Home » Spyware & Browser Hijacker Support Forum » Tr/startpage.qr.dll » Themenansicht

Tr/startpage.qr.dll
#0
25.07.2005, 18:21
Pollux_
...neu hier

Beiträge: 2
#1 Wie viele andere auch, habe ich mir diesen lästigen Virus eingefangen.

Da ich nur PC Anwender bin, bin ich mit solchen Problemen leider überfordert.
Ich fände es super wenn mir jemand helfen könnte und mir in leicht verständlicher Weise mitteilen kann was ich tun kann.

Im Voraus schon einmal besten Dank!

Logfile of HijackThis v1.99.1
Scan saved at 17:04:39, on 25.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\evntsvc.exe
C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programme\Winamp\Winampa.exe
C:\Programme\AVPersonal\AVSCHED32.EXE
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\GEMEIN~1\Nokia\Services\SERVIC~1.EXE
C:\Programme\ATI Multimedia\RemCtrl\ATIX10.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\?ttrib.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Sitecom\Bluetooth Software\BTTray.exe
C:\Programme\Plextor\PlexIcon.exe
C:\Programme\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\JRGEN~1\LOKALE~1\Temp\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kspea.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\JRGEN~1\LOKALE~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {03CBC99D-816F-42BB-B585-AED0D80BDB89} - C:\WINDOWS\System32\jcja.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09F514D3-8915-AFCB-4F36-DB38003D92CE} - C:\WINDOWS\System32\hoiv.dll (file missing)
O2 - BHO: (no name) - {0BF514A9-8915-AACD-4F44-AC38733F92B8} - C:\WINDOWS\System32\hoiv.dll (file missing)
O2 - BHO: (no name) - {32E6B1AD-57DA-97FF-68F1-2FF8F480D770} - C:\WINDOWS\system32\javafz.dll (file missing)
O2 - BHO: (no name) - {444C94E1-5E74-72A6-7CE3-0395BAA5DDCB} - C:\WINDOWS\System32\cryz.dll (file missing)
O2 - BHO: (no name) - {7AC15FB6-9B7A-EDAC-2A63-9BDC3F3ABAC0} - C:\WINDOWS\System32\rrxee.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo Messenger\Messenger\ycomp.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [mfcgk.exe] C:\WINDOWS\mfcgk.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOKUME~1\JRGEN~1\LOKALE~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Programme\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [Nskf] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [Orsu] C:\Programme\ahie\wbmd.exe
O4 - Startup: AOM.lnk = ?
O4 - Startup: Outlook.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PlexTools Professional.lnk = C:\Programme\Plextor\PlexTool.exe
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Search - {8F98186A-B07A-4DB7-85FD-05657AE5B30A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int10.exe
O16 - DPF: {94C53FB6-01B7-4BA7-848B-E43D11B84F5F} (WEB.DE IE Drop-Upload) - http://labor.fotoservice.web.de/static/download/WDU_1251.cab
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt03.com/dialer/internazionale_ver11.CAB
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O18 - Filter: text/html - {C47EA604-15E6-44C0-B548-DBAC9C8E2224} - C:\WINDOWS\System32\jcja.dll
O18 - Filter: text/plain - {C47EA604-15E6-44C0-B548-DBAC9C8E2224} - C:\WINDOWS\System32\jcja.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: Remote Procedure Call (RPC) Helper (%AF夶À¨) - Unknown owner - C:\WINDOWS\msmf32.exe (file missing)


Pollux
Seitenanfang Seitenende
25.07.2005, 19:09
Gool
Member
Avatar Gool

Beiträge: 4730
#2 Servicepack 2 installieren, Firewall installieren (lohnt sich aber erst nach der Säuberung)!

Du bist ziemlich verseucht, aber mal schauen, ob's klappt.

