Home » Spyware & Browser Hijacker Support Forum » Hab das Trojan Horse "trojan-downloader-zlob" ,lässt sich nicht entfernen » Themenansicht
Hab das Trojan Horse "trojan-downloader-zlob" ,lässt sich nicht entfernenThema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
26.09.2005, 19:26
...neu hier
Beiträge: 1 |
||
 
|
|
|
|
27.09.2005, 00:06
Member
 Beiträge: 4730 |
#2
Fixe mit HijackThis (HJT) folgenden Eintrag:
O4 - HKLM\..\Run: [ScanRegistry] C:\W Setze dazu ein Häkchen und klicke anschließend auf "fix checked". Starte in den abgesicherten Modus und lösche C:\W Lade eScanCheck und scanne Dein System. Poste uns das Ergebnis: http://managor.de/escan.htm __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
|
|
|
|
28.09.2005, 13:53
...neu hier
Beiträge: 5 |
#3
hallo!
bin neu hier und leider auch ein wenig unerfahren, was computer angeht. ich habe allerdings genau das gleiche problem wie Team.Killer. mein logfile Logfile of HijackThis v1.99.1 Scan saved at 13:59:18, on 28.09.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe D:\Antivirenzeug\AVGUARD.EXE D:\Antivirenzeug\AVWUPSRV.EXE C:\WINDOWS\system32\svchost.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Arcade\PCMService.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\alg.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Launch Manager\QtZgAcer.EXE D:\Winamp\winampa.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe D:\Antivirenzeug\AVGNT.EXE D:\ANTIVI~1\WINPAT~1\winpatrol.exe C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Mozilla Firefox\firefox.exe D:\Antivirenzeug\neuer versuch\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\ICQToolbar\toolbaru.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programme\Gemeinsame Dateien\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVGCtrl] "D:\Antivirenzeug\AVGNT.EXE" /min O4 - HKLM\..\Run: [WinPatrol] d:\ANTIVI~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\icq\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\icq\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = uni-giessen.de O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = uni-giessen.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = uni-giessen.de O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Antivirenzeug\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Antivirenzeug\AVWUPSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe hoffe mir kann da jemand ähnlich schnell weiterhelfen! vielen tausend dank! Dieser Beitrag wurde am 28.09.2005 um 14:02 Uhr von der Stopfen editiert.
|
|
|
|
|
|
|
28.09.2005, 14:57
Member
Beiträge: 4730 |
#4
Hallo der Stopfen,
deinstalliere AntiVir. Du hast Norton AntiVirus drauf. Mehr als einen Virenscanner installiert zu haben ist nicht gut. Lade eScanCheck und scanne Dein System. Poste uns das Ergebnis: http://managor.de/escan.htm __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
|
|
|
|
28.09.2005, 15:15
...neu hier
Beiträge: 5 |
#5
hallo managor!
danke für die schnelle antwort! habe antivir nur auf dem rechner, weil mein norton antivirus-update abgelaufen ist und ich kein geld habe für ein antivirenabonnement. ich weiß, fahrlässig ... folgende probleme noch: antivir meldet mir iren, bzw. spuren davon im verszeichnis von echeck und der trojaner-downloader-zlob scheint imer noch nicht gelöscht zu sein ... vielleicht hilft dir mein escan ergebnis: -------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Wed Sep 28 14:41:15 2005 => File C:\WINDOWS\system32\mscornet.exe infected by "Trojan-Downloader.Win32.Zlob.aq" Virus! Action Taken: No Action Taken. 2: Wed Sep 28 14:41:36 2005 => Offending file found: C:\WINDOWS\uninstall.ini 3: Wed Sep 28 14:41:36 2005 => System found infected with whistlesoftware Spyware/Adware (uninstall.ini)! Action taken: No Action Taken. 4: Wed Sep 28 14:41:37 2005 => Offending file found: C:\DOKUME~1\EXTENS~1\LOKALE~1\Temp\skin.ini 5: Wed Sep 28 14:41:37 2005 => System found infected with tencent qq Spyware/Adware (skin.ini)! Action taken: No Action Taken. 6: Wed Sep 28 14:41:37 2005 => Offending file found: C:\DOKUME~1\EXTENS~1\LOKALE~1\Temp\insthelp.dll 7: Wed Sep 28 14:41:37 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken. 8: Wed Sep 28 14:41:40 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temp\skin.ini 9: Wed Sep 28 14:41:40 2005 => System found infected with tencent qq Spyware/Adware (skin.ini)! Action taken: No Action Taken. 10: Wed Sep 28 14:41:40 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temp\insthelp.dll 11: Wed Sep 28 14:41:40 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken. 12: Wed Sep 28 14:41:40 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temp\outlook logging\firstrun.log 13: Wed Sep 28 14:41:40 2005 => System found infected with clientman Spyware/Adware (firstrun.log)! Action taken: No Action Taken. 14: Wed Sep 28 14:41:40 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temporary internet files\content.ie5\i1gts3iz\common[1].js 15: Wed Sep 28 14:41:40 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 16: Wed Sep 28 14:41:40 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temporary internet files\content.ie5\i1gts3iz\formie[1].css 17: Wed Sep 28 14:41:40 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken. 18: Wed Sep 28 14:41:40 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temporary internet files\content.ie5\i1gts3iz\aol[1].htm 19: Wed Sep 28 14:41:40 2005 => System found infected with whenu.savenow Spyware/Adware (aol[1].htm)! Action taken: No Action Taken. 20: Wed Sep 28 14:41:40 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temporary internet files\content.ie5\s349opkf\common[1].js 21: Wed Sep 28 14:41:40 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 22: Wed Sep 28 14:41:40 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temporary internet files\content.ie5\s349opkf\aol[1].htm 23: Wed Sep 28 14:41:40 2005 => System found infected with whenu.savenow Spyware/Adware (aol[1].htm)! Action taken: No Action Taken. 24: Wed Sep 28 14:41:40 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temporary internet files\content.ie5\s349opkf\show_ads[2].js 25: Wed Sep 28 14:41:40 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. 