AdWare.Lop -Verseuchung wegen: MessengerPlus3Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
23.10.2005, 22:25
Member
Beiträge: 47 |
||
|
||
23.10.2005, 23:59
Ehrenmitglied
Beiträge: 29434 |
#17
Hallo@razor_89
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren + Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren KILLBOX http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\Downloaded Program Files\winadservx.dll C:\WINDOWS\system32\vp.dat C:\WINDOWS\ecwkj.exe C:\Program Files\Admanager Controller\AdManComm.dll C:\Programme\BearShare\Installer\saveinstwm.exe C:\WINDOWS\Downloaded Program Files\WinAdServX.dll C:\WINDOWS\Downloaded Program Files\WinServAdX.dll C:\WINDOWS\iun6002.exe PC neustarten deinstallieren: bearshare loesche diesen Ordner komplett. C:\Dokumente und Einstellungen\razor\Anwendungsdaten\SOFTID~1\ C:\Dokumente und Einstellungen\razor\Anwendungsdaten\DVDDOW~1\ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\drive junk lies ball C:\Program Files\Admanager Controller C:\Programme\BearShare scanne mit Counterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum) Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein: Zitat dir %Windir%\tasks /a h > files.txt- Speichern als: findjobs.bat - abspeichern unter : Dateityp: alle Dateien - speichere auf dem Desktop - Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.10.2005, 01:08
Member
Beiträge: 47 |
#18
C:\Dokumente und Einstellungen\razor\Anwendungsdaten\SOFTID~1\
C:\Dokumente und Einstellungen\razor\Anwendungsdaten\DVDDOW~1\ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\drive junk lies ball sind nicht zu finden! Counterspy läuft, braucht aber noch n Moment! Die Reports folgen! |
|
|
||
24.10.2005, 11:27
Ehrenmitglied
Beiträge: 29434 |
#19
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren
+ Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren C:\Dokumente und Einstellungen\razor\Anwendungsdaten\SOFTID....sind nicht die vollstaendigen Namen, du musst suchen mit Hilfe der ersten Buchstaben.... C:\Dokumente und Einstellungen\razor\Anwendungsdaten\DVDDOW.... C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\drive junk lies ball<--das ist komplett und muesste drauf sein __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.10.2005, 13:28
Member
Beiträge: 47 |
#20
Es sind keinerlei Ordner oder Dateien von den Gesuchten in meinen Anwendungsdaten zu finden, da der Ordner nicht mal 25 Dateien und Ordner (oberflächlich) umfasst! Die Ansicht aller Objekte ist bereits eingestellt.
Hier der Kram von Counterspy: Spyware Scan Details Start Date: 24.10.2005 00:47:37 End Date: 24.10.2005 01:40:55 Total Time: 53 mins 18 secs Detected spyware AntiLeech Plugin Adware more information... Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software. Status: Deleted Infected files detected c:\programme\anti-leech\al2np.dll c:\programme\anti-leech\alie.dll c:\programme\anti-leech\alie.inf c:\programme\anti-leech\iesetup2.exe c:\programme\anti-leech\npalnn.dll c:\programme\anti-leech\setup2.exe Infected registry entries detected HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1 Anti-Leech Plug-in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE Anti-Leech Plug-in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 C:\PROGRA~1\ANTI-L~1\alie.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\ProgID AntiLeech.ALIE.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\TypeLib {056738E1-E15C-11D6-B876-0050BF5D85C7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\VersionIndependentProgID AntiLeech.ALIE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} Anti-Leech Plug-in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE DisplayName Anti-Leech Plugin for Internet Explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE UninstallString C:\Programme\Anti-Leech\iesetup2.exe uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Netscape, Mozilla, Opera HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\setup2.exe -u YourSiteBar Spyware more information... Details: YourSiteBar from IST, the makers of numerous spyware Thread, is an affiliate based marketing toolbar. Status: Deleted Infected files detected c:\programme\yoursitebar\imagemap_normal.bmp c:\programme\yoursitebar\version.txt c:\programme\yoursitebar\yoursitebar.xml c:\windows\downloaded program files\ysbactivex.inf Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer\CLSID {771A1334-6B08-4a6b-AEDC-CF994BA2CEBE} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer\CurVer YSBactivex.Installer.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer Installer Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\YSBactivex.dll HKEY_CLASSES_ROOT\Ysbactivex.installer HKEY_CLASSES_ROOT\Ysbactivex.installer\CLSID {771A1334-6B08-4a6b-AEDC-CF994BA2CEBE} HKEY_CLASSES_ROOT\Ysbactivex.installer\CurVer YSBactivex.Installer.1 HKEY_CLASSES_ROOT\Ysbactivex.installer Installer Class HKEY_CLASSES_ROOT\YSBactivex.Installer HKEY_CLASSES_ROOT\YSBactivex.Installer\CLSID {771A1334-6B08-4a6b-AEDC-CF994BA2CEBE} HKEY_CLASSES_ROOT\YSBactivex.Installer\CurVer YSBactivex.Installer.1 HKEY_CLASSES_ROOT\YSBactivex.Installer Installer Class SearchRelevancy Adware more information... Status: Deleted Infected files detected c:\programme\searchrelevancy\uninstall.exe Infected registry entries detected HKEY_LOCAL_MACHINE\software\searchrelevancy HKEY_LOCAL_MACHINE\software\searchrelevancy\Update TimeStamp 1105732186 HKEY_LOCAL_MACHINE\software\searchrelevancy ID 8F5B7A9F C2.Lop Spyware more information... Details: Lop is a group of spyware and hijacker programs that set your Internet Explorer start page and search features to use the site lop.com ('Live Online Portal') or one of its clone sites. Status: Deleted Infected files detected c:\dokumente und einstellungen\razor\favoriten\going places\travel.lnk ShopAtHome Spyware more information... Details: ShopAtHome installs itself in the Winsock layer of your computer and redirects visits to merchant sites in order to take the affiliate fees from them automatically without your knowledge. Status: Deleted Infected files detected C:\WINDOWS\system32\xmlparse.dll C:\WINDOWS\system32\xmltok.dll BearShare P2P more information... Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library CoolWebSearch.StartPage Browser Hijacker more information... Details: CoolWebSearch StartPage hijacks Internet Explorers start page not allowing the user to change this URL. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Bar_bak Messenger Plus! Adware Bundler more information... Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Patchou\MsgPlus2 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Archive\@jaO]u|wG/viMp1yqjYAplqck/rdokkcS Type 2 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Archive\@jaO]u|wG/viMp1yqjYAplqck/rdokkcS FilePath HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Archive LastArchiveTime 1129906094 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Contacts\@kcSefh1WiewmcoerhgA{o[exigCEI LastSignin 1129905800 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Contacts\@leWmuiqg/zq[iColdCi0rEcmIQa LastSignin 1129906224 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Contacts\@leWmuiqg/zq[iColdCi0rEcmIQa LastChat 1129905886 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Contacts\@leWmuiqg/zq[iColdCi0rEcmIQa XmlLogCreationTime HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Contacts\@leWmuiqg/zq[iColdCi0rEcmIQa XmlLogLastSize 148910 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Contacts\@MYqonsfk/nmccpuskSAcrekofqbWogimwtuekgd[CE LastSignin 1105394738 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Contacts\@RcSensfW/nmmcpuskgApr[kisiwCtkiEoIQa LastSignin 1129905800 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences\BossProtections\BossProtection0 Shortcut 544 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences SystemLogWndX 200 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences SystemLogWndY 100 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences SystemLogWndWidth 500 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences SystemLogWndHeight 170 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences ToastPopupSizeW6 181 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences ToastPopupSizeH6 116 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences ToastPopupPos6 1244 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences ToastPopupResX 1600 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences ToastPopupBorder6 0 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences LogDirectory C:\Dokumente und Einstellungen\razor\Eigene Dateien\Meine Aufzeichnungen HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences MigrateLevel 2 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences FirstLaunch 1129905794 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences FirstTimeWizard 0 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences EnableLogging 1 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences AutoAcceptDefault 1 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\kai1689@hotmail.com\Preferences UseBossProtection 0 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\Nobody\Data StatTime 1129905794 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\Nobody\Data CurrentStatID 1 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\Nobody\Data S1-1 0 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\Nobody\Data S2-1 131648 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2 LanguageFile Lang_Deutsch.ini HKEY_CURRENT_USER\Software\Patchou\MsgPlus2 DefaultConfiguration kai1689@hotmail.com HKEY_CURRENT_USER\Software\Patchou\MsgPlus2 SoftwareState 1129587027 HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 BinDir C:\Programme\Messenger Plus! 3 HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 LocalizationDir C:\Programme\Messenger Plus! 3\Resources HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 PluginDir C:\Programme\Messenger Plus! 3\Plugins HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 FileNameDll MsgPlusH.dll HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 FileNameExe MsgPlus.exe HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 FileNameLoader MsgPlusLoader.dll HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 SoftwareBuild 3145 HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 DefLanguageFile Lang_Deutsch.ini HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 InstallTime 1105394720 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted\DefaultIcon C:\Programme\Messenger Plus! 3\Resources\MsgPlusRes.dll,-2781 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted\shell\open\command "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /LOG:%1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted Encrypted Log File MoneyTree Dialer more information... Details: MoneyTree is an ActiveX control used to download premium-rate dialers, generally for porn sites. Each time MoneyTree is run, on system startup, it tries to connect to a pornographic website. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj IST.PowerScan Adware more information... Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest NetPumper Adware Bundler more information... Details: Bundles with a number of adware components such as cydoor, Save!, ClockSync, and WhenU Toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetPumperNNProxy.NetscapeInterface HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetPumperNNProxy.NetscapeInterface\CLSID {E19B133D-184E-4BBA-8A70-38489C9DD31B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetPumperNNProxy.NetscapeInterface NetscapeInterface Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-netpumper-detector HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-netpumper-detector Extension .xnpd HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetPumper.AddUrl HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetPumper.AddUrl\CLSID {1AA406AB-F581-42AB-B4D1-31D2E13819EF} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetPumper.AddUrl AddUrl Object HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro\Firstrun state 2 HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro state 2 HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro pkid HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro alid darkborn HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro iid {710A9A34-9B75-4C24-9BA7-657F9056BAF8} HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper Application NetPumper Pro HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper NEWVER http://cv.netpumper.com/ HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\InprocServer32 C:\NetPumper\NetPumperNNProxy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\ProgID NetPumperNNProxy.NetscapeInterface HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\Typelib {F7258F6E-9F60-49C0-8C82-F0A0993D68E0} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B} NetscapeInterface Object HKEY_CLASSES_ROOT\NetPumperNNProxy.NetscapeInterface HKEY_CLASSES_ROOT\NetPumperNNProxy.NetscapeInterface\CLSID {E19B133D-184E-4BBA-8A70-38489C9DD31B} HKEY_CLASSES_ROOT\NetPumperNNProxy.NetscapeInterface NetscapeInterface Object HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF} HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\LocalServer32 C:\NetPumper\NetPumperPro.exe /Automation HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\LocalServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\ProgID NetPumper.AddUrl HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\Typelib {1145A909-A836-44B8-B03A-48D858B0F43E} HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\Version 1.1 HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF} AddUrl Object HKEY_CLASSES_ROOT\clsid\{E19B133D-184E-4BBA-8A70-38489C9DD31B} HKEY_CLASSES_ROOT\clsid\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\InprocServer32 C:\NetPumper\NetPumperNNProxy.dll HKEY_CLASSES_ROOT\clsid\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\ProgID NetPumperNNProxy.NetscapeInterface HKEY_CLASSES_ROOT\clsid\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\Typelib {F7258F6E-9F60-49C0-8C82-F0A0993D68E0} HKEY_CLASSES_ROOT\clsid\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{E19B133D-184E-4BBA-8A70-38489C9DD31B} NetscapeInterface Object HKEY_CLASSES_ROOT\NetPumper.AddUrl HKEY_CLASSES_ROOT\NetPumper.AddUrl\CLSID {1AA406AB-F581-42AB-B4D1-31D2E13819EF} HKEY_CLASSES_ROOT\NetPumper.AddUrl AddUrl Object HKEY_CURRENT_USER\Software\NetPumper HKEY_CURRENT_USER\Software\NetPumper\razor Field1 1782252508 HKEY_CURRENT_USER\Software\NetPumper\razor Field2 1173715072 HKEY_CURRENT_USER\Software\NetPumper\razor Field3 1122981269 HKEY_CURRENT_USER\Software\NetPumper\razor Field4 315866115 IST.XXXToolbar Toolbar more information... Details: Adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} ISinkObj HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} ISinkObj AvenueMedia.DyFuCA Browser Plug-in more information... Details: DyFuCA Internet Optimizer is an adware which also hijacks your browser error page. It opens pop-up windows to display ads from its network sites periodically, also is known to update itself. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt ATDMT.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\razor\cookies\razor@atdmt[2].txt Claria.DashBar Cookie Cookie more information... Details: DashBar cookie is a small text file placed on the user's computer after when visiting the Claria/GAIN DashBar website. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\razor\cookies\razor@belnk[1].txt FastClick.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\razor\cookies\razor@fastclick[2].txt Radar Spy 1.0 Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\razor\cookies\razor@tradedoubler[1].txt Hier noch das File von der Findjobs.bat: Datentr„ger in Laufwerk C: ist proggys Volumeseriennummer: 60FC-0DC0 Verzeichnis von C:\WINDOWS\tasks 21.10.2005 21:00 <DIR> . 21.10.2005 21:00 <DIR> .. 02.04.2003 14:00 65 desktop.ini 24.10.2005 13:16 6 SA.DAT 14.08.2005 14:37 308 Windows Media Player.job 3 Datei(en) 379 Bytes Verzeichnis von C:\Dokumente und Einstellungen\razor\Desktop Werden die Files von datFind.bat auch benötigt? Gruß Razor Dieser Beitrag wurde am 24.10.2005 um 13:35 Uhr von razor_89 editiert.