Böse:

Zitat

C:\WINDOWS\System32\?ttrib.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\JRGEN~1\LOKALE~1\Temp\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kspea.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\JRGEN~1\LOKALE~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {03CBC99D-816F-42BB-B585-AED0D80BDB89} - C:\WINDOWS\System32\jcja.dll
O2 - BHO: (no name) - {09F514D3-8915-AFCB-4F36-DB38003D92CE} - C:\WINDOWS\System32\hoiv.dll (file missing)
O2 - BHO: (no name) - {0BF514A9-8915-AACD-4F44-AC38733F92B8} - C:\WINDOWS\System32\hoiv.dll (file missing)
O2 - BHO: (no name) - {32E6B1AD-57DA-97FF-68F1-2FF8F480D770} - C:\WINDOWS\system32\javafz.dll (file missing)
O2 - BHO: (no name) - {444C94E1-5E74-72A6-7CE3-0395BAA5DDCB} - C:\WINDOWS\System32\cryz.dll (file missing)
O2 - BHO: (no name) - {7AC15FB6-9B7A-EDAC-2A63-9BDC3F3ABAC0} - C:\WINDOWS\System32\rrxee.dll (file missing)
O4 - HKLM\..\Run: [mfcgk.exe] C:\WINDOWS\mfcgk.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOKUME~1\JRGEN~1\LOKALE~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [Nskf] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [Orsu] C:\Programme\ahie\wbmd.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int10.exe
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt03.com/dialer/internazionale_ver11.CAB
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O18 - Filter: text/html - {C47EA604-15E6-44C0-B548-DBAC9C8E2224} - C:\WINDOWS\System32\jcja.dll
O18 - Filter: text/plain - {C47EA604-15E6-44C0-B548-DBAC9C8E2224} - C:\WINDOWS\System32\jcja.dll
O23 - Service: Remote Procedure Call (RPC) Helper (%AF夶À¨) - Unknown owner - C:\WINDOWS\msmf32.exe (file missing)
Also, einiges kannst Du vermutlich schon mit HJT fixen (Häkchen vor den entsprechenden Eintrag und dann auf den Button "Fix checked" klicken).

Andere Sachen wirst Du nur mit etwas mehr Aufwand los. Am besten ist es, Du startest den PC im abgesicherten Modus und fixt von dort aus die genannten Einträge. Dann verwendest Du Killbox und lässt damit die übrig gebliebenen Einträge löschen (Delete on Reboot).

Wie schon gesagt, wird das vermutlich nicht zur Problemlösung führen. Verwende deshalb noch eScanCheck und poste ein Log, wie in dem Link beschrieben.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
25.07.2005, 19:11
joschi
Moderator
Avatar joschi

Beiträge: 6466
#3 Schau Dir mal die Auswertung an und überlege, ob es nicht besser ist, das System neu aufzusetzen !?
http://www.hijackthis.de/logfiles/094f0356499ca681784bb32a63bf87e3.html
Anleitung gibts hier am Board.
__________
Durchsuchen --> Aussuchen --> Untersuchen
Seitenanfang Seitenende
26.07.2005, 19:56
Pollux_
...neu hier

Themenstarter

Beiträge: 2
#4 Zunächst möchte ich mich einmal für die sehr schnelle Antwort auf meine Anfrage bedanken!
Ich hoffe, dass ich soweit all das gefixt habe was notwemndig war.
Nachstehend habe ich nun das LOG, welches von eScan erstellt wurde, aufgeführt.
Es währe schön, wenn ich hierzu auch noch eine entsprechende Anmerkung bekommen könnte.

--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Tue Jul 26 18:22:00 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
2: Tue Jul 26 18:22:02 2005 => System found infected with Roings Spyware/Adware (objsafe.tlb)! Action taken: No Action Taken.
3: Tue Jul 26 18:23:34 2005 => File C:\WINDOWS\msxmidi.exe infected by "Trojan-Downloader.Win32.Small.zo" Virus! Action Taken: No Action Taken.
4: Tue Jul 26 18:36:47 2005 => File C:\msinfo.exe infected by "Trojan-Downloader.Win32.Small.zo" Virus! Action Taken: No Action Taken.
5: Tue Jul 26 18:46:43 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
6: Tue Jul 26 18:46:43 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\WINUPDT[1].EXE.VIR [**]
7: Tue Jul 26 18:50:48 2005 => File C:\Programme\HiJackThis\backups\backup-20050726-171638-342.dll infected by "Trojan.Win32.StartPage.qr" Virus! Action Taken: No Action Taken.
8: Tue Jul 26 19:05:12 2005 => File C:\Programme\Windows Media Player\wmplayer.exe.tmp infected by "Trojan-Downloader.Win32.Small.apm" Virus! Action Taken: No Action Taken.
9: Tue Jul 26 19:11:42 2005 => File C:\WINDOWS\msxmidi.exe infected by "Trojan-Downloader.Win32.Small.zo" Virus! Action Taken: No Action Taken.

