip is Not Scanned
204: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Advertisingcom9.zip is Not Scanned
205: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Adviva.zip is Not Scanned
206: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Adviva1.zip is Not Scanned
207: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip is Not Scanned
208: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc.zip is Not Scanned
209: Fri Jun 10 11:25:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc1.zip is Not Scanned
210: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc10.zip is Not Scanned
211: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc11.zip is Not Scanned
212: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc2.zip is Not Scanned
213: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc3.zip is Not Scanned
214: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc4.zip is Not Scanned
215: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc5.zip is Not Scanned
216: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc6.zip is Not Scanned
217: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc7.zip is Not Scanned
218: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc8.zip is Not Scanned
219: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AvenueAInc9.zip is Not Scanned
220: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite.zip is Not Scanned
221: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite1.zip is Not Scanned
222: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite10.zip is Not Scanned
223: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite11.zip is Not Scanned
224: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite12.zip is Not Scanned
225: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite13.zip is Not Scanned
226: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite14.zip is Not Scanned
227: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite15.zip is Not Scanned
228: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite16.zip is Not Scanned
229: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite17.zip is Not Scanned
230: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite18.zip is Not Scanned
231: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite19.zip is Not Scanned
232: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite2.zip is Not Scanned
233: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite20.zip is Not Scanned
234: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite21.zip is Not Scanned
235: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite22.zip is Not Scanned
236: Fri Jun 10 11:25:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite23.zip is Not Scanned
237: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite24.zip is Not Scanned
238: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite25.zip is Not Scanned
239: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite26.zip is Not Scanned
240: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite27.zip is Not Scanned
241: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite28.zip is Not Scanned
242: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite29.zip is Not Scanned
243: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite3.zip is Not Scanned
244: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite30.zip is Not Scanned
245: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite31.zip is Not Scanned
246: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite32.zip is Not Scanned
247: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite33.zip is Not Scanned
248: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite34.zip is Not Scanned
249: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite35.zip is Not Scanned
250: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite36.zip is Not Scanned
251: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite37.zip is Not Scanned
252: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite38.zip is Not Scanned
253: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite39.zip is Not Scanned
254: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite4.zip is Not Scanned
255: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite40.zip is Not Scanned
256: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite41.zip is Not Scanned
257: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite42.zip is Not Scanned
258: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite43.zip is Not Scanned
259: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite44.zip is Not Scanned
260: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite45.zip is Not Scanned
261: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite46.zip is Not Scanned
262: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite47.zip is Not Scanned
263: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite48.zip is Not Scanned
264: Fri Jun 10 11:25:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite49.zip is Not Scanned
265: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite5.zip is Not Scanned
266: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite50.zip is Not Scanned
267: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite51.zip is Not Scanned
268: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite52.zip is Not Scanned
269: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite53.zip is Not Scanned
270: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite54.zip is Not Scanned
271: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite55.zip is Not Scanned
272: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite56.zip is Not Scanned
273: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite57.zip is Not Scanned
274: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite6.zip is Not Scanned
275: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite7.zip is Not Scanned
276: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite8.zip is Not Scanned
277: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BackWeblite9.zip is Not Scanned
278: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BFast.zip is Not Scanned
279: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BFast1.zip is Not Scanned
280: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BFast2.zip is Not Scanned
281: Fri Jun 10 11:26:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BFast3.zip is Not Scanned
282: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BFast4.zip is Not Scanned
283: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BFast5.zip is Not Scanned
284: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BFast6.zip is Not Scanned
285: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BlazeFindSearchEnhancerISTbar.zip is Not Scanned
286: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BlazeFindSearchEnhancerISTbar1.zip is Not Scanned
287: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BlazeFindSearchEnhancerISTbar2.zip is Not Scanned
288: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BlazeFindSearchEnhancerISTbar3.zip is Not Scanned
289: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\BlazeFindSearchEnhancerISTbar4.zip is Not Scanned
290: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CommissionJunction.zip is Not Scanned
291: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CommissionJunction1.zip is Not Scanned
292: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CommissionJunction10.zip is Not Scanned
293: Fri Jun 10 11:26:01 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CommissionJunction11.zip is Not Scanned
294: Fri Jun 10 11:26:01 2005 => Result: ERROR!!!

#15 Hallo@

1.) Deaktivieren Wiederherstellung--> dann wieder aktivieren
«XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

2.)CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html



3.)gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken

so muss geloescht werden:

C:\DOKUME~1\Alex\LOKALE~1\TEMPOR~1\Content.IE5\G5W5M70L\Nailfix[1].zip

4.) loesche mit der Killbox:
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx
C:\WINDOWS\Downloaded Program Files\retro64_loader.dll
C:\WINDOWS\Downloaded Program Files\BridgeX.dll
C:\WINDOWS\Downloaded Program Files\WinadX.dll
C:\WINDOWS\Downloaded Program Files\ISTactivex.dll
C:\WINDOWS\Downloaded Program Files\ghdlctl.dll
C:\WINDOWS\Downloaded Program Files\WinTaskAdX.dll
C:\WINDOWS\Downloaded Program Files\axload.dll
C:\WINDOWS\Downloaded Program Files\PrevAdX.dll
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll




5.)TuneUp2004 (30 Tage free)
http://virus-protect.org/reinigungstoolsregistry.html
Cleanup repair -->TuneUp Diskcleaner
Cleanup repair -->Registry Cleaner

#RegCleaner
(Tip: Lade RegCleaner, stelle das Tool in Deutsch ein und saeubere ueber <Tools<Registry saeubern<alles durchfuehren < den PC (du kannst alles angezeigte Loeschen, denn es verbleibt eine Sicherung)
http://virus-protect.org/reinigungstoolsregistry.html

dann scanne bitte noch mal mit escan+ berichte
__________
MfG Sabina

rund um die PC-Sicherheit