|
|
|
||
24.10.2005, 14:01
Ehrenmitglied
Beiträge: 29434 |
#21
neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein und poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.10.2005, 18:27
Member
Beiträge: 47 |
#22
Logfile of HijackThis v1.99.1
Scan saved at 18:27:12, on 24.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\PC-Zeit\trap.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Programme\Logitech\SetPoint\KEM.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe C:\Programme\Logitech\SetPoint\KHALMNPR.EXE C:\Programme\ICQLite\ICQLite.exe c:\programme\winamp\winamp.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Mozilla Firefox\firefox.exe D:\Programme\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.nldeagsbsrnggzluzhpkej.org/yYFbZRqvKiMjmYMWcw5n9zeV/aHtWmTlTVSe05jux0wV_j7gI/hDS/Vztko78Il2.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {58C4ED5B-BF92-4326-9409-8F8B11662515} - C:\DOKUME~1\razor\ANWEND~1\SOFTID~1\scr okay.exe (file missing) O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [pczeit] "C:\Programme\PC-Zeit\trap.exe" O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res:***//C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098139004937 O16 - DPF: {D7A4D8FB-83F0-40E5-954F-88F48D15AE96} (ICQVideoWindow Class) - h**p://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - h**p://arcade.icq.com/carlo/zuma/popcaploader_v5.cab O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - h**p://xtraz.icq.com/xtraz/activex/MISBH.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Das oberste scheint mir noch weg zu müssen mit diesem Searchbar und ich weiß nicht was Excel.Exe/3000 dadrin soll... Zeug mit File missing kann generell auch weg oder? Dieser Beitrag wurde am 24.10.2005 um 21:26 Uhr von razor_89 editiert.
|
|
|
||
25.10.2005, 00:30
Ehrenmitglied
Beiträge: 29434 |
#23
Fixe mit dem HIjackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.nldeagsbsrnggzluzhpkej.org/yYFbZRqvKiMjmYMWcw5n9zeV/aHtWmTlT VSe05jux0wV_j7gI/hDS/Vztko78Il2.html O2 - BHO: (no name) - {58C4ED5B-BF92-4326-9409-8F8B11662515} - C:\DOKUME~1\razor\ANWEND~1\SOFTID~1\scr okay.exe (file missing) O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe (das muss aus dem Autostart...hat dort NICHTS verloren) PC neustarten loesche: D:\Razor\Andere\desktoptoys an Zocker\finger.exe und poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
25.10.2005, 00:43
Member
Beiträge: 47 |
#24
O2 - BHO: (no name) - {58C4ED5B-BF92-4326-9409-8F8B11662515} - C:\DOKUME~1\razor\ANWEND~1\SOFTID~1\scr okay.exe (file missing)
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe sind weg, das ding mit dem change von meiner startseite stellt sich selbst wieder her und will zugreifen, wird aber dank counterspy geblockt! ich starte jetzt trotzdem erstmal neu und poste dann das neue logfile [edit] Logfile of HijackThis v1.99.1 Scan saved at 00:46:39, on 25.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\PC-Zeit\trap.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Logitech\SetPoint\KEM.exe C:\Programme\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Mozilla Firefox\firefox.exe D:\Programme\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.nldeagsbsrnggzluzhpkej.org/yYFbZRqvKiMjmYMWcw5n9zeV/aHtWmTlTVSe05jux0wV_j7gI/hDS/Vztko78Il2.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [pczeit] "C:\Programme\PC-Zeit\trap.exe" O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res:**//C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098139004937 O16 - DPF: {D7A4D8FB-83F0-40E5-954F-88F48D15AE96} (ICQVideoWindow Class) - h**p://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - h**p://arcade.icq.com/carlo/zuma/popcaploader_v5.cab O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - h**p://xtraz.icq.com/xtraz/activex/MISBH.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe beim starten wollte der treiber meiner maus bzw tastatur also irgendwas von logitech die datei von logitech (backweb....) wieder zum autostart hinzufügen, wurde aber von counterspy geblockt. Dieser Beitrag wurde am 25.10.2005 um 00:49 Uhr von razor_89 editiert.
|
|
|
||
25.10.2005, 00:52
Ehrenmitglied
Beiträge: 29434 |
#25
fixe mit dem HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.nldeagsbsrnggzluzhpkej.org/yYFbZRqvKiMjmYMWcw5n9zeV/aHtWmTlTVSe05jux0wV_j7gI/hDS/Vztko78Il2.html O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - h**p://arcade.icq.com/carlo/zuma/popcaploader_v5.cab neustarten Wichtig: Sollte abschließend ein erneuter Scan mit eScan durchgeführt werden, dann ist es zwingend notwendig, daß die 'mwav.log' zuvor gelöscht wird, da diese nicht überschrieben, sondern nur erweitert wird! scanne noch mal mit escan und poste alles (nur nicht die sachen, die sich wiederholen) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
25.10.2005, 00:58
Member
Beiträge: 47 |
#26
Oha das dauert dann aber wieder ein kleines Weilchen...