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Tue Jul 26 18:36:27 2005 => Scanning File C:\MAGIX\Media_Manager_2004\Icons\Tagged Image File Format.ico [**]
2: Tue Jul 26 18:44:48 2005 => File C:\Programme\ahie\wbmd.exe tagged as "not-a-virus:AdWare.PurityScan.ap". Action Taken: No Action Taken.
3: Tue Jul 26 18:47:57 2005 => File C:\Programme\DashBar\DbAu.exe tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
4: Tue Jul 26 19:05:41 2005 => File C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx tagged as "not-a-virus:AdWare.MediaTickets.f". Action Taken: No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Tue Jul 26 18:21:34 2005 => ERROR!!! Invalid Entry {EF99BD32-C1FB-11D2-892F-0090271D4F88} = C:\Programme\Yahoo Messenger\Messenger\ycomp.dll (in key SOFTWARE\Microsoft\Internet Explorer\Toolbar). No Action Taken.
2: Tue Jul 26 18:21:40 2005 => ERROR!!! Invalid Entry {C37ED581-9659-4887-9DD1-BF677177266B} = C:\WINDOWS\System32\Q12903343.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
3: Tue Jul 26 18:21:50 2005 => ERROR!!! Invalid Entry \SystemRoot\SYSTEM32\DRIVERS\CINEMSUP.SYS in SYSTEM\CurrentControlSet\Services\CINEMSUP...
4: Tue Jul 26 18:21:58 2005 => ERROR!!! Invalid Entry C:\WINDOWS\msmf32.exe /s in SYSTEM\CurrentControlSet\Services\ %AFå ¤À¨...
5: Tue Jul 26 18:22:04 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1101.dll". Action Taken: No Action Taken.
6: Tue Jul 26 18:22:04 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1101.dll". Action Taken: No Action Taken.
7: Tue Jul 26 18:22:04 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1101.dll". Action Taken: No Action Taken.
8: Tue Jul 26 18:22:04 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll". Action Taken: No Action Taken.
9: Tue Jul 26 18:22:04 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\internazionale_ver10.ocx". Action Taken: No Action Taken.
10: Tue Jul 26 18:22:04 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\internazionale_ver11.ocx". Action Taken: No Action Taken.
11: Tue Jul 26 18:22:04 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\internazionale_ver15.ocx". Action Taken: No Action Taken.
12: Tue Jul 26 18:22:04 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\internazionale_ver4.ocx". Action Taken: No Action Taken.
13: Tue Jul 26 18:22:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WEBDEDnDUpload.ocx". Action Taken: No Action Taken.
14: Tue Jul 26 18:22:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinAdCtlX.dll". Action Taken: No Action Taken.
15: Tue Jul 26 18:22:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\internazionale_ver4.ocx". Action Taken: No Action Taken.
16: Tue Jul 26 18:22:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll". Action Taken: No Action Taken.
17: Tue Jul 26 18:22:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1101.dll". Action Taken: No Action Taken.
18: Tue Jul 26 18:22:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\\covered-jpn.nls". Action Taken: No Action Taken.
19: Tue Jul 26 18:22:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken.
20: Tue Jul 26 18:22:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1101.dll". Action Taken: No Action Taken.
21: Tue Jul 26 18:22:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1101.dll". Action Taken: No Action Taken.
22: Tue Jul 26 18:22:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\internazionale_ver10.ocx". Action Taken: No Action Taken.
23: Tue Jul 26 18:22:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\internazionale_ver11.ocx". Action Taken: No Action Taken.
24: Tue Jul 26 18:22:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\internazionale_ver15.ocx". Action Taken: No Action Taken.
25: Tue Jul 26 18:22:14 2005 => Entry "HKCR\CLSID\{00021120-0000-0000-C000-000000000046}" refers to invalid object "C:\Programme\Microsoft Office\Office\1031\fvfxs.dll". Action Taken: No Action Taken.
26: Tue Jul 26 18:22:17 2005 => Entry "HKCR\CLSID\{0DED49D5-A8B7-4d5d-97A1-12B0C195874D}" refers to invalid object "BdaPlgin.ax". Action Taken: No Action Taken.
27: Tue Jul 26 18:22:21 2005 => Entry "HKCR\CLSID\{3D5D83B0-47DC-4862-93D6-3E827A14AED1}" refers to invalid object "C:\Programme\Yahoo!\Shared\YbSkin2.dll". Action Taken: No Action Taken.
28: Tue Jul 26 18:22:24 2005 => Entry "HKCR\CLSID\{567DB2D4-9B01-4EBF-9FFA-543491BF3379}" refers to invalid object "D:\PJStream.dll". Action Taken: No Action Taken.
29: Tue Jul 26 18:22:25 2005 => Entry "HKCR\CLSID\{649D583D-3401-11D1-8C47-0080C7C43E7F}" refers to invalid object "C:\Programme\Microsoft Office\Office\1031\wfxrstrz.dll". Action Taken: No Action Taken.
30: Tue Jul 26 18:22:26 2005 => Entry "HKCR\CLSID\{6E5526E3-4B91-11d4-876F-005004BCDA99}" refers to invalid object "D:\PJStream.dll". Action Taken: No Action Taken.
31: Tue Jul 26 18:22:26 2005 => Entry "HKCR\CLSID\{6E5526E4-4B91-11d4-876F-005004BCDA99}" refers to invalid object "D:\PJStream.dll". Action Taken: No Action Taken.