Soll der wie immer im abgesicherten Modus scannen? Übrigens: sobald dieses R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.nldeagsbsrnggzluzhpkej.org/yYFbZRqvKiMjmYMWcw5n9zeV/aHtWmTlTVSe05jux0wV_j7gI/hDS/Vztko78Il2.html gefixt wird, bekomm ich von counterspy ne Message: The Internet Explorer URL for your IE Urls is attempting to be changed from http://www.nldeagsbsrnggzluzhpkej.org/yYFbZRqvKiMjmYMWcw5n9zeV/aHtWmTlTVSe05jux0wV_j7gI/hDS/Vztko78Il2.html to . Advice: Since it is not known if this is spyware you should analyze it before deciding to allow it. Das Teil hat scheinbar irgendwo anders seinen Ursprung Dieser Beitrag wurde am 25.10.2005 um 01:00 Uhr von razor_89 editiert.
|
|
|
||
25.10.2005, 01:02
Ehrenmitglied
Beiträge: 29434 |
#27
ja, ich weiss, der PC ist noch nicht sauber, deshalb muss du noch mal mit escan arbeiten
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
25.10.2005, 01:10
Member
Beiträge: 47 |
#28
eScan verursacht beim starten im abgesicherten Modus einen Fehler und muss beendet werden...
im Normalmodus scheints zu gehen. Sollich das Teil löschen und neuinstalliern? |
|
|
||
25.10.2005, 02:48
Ehrenmitglied
Beiträge: 29434 |
||
|
||
25.10.2005, 13:20
Member
Beiträge: 47 |
#30
--------------------------------------------------
-------------------- INFECTED -------------------- -------------------------------------------------- 1: -------------------- INFECTED -------------------- 2: 1: -------------------- INFECTED -------------------- 3: 2: 1: Tue Oct 25 01:50:42 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken. 4: 3: 2: Tue Oct 25 01:50:42 2005 => System found infected with hijackthis Spyware/Adware ({771a1334-6b08-4a6b-aedc-cf994ba2cebe})! Action taken: No Action Taken. 5: 4: 3: Tue Oct 25 01:50:42 2005 => System found infected with istsvc Spyware/Adware ({db447818-96b4-40df-8a55-720da496f514})! Action taken: No Action Taken. 6: 5: 4: Tue Oct 25 01:50:43 2005 => System found infected with istsvc Spyware/Adware ({bf06da8e-2beb-4816-9bbd-f7625246e245})! Action taken: No Action Taken. 7: 6: 5: Tue Oct 25 01:50:46 2005 => Offending file found: C:\WINDOWS\DOWNLO~1\winadservx.dll 8: 7: 6: Tue Oct 25 01:50:46 2005 => System found infected with winad Spyware/Adware (winadservx.dll)! Action taken: No Action Taken. 9: 8: 7: Tue Oct 25 01:50:46 2005 => Offending file found: C:\WINDOWS\system32\vp.dat 10: 9: 8: Tue Oct 25 01:50:46 2005 => System found infected with deskad.service Spyware/Adware (vp.dat)! Action taken: No Action Taken. 11: 10: 9: Tue Oct 25 01:50:50 2005 => Offending file found: C:\Dokumente und Einstellungen\razor\Favoriten\fun & games\games.lnk 12: 11: 10: Tue Oct 25 01:50:50 2005 => System found infected with hotbar Spyware/Adware (games.lnk)! Action taken: No Action Taken. 13: 12: 11: Tue Oct 25 01:50:52 2005 => Offending file found: C:\Dokumente und Einstellungen\razor\Lokale Einstellungen\temporary internet files\content.ie5\230nmh43\adsend[1].js 14: 13: 12: Tue Oct 25 01:50:52 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken. 15: 14: 13: Tue Oct 25 01:50:53 2005 => Offending file found: C:\Dokumente und Einstellungen\razor\Lokale Einstellungen\temporary internet files\content.ie5\itcfyd41\adswrapper[1].js 16: 15: 14: Tue Oct 25 01:50:53 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken. 17: 16: 15: Tue Oct 25 01:50:53 2005 => Offending file found: C:\Dokumente und Einstellungen\razor\Lokale Einstellungen\Temporary Internet Files\content.ie5\230nmh43\adsend[1].js 18: 17: 16: Tue Oct 25 01:50:53 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken. 19: 18: 17: Tue Oct 25 01:50:53 2005 => Offending file found: C:\Dokumente und Einstellungen\razor\Lokale Einstellungen\Temporary Internet Files\content.ie5\itcfyd41\adswrapper[1].js 20: 19: 18: Tue Oct 25 01:50:53 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken. 21: 20: 17: Tue Oct 25 01:50:53 2005 => Offending file found: C:\Dokumente und Einstellungen\razor\Lokale Einstellungen\Temporary Internet Files\content.ie5\itcfyd41\adswrapper[1].js 22: 21: 19: Tue Oct 25 02:08:47 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: --------------------- TAGGED --------------------- 2: 1: --------------------- TAGGED --------------------- 3: 2: 1: Tue Oct 25 12:16:39 2005 => File C:\WINDOWS\Downloaded Program Files\WinAdServX.dll tagged as "not-a-virus:AdWare.Win32.WinAD". Action Taken: No Action Taken. 4: 3: 2: Tue Oct 25 12:16:39 2005 => File C:\WINDOWS\Downloaded Program Files\WinServAdX.dll tagged as "not-a-virus:AdWare.Win32.WinAD.f". Action Taken: No Action Taken. 5: 4: 3: Tue Oct 25 12:43:03 2005 => File H:\Counter-Strike\hltv.exe tagged as not-a-virus:Server-Proxy.Win32.Hltv. No Action Taken. 6: 5: 4: Tue Oct 25 12:55:51 2005 => File H:\HL\hltv.exe tagged as not-a-virus:Server-Proxy.Win32.Hltv. No Action Taken. 7: 6: 1: H:\Counter-Strike\hltv.exe => tagged:Server-Proxy.Win32.Hltv. 8: 7: 2: H:\HL\hltv.exe => tagged:Server-Proxy.Win32.Hltv. 9: 1: H:\Counter-Strike\hltv.exe => tagged:Server-Proxy.Win32.Hltv. 10: 2: H:\HL\hltv.exe => tagged:Server-Proxy.Win32.Hltv. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: 1: 1: Tue Oct 25 01:49:54 2005 => ERROR!!! Invalid Entry {B8323370-FF27-11D2-97B6-204C4F4F5020} = C:\Programme\SmartFTP\smarthook.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken. 2: 2: 2: Tue Oct 25 01:49:56 2005 => ERROR!!! Invalid Entry mmtask = c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 3: 3: 3: Tue Oct 25 01:50:58 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\MSXML3A.DLL". Action Taken: No Action Taken. Den Rest mit refers to invalid habich weggelassen! -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: H:\Counter-Strike\hltv.exe => tagged:Server-Proxy.Win32.Hltv. 2: H:\HL\hltv.exe => tagged:Server-Proxy.Win32.Hltv. -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Tue Oct 25 13:08:41 2005 => Total Objects Scanned: 182834 Tue Oct 25 13:08:41 2005 => Total Virus(es) Found: 21 Tue Oct 25 13:08:41 2005 => Total Errors: 194 Tue Oct 25 13:08:41 2005 => Virus Database Date: 2005/10/25 Tue Oct 25 13:08:41 2005 => Virus Database Count: 156122 Tue Oct 25 13:15:56 2005 => Total Objects Scanned: 182834 Tue Oct 25 13:15:56 2005 => Total Virus(es) Found: 21 Tue Oct 25 13:15:56 2005 => Total Errors: 194 |
|
|
||
Habs glaubich gefunden:
--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------
1: Sun Oct 23 18:00:06 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
2: Sun Oct 23 18:00:07 2005 => System found infected with hijackthis Spyware/Adware ({771a1334-6b08-4a6b-aedc-cf994ba2cebe})! Action taken: No Action Taken.
3: Sun Oct 23 18:00:07 2005 => System found infected with bearshare Spyware/Adware ({5f95e1af-2620-4f15-bdf9-7fdce4607e17})! Action taken: No Action Taken.
4: Sun Oct 23 18:00:07 2005 => System found infected with bearshare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken.
5: Sun Oct 23 18:00:07 2005 => System found infected with istsvc Spyware/Adware ({db447818-96b4-40df-8a55-720da496f514})! Action taken: No Action Taken.