32: Tue Jul 26 18:22:28 2005 => Entry "HKCR\CLSID\{86FC1FD1-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "D:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.
33: Tue Jul 26 18:22:28 2005 => Entry "HKCR\CLSID\{86FC1FD3-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "D:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.
34: Tue Jul 26 18:22:29 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
35: Tue Jul 26 18:22:30 2005 => Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken.
36: Tue Jul 26 18:22:32 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
37: Tue Jul 26 18:22:34 2005 => Entry "HKCR\CLSID\{C37ED581-9659-4887-9DD1-BF677177266B}" refers to invalid object "C:\WINDOWS\System32\Q12903343.dll". Action Taken: No Action Taken.
38: Tue Jul 26 18:22:34 2005 => Entry "HKCR\CLSID\{C47EA604-15E6-44C0-B548-DBAC9C8E2224}" refers to invalid object "C:\WINDOWS\System32\jcja.dll". Action Taken: No Action Taken.
39: Tue Jul 26 18:22:35 2005 => Entry "HKCR\CLSID\{D19781C5-2051-44F8-8445-DDC82933C191}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\internazionale_ver11.ocx". Action Taken: No Action Taken.
40: Tue Jul 26 18:22:36 2005 => Entry "HKCR\CLSID\{D3B06B05-3667-4175-B2D2-D54DCED5E9F1}" refers to invalid object "C:\MAGIX\Fotos_auf_CD_DVD2_dlx\dscapture.ax". Action Taken: No Action Taken.
41: Tue Jul 26 18:22:36 2005 => Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
42: Tue Jul 26 18:22:38 2005 => Entry "HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" refers to invalid object "C:\Programme\Yahoo Messenger\Messenger\ycomp.dll". Action Taken: No Action Taken.
43: Tue Jul 26 18:22:39 2005 => Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
44: Tue Jul 26 18:22:40 2005 => Entry "HKCR\CLSID\{FACF11A2-5095-11D3-A9DE-00C0268E5C48}" refers to invalid object "D:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.
45: Tue Jul 26 18:22:40 2005 => Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
46: Tue Jul 26 18:22:40 2005 => Entry "HKCR\CLSID\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}" refers to invalid object "BdaPlgin.ax". Action Taken: No Action Taken.
47: Tue Jul 26 18:22:45 2005 => Entry "HKCR\Automatische Zuordnung.Map.EU" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
48: Tue Jul 26 18:22:45 2005 => Entry "HKCR\Automatische Zuordnung.Map.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
49: Tue Jul 26 18:22:45 2005 => Entry "HKCR\Automatische Zuordnung.Template.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
50: Tue Jul 26 18:23:08 2005 => Entry "HKCR\VacPro.internazionale_ver10" refers to invalid object "{AD0B8220-7DA4-4C0A-8532-B25A9F631D3D}". Action Taken: No Action Taken.
51: Tue Jul 26 18:23:10 2005 => Entry "HKCR\YBIOCtrl.CompanionBHO.4" refers to invalid object "{02478D38-C3F9-4efb-9B51-7695ECA05670}". Action Taken: No Action Taken.
52: Tue Jul 26 18:26:30 2005 => Result: ERROR!!! File C:\WINDOWS\System32\?ttrib.exe: Scanning Failure!!!
53: Tue Jul 26 18:26:30 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\System32\?ttrib.exe
54: Tue Jul 26 18:27:04 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip is Not Scanned
55: Tue Jul 26 18:27:04 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearch.zip is Not Scanned
56: Tue Jul 26 18:27:04 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchAffWinshow.zip is Not Scanned
57: Tue Jul 26 18:27:05 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchAffWinshow1.zip is Not Scanned
58: Tue Jul 26 18:27:05 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatDLL.zip is Not Scanned
59: Tue Jul 26 18:27:05 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatDLL1.zip is Not Scanned
60: Tue Jul 26 18:27:05 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatDLL2.zip is Not Scanned
61: Tue Jul 26 18:27:05 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller.zip is Not Scanned
62: Tue Jul 26 18:27:05 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller1.zip is Not Scanned
63: Tue Jul 26 18:27:05 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller2.zip is Not Scanned
64: Tue Jul 26 18:27:05 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller3.zip is Not Scanned
65: Tue Jul 26 18:27:05 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller4.zip is Not Scanned
66: Tue Jul 26 18:27:05 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller5.zip is Not Scanned
67: Tue Jul 26 18:27:05 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems.zip is Not Scanned
68: Tue Jul 26 18:27:06 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit.zip is Not Scanned
69: Tue Jul 26 18:27:06 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit1.zip is Not Scanned
70: Tue Jul 26 18:27:06 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit2.zip is Not Scanned
71: Tue Jul 26 18:27:06 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit3.zip is Not Scanned