6: Sun Oct 23 18:00:07 2005 => System found infected with dyfuca Spyware/Adware ({aa4939c3-deca-4a48-a454-97cd587c0ef5})! Action taken: No Action Taken.
7: Sun Oct 23 18:00:07 2005 => System found infected with istsvc Spyware/Adware ({bf06da8e-2beb-4816-9bbd-f7625246e245})! Action taken: No Action Taken.
8: Sun Oct 23 18:00:07 2005 => System found infected with dyfuca Spyware/Adware ({eee4a2e5-9f56-432f-a6ed-f6f625b551e0})! Action taken: No Action Taken.
9: Sun Oct 23 18:00:12 2005 => Offending file found: C:\WINDOWS\DOWNLO~1\winadservx.dll
10: Sun Oct 23 18:00:12 2005 => System found infected with winad Spyware/Adware (winadservx.dll)! Action taken: No Action Taken.
11: Sun Oct 23 18:00:12 2005 => Offending file found: C:\WINDOWS\system32\vp.dat
12: Sun Oct 23 18:00:12 2005 => System found infected with deskad.service Spyware/Adware (vp.dat)! Action taken: No Action Taken.
13: Sun Oct 23 18:00:15 2005 => Offending file found: C:\Dokumente und Einstellungen\razor\Anwendungsdaten\microsoft\internet explorer\quick launch\bearshare downloads.lnk
14: Sun Oct 23 18:00:15 2005 => System found infected with bearshare Spyware/Adware (bearshare downloads.lnk)! Action taken: No Action Taken.
15: Sun Oct 23 18:00:15 2005 => Offending file found: C:\Dokumente und Einstellungen\razor\Anwendungsdaten\microsoft\internet explorer\quick launch\bearshare.lnk
16: Sun Oct 23 18:00:15 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
17: Sun Oct 23 18:00:16 2005 => Offending file found: C:\Dokumente und Einstellungen\razor\Favoriten\fun & games\games.lnk
18: Sun Oct 23 18:00:16 2005 => System found infected with hotbar Spyware/Adware (games.lnk)! Action taken: No Action Taken.
19: Sun Oct 23 18:00:19 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\bearshare.lnk
20: Sun Oct 23 18:00:19 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
21: Sun Oct 23 18:00:19 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\bearshare.lnk
22: Sun Oct 23 18:00:19 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
23: Sun Oct 23 18:00:20 2005 => Offending file found: C:\WINDOWS\iun6002.exe
24: Sun Oct 23 18:00:20 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
25: Sun Oct 23 18:15:55 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
26: Sun Oct 23 19:01:31 2005 => File D:\Razor\Andere\desktoptoys an Zocker\finger.exe infected by "not-virus:BadJoke.Win32.Finger.b" Virus! Action Taken: No Action Taken.
--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------
1: Sun Oct 23 18:09:07 2005 => File C:\Program Files\Admanager Controller\AdManComm.dll tagged as "not-a-virus:AdWare.Win32.WinAD.r". Action Taken: No Action Taken.
2: Sun Oct 23 18:16:04 2005 => File C:\Programme\BearShare\Installer\saveinstwm.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
3: Sun Oct 23 18:42:44 2005 => File C:\WINDOWS\Downloaded Program Files\WinAdServX.dll tagged as "not-a-virus:AdWare.Win32.WinAD". Action Taken: No Action Taken.
4: Sun Oct 23 18:42:44 2005 => File C:\WINDOWS\Downloaded Program Files\WinServAdX.dll tagged as "not-a-virus:AdWare.Win32.WinAD.f". Action Taken: No Action Taken.
5: Sun Oct 23 19:11:09 2005 => File H:\Counter-Strike\hltv.exe tagged as not-a-virus:Server-Proxy.Win32.Hltv. No Action Taken.
6: Sun Oct 23 19:21:40 2005 => File H:\HL\hltv.exe tagged as not-a-virus:Server-Proxy.Win32.Hltv. No Action Taken.
--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------
1: Sun Oct 23 17:59:00 2005 => ERROR!!! Invalid Entry = C:\DOKUME~1\razor\ANWEND~1\SOFTID~1\scr okay.exe (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{58C4ED5B-BF92-4326-9409-8F8B11662515}). No Action Taken.
2: Sun Oct 23 17:59:07 2005 => ERROR!!! Invalid Entry {B8323370-FF27-11D2-97B6-204C4F4F5020} = C:\Programme\SmartFTP\smarthook.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
3: Sun Oct 23 17:59:10 2005 => ERROR!!! Invalid Entry mmtask = c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
4: Sun Oct 23 18:00:24 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\MSXML3A.DLL". Action Taken: No Action Taken.
5: Sun Oct 23 18:00:24 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\DIMM.DLL". Action Taken: No Action Taken.