72: Tue Jul 26 18:27:06 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit4.zip is Not Scanned
73: Tue Jul 26 18:27:06 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip is Not Scanned
74: Tue Jul 26 18:27:06 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar.zip is Not Scanned
75: Tue Jul 26 18:27:06 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar1.zip is Not Scanned
76: Tue Jul 26 18:27:06 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar10.zip is Not Scanned
77: Tue Jul 26 18:27:06 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar11.zip is Not Scanned
78: Tue Jul 26 18:27:06 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar12.zip is Not Scanned
79: Tue Jul 26 18:27:06 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar2.zip is Not Scanned
80: Tue Jul 26 18:27:06 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar3.zip is Not Scanned
81: Tue Jul 26 18:27:07 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar4.zip is Not Scanned
82: Tue Jul 26 18:27:07 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar5.zip is Not Scanned
83: Tue Jul 26 18:27:07 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar6.zip is Not Scanned
84: Tue Jul 26 18:27:07 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar7.zip is Not Scanned
85: Tue Jul 26 18:27:07 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar8.zip is Not Scanned
86: Tue Jul 26 18:27:07 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar9.zip is Not Scanned
87: Tue Jul 26 18:27:07 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator.zip is Not Scanned
88: Tue Jul 26 18:27:07 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator1.zip is Not Scanned
89: Tue Jul 26 18:27:07 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator10.zip is Not Scanned
90: Tue Jul 26 18:27:08 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator12.zip is Not Scanned
91: Tue Jul 26 18:27:08 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator13.zip is Not Scanned
92: Tue Jul 26 18:27:08 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator14.zip is Not Scanned
93: Tue Jul 26 18:27:08 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator15.zip is Not Scanned
94: Tue Jul 26 18:27:09 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator16.zip is Not Scanned
95: Tue Jul 26 18:27:09 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator17.zip is Not Scanned
96: Tue Jul 26 18:27:09 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator18.zip is Not Scanned
97: Tue Jul 26 18:27:09 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator19.zip is Not Scanned
98: Tue Jul 26 18:27:09 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator2.zip is Not Scanned
99: Tue Jul 26 18:27:09 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator20.zip is Not Scanned
100: Tue Jul 26 18:27:09 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator3.zip is Not Scanned
101: Tue Jul 26 18:27:09 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator4.zip is Not Scanned
102: Tue Jul 26 18:27:09 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator5.zip is Not Scanned
103: Tue Jul 26 18:27:09 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator6.zip is Not Scanned
104: Tue Jul 26 18:27:09 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator8.zip is Not Scanned
105: Tue Jul 26 18:27:09 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator9.zip is Not Scanned
106: Tue Jul 26 18:27:09 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Roings.zip is Not Scanned
107: Tue Jul 26 18:27:09 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Roings1.zip is Not Scanned
108: Tue Jul 26 18:27:10 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Roings2.zip is Not Scanned
109: Tue Jul 26 18:27:10 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Roings3.zip is Not Scanned
110: Tue Jul 26 18:27:10 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Roings4.zip is Not Scanned
111: Tue Jul 26 18:27:10 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Roings5.zip is Not Scanned
112: Tue Jul 26 18:27:10 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Roings6.zip is Not Scanned
113: Tue Jul 26 18:27:10 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Targetsaver.zip is Not Scanned
114: Tue Jul 26 18:27:10 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\TIBS.zip is Not Scanned
115: Tue Jul 26 18:27:10 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\TIBS1.zip is Not Scanned
116: Tue Jul 26 18:27:10 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\TIBS2.zip is Not Scanned
117: Tue Jul 26 18:27:10 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WebRebatesTopRebates.zip is Not Scanned
118: Tue Jul 26 19:21:50 2005 => Result: ERROR!!! File C:\WINDOWS\system32\?ttrib.exe: Scanning Failure!!!
119: Tue Jul 26 19:21:50 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\?ttrib.exe

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\WINDOWS\msxmidi.exe => Trojan-Downloader.Win32.Small.zo
2: C:\msinfo.exe => Trojan-Downloader.Win32.Small.zo
3: C:\Programme\HiJackThis\backups\backup-20050726-171638-342.dll => Trojan.Win32.StartPage.qr
4: C:\Programme\Windows Media Player\wmplayer.exe.tmp => Trojan-Downloader.Win32.Small.apm

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Tue Jul 26 19:26:25 2005 => Total Objects Scanned: 100419
Tue Jul 26 19:26:25 2005 => Total Virus(es) Found: 14
Tue Jul 26 19:26:25 2005 => Total Errors: 117
Tue Jul 26 19:26:25 2005 => Virus Database Date: 2005/07/26
Tue Jul 26 19:26:25 2005 => Virus Database Count: 140002
Tue Jul 26 19:37:38 2005 => Total Objects Scanned: 100419
Tue Jul 26 19:37:38 2005 => Total Virus(es) Found: 14
Tue Jul 26 19:37:38 2005 => Total Errors: 117

mfg
Seitenanfang Seitenende
28.07.2005, 11:40
DERSIM62
...neu hier

Beiträge: 1
#5 Hallo Leute ...bin neu hier. Habe auch genau daselbe problem....

kann mir jemand helfen...bitte!

Logfile of HijackThis v1.99.1
Scan saved at 11:28:28, on 28.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\Save\Save.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINDOWS\System32\qunehv19.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Dokumente und Einstellungen\ALI MURAT VURAL\Desktop\ANTIVIRWORM\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\ALIMUR~1\LOKALE~1\Temp\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\ALIMUR~1\LOKALE~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ED6068F-3152-491B-8AE7-1710DB848E4B} - C:\WINDOWS\System32\ndfc.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [qunehv19] C:\WINDOWS\System32\qunehv19.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOKUME~1\ALIMUR~1\LOKALE~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [WeatherCast] "C:\Programme\WeatherCast\Weather.exe" /q
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O18 - Filter: text/html - {D7661D2D-2E9E-46B7-A2F3-3A3A05B6DE9F} - C:\WINDOWS\System32\ndfc.dll
O18 - Filter: text/plain - {D7661D2D-2E9E-46B7-A2F3-3A3A05B6DE9F} - C:\WINDOWS\System32\ndfc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe





DANKE VORAB!
Seitenanfang Seitenende
28.07.2005, 12:45
Gool
Member
Avatar Gool

Beiträge: 4730
#6 Also, Du hast nicht dasselbe Problem, sondern nur ein ähnliches (zumindest den Symptomen nach). Und eine Neuinstallation ist Dir momentan nicht ganz so dringend zu empfehlen.

Zitat

C:\PROGRA~1\Save\Save.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINDOWS\System32\qunehv19.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\ALIMUR~1\LOKALE~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\ALIMUR~1\LOKALE~1\Temp\se.dll/space.html
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [qunehv19] C:\WINDOWS\System32\qunehv19.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOKUME~1\ALIMUR~1\LOKALE~1\Temp\se.dll,DllInstall
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O18 - Filter: text/html - {D7661D2D-2E9E-46B7-A2F3-3A3A05B6DE9F} - C:\WINDOWS\System32\ndfc.dll
O18 - Filter: text/plain - {D7661D2D-2E9E-46B7-A2F3-3A3A05B6DE9F} - C:\WINDOWS\System32\ndfc.dll
Zunächst sollte mal festgestellt werden, was das genau ist:
C:\PROGRA~1\Save\Save.exe
C:\WINDOWS\System32\qunehv19.exe

Dazu wirf die Dateien bitte bei http://www.virustotal.com ein.

Mache anschließend einen neuen Thread auf, weil sich das sonst hier kreuzt und wir durcheinander kommen.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
28.07.2005, 12:58
Gool
Member
Avatar Gool

Beiträge: 4730
#7 An Pollux:

Einiges solltest Du bereits mit Spybot S&D entfernen können

Systemwiederherstellung ausschalten, im abgesicherten Modus starten und dort ggf. mit Killbox (Delete on Reboot) folgende Dateien löschen:

3: Tue Jul 26 18:23:34 2005 => File C:\WINDOWS\msxmidi.exe infected by "Trojan-Downloader.Win32.Small.zo" Virus! Action Taken: No Action Taken.
4: Tue Jul 26 18:36:47 2005 => File C:\msinfo.exe infected by "Trojan-Downloader.Win32.Small.zo" Virus! Action Taken: No Action Taken.
7: Tue Jul 26 18:50:48 2005 => File C:\Programme\HiJackThis\backups\backup-20050726-171638-342.dll infected by "Trojan.Win32.StartPage.qr" Virus! Action Taken: No Action Taken.
8: Tue Jul 26 19:05:12 2005 => File C:\Programme\Windows Media Player\wmplayer.exe.tmp infected by "Trojan-Downloader.Win32.Small.apm" Virus! Action Taken: No Action Taken.
9: Tue Jul 26 19:11:42 2005 => File C:\WINDOWS\msxmidi.exe infected by "Trojan-Downloader.Win32.Small.zo" Virus! Action Taken: No Action Taken.
--
2: Tue Jul 26 18:44:48 2005 => File C:\Programme\ahie\wbmd.exe tagged as "not-a-virus:AdWare.PurityScan.ap". Action Taken: No Action Taken.
3: Tue Jul 26 18:47:57 2005 => File C:\Programme\DashBar\DbAu.exe tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
4: Tue Jul 26 19:05:41 2005 => File C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx tagged as "not-a-virus:AdWare.MediaTickets.f". Action Taken: No Action Taken.

53: Tue Jul 26 18:26:30 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\System32\?ttrib.exe

Dass Du hier die richtige Datei findest, ist sehr wichtig. Es handelt sich jedenfalls nicht um die "Attrib.exe", sofern diese folgende Kriterien erfüllt ->
Dateiversion: 5.1.2600.0 (xpclient.010817-1148)
MD5-Hash: a9885a12349db18b9f5fbde48c9e0fb0
(nur um sicherzugehen, ob die Datei nicht infiziert ist)
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1