6: Sun Oct 23 18:00:24 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe\Photoshop Album\Kataloge\My Catalog.psa". Action Taken: No Action Taken.
7: Sun Oct 23 18:00:24 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\razor\LOKALE~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken.
8: Sun Oct 23 18:00:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\YSBactivex.dll". Action Taken: No Action Taken.
9: Sun Oct 23 18:00:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
10: Sun Oct 23 18:00:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Oberon Media\Inspector-Parker\Uninstall.exe". Action Taken: No Action Taken.
11: Sun Oct 23 18:00:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gravity\RagnarokOnline\2005-03-22aRagexe.rgz". Action Taken: No Action Taken.
12: Sun Oct 23 18:00:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken.
13: Sun Oct 23 18:00:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken.
14: Sun Oct 23 18:00:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxinsa64.exe". Action Taken: No Action Taken.
15: Sun Oct 23 18:00:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxinsi64.exe". Action Taken: No Action Taken.
16: Sun Oct 23 18:00:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxcpya64.exe". Action Taken: No Action Taken.
17: Sun Oct 23 18:00:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxcpyi64.exe". Action Taken: No Action Taken.
18: Sun Oct 23 18:00:29 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bckgzm.exe" refers to invalid object "C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe". Action Taken: No Action Taken.
19: Sun Oct 23 18:00:29 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\BFVietnam.exe" refers to invalid object "C:\PROGRA~1\EAGAME~1\BATTLE~1\bfvietnam.exe". Action Taken: No Action Taken.
20: Sun Oct 23 18:00:29 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\chkrzm.exe" refers to invalid object "C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe". Action Taken: No Action Taken.
21: Sun Oct 23 18:00:29 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
22: Sun Oct 23 18:00:29 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\hrtzzm.exe" refers to invalid object "C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe". Action Taken: No Action Taken.
23: Sun Oct 23 18:00:29 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ldm.exe" refers to invalid object "C:\Programme\Logitech\Desktop Messenger\ldm.exe". Action Taken: No Action Taken.
24: Sun Oct 23 18:00:29 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MSMSGS.EXE" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
25: Sun Oct 23 18:00:29 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MSN6.EXE" refers to invalid object "C:\Programme\MSN\MSNCoreFiles\MSN6.exe". Action Taken: No Action Taken.
26: Sun Oct 23 18:00:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\rvsezm.exe" refers to invalid object "C:\Programme\MSN Gaming Zone\Windows\rvsezm.exe". Action Taken: No Action Taken.
27: Sun Oct 23 18:00:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\shvlzm.exe" refers to invalid object "C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe". Action Taken: No Action Taken.
28: Sun Oct 23 18:00:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\speed2.exe" refers to invalid object "D:\Games\Need For Speed Underground 2\speed2.exe". Action Taken: No Action Taken.
29: Sun Oct 23 18:00:31 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Call of Duty\uo\". Action Taken: No Action Taken.
30: Sun Oct 23 18:00:31 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\razor\Eigene Dateien\Pinnacle Expression\Captured Video\". Action Taken: No Action Taken.
31: Sun Oct 23 18:00:31 2005 => Entry "
193: Sun Oct 23 18:00:43 2005 => Entry "HKCR\Zb.ZbCmdProcessRawImages.1" refers to invalid object "{4DCADFA0-556A-4288-AB68-833C51A2CF6B}". Action Taken: No Action Taken.
194: Sun Oct 23 18:00:43 2005 => Entry "HKCR\Zb.ZbCmdRemoteCapture" refers to invalid object "{7D5BAFEE-5A7D-4BB0-B709-A17422EEB658}". Action Taken: No Action Taken.
195: Sun Oct 23 18:00:43 2005 => Entry "HKCR\Zb.ZbCmdRemoteCapture.1" refers to invalid object "{7D5BAFEE-5A7D-4BB0-B709-A17422EEB658}". Action Taken: No Action Taken.
--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------
1: D:\Razor\Andere\desktoptoys an Zocker\finger.exe => not-virus:BadJoke.Win32.Finger.b
2: H:\Counter-Strike\hltv.exe => tagged:Server-Proxy.Win32.Hltv.
3: H:\HL\hltv.exe => tagged:Server-Proxy.Win32.Hltv.
--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------
Sun Oct 23 19:33:13 2005 => Total Objects Scanned: 180656
Sun Oct 23 19:33:13 2005 => Total Virus(es) Found: 38
Sun Oct 23 19:33:13 2005 => Total Errors: 195
Sun Oct 23 19:33:13 2005 => Virus Database Date: 2005/10/22
Sun Oct 23 19:33:13 2005 => Virus Database Count: 155555