26: Wed Sep 28 14:41:40 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temporary internet files\content.ie5\s349opkf\aol[2].htm 27: Wed Sep 28 14:41:40 2005 => System found infected with whenu.savenow Spyware/Adware (aol[2].htm)! Action taken: No Action Taken. 28: Wed Sep 28 14:41:40 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temporary internet files\content.ie5\w1yzs1ab\common[1].js 29: Wed Sep 28 14:41:40 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 30: Wed Sep 28 14:41:40 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temporary internet files\content.ie5\w1yzs1ab\blank[1].htm 31: Wed Sep 28 14:41:40 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. 32: Wed Sep 28 14:41:40 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temporary internet files\content.ie5\w1yzs1ab\adswrapper[1].js 33: Wed Sep 28 14:41:40 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken. 34: Wed Sep 28 14:41:40 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temporary internet files\content.ie5\w1yzs1ab\aol[1].htm 35: Wed Sep 28 14:41:40 2005 => System found infected with whenu.savenow Spyware/Adware (aol[1].htm)! Action taken: No Action Taken. 36: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temporary internet files\content.ie5\8tev8tur\common[1].js 37: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 38: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temporary internet files\content.ie5\8tev8tur\aol[2].htm 39: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (aol[2].htm)! Action taken: No Action Taken. 40: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temporary internet files\content.ie5\8tev8tur\blank[1].htm 41: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. 42: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\temporary internet files\content.ie5\8tev8tur\aol[1].htm 43: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (aol[1].htm)! Action taken: No Action Taken. 44: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\Temporary Internet Files\content.ie5\i1gts3iz\common[1].js 45: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 46: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\Temporary Internet Files\content.ie5\i1gts3iz\formie[1].css 47: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken. 48: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\Temporary Internet Files\content.ie5\i1gts3iz\aol[1].htm 49: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (aol[1].htm)! Action taken: No Action Taken. 50: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\Temporary Internet Files\content.ie5\s349opkf\common[1].js 51: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 52: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\Temporary Internet Files\content.ie5\s349opkf\aol[1].htm 53: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (aol[1].htm)! Action taken: No Action Taken. 54: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\Temporary Internet Files\content.ie5\s349opkf\show_ads[2].js 55: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. 56: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\Temporary Internet Files\content.ie5\s349opkf\aol[2].htm 57: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (aol[2].htm)! Action taken: No Action Taken. 58: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\Temporary Internet Files\content.ie5\w1yzs1ab\common[1].js 59: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 60: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\Temporary Internet Files\content.ie5\w1yzs1ab\blank[1].htm 61: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. 62: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\Temporary Internet Files\content.ie5\w1yzs1ab\adswrapper[1].js 63: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken. 64: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\Temporary Internet Files\content.ie5\w1yzs1ab\aol[1].htm 65: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (aol[1].htm)! Action taken: No Action Taken. 66: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\Temporary Internet Files\content.ie5\8tev8tur\common[1].js 67: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 68: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\Temporary Internet Files\content.ie5\8tev8tur\aol[2].htm 69: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (aol[2].htm)! Action taken: No Action Taken. 70: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\Temporary Internet Files\content.ie5\8tev8tur\blank[1].htm 71: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. 72: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Extensa3000wlmi\Lokale Einstellungen\Temporary Internet Files\content.ie5\8tev8tur\aol[1].htm 73: Wed Sep 28 14:41:41 2005 => System found infected with whenu.savenow Spyware/Adware (aol[1].htm)! Action taken: No Action Taken. 74: Wed Sep 28 14:41:41 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat 75: Wed Sep 28 14:41:41 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken. 76: Wed Sep 28 14:41:42 2005 => Offending file found: C:\WINDOWS\iun6002.exe 77: Wed Sep 28 14:41:42 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken. 78: Wed Sep 28 14:41:57 2005 => File C:\WINDOWS\q73188309.dll infected by "Trojan-Downloader.Win32.Delf.wp" Virus! Action Taken: No Action Taken. 79: Wed Sep 28 14:42:48 2005 => File C:\WINDOWS\system32\msvol.tlb infected by "HackTool.Win32.Hidd.n" Virus! Action Taken: No Action Taken. 80: Wed Sep 28 14:43:00 2005 => File C:\WINDOWS\system32\WININET.DLL.VIR infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. 81: Wed Sep 28 14:47:32 2005 => File C:\WINDOWS\system32\msvol.tlb infected by "HackTool.Win32.Hidd.n" Virus! Action Taken: No Action Taken. 82: Wed Sep 28 14:47:50 2005 => File C:\WINDOWS\system32\WININET.DLL.VIR infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. 83: Wed Sep 28 14:51:12 2005 => File C:\WINDOWS\q73188309.dll infected by "Trojan-Downloader.Win32.Delf.wp" Virus! Action Taken: No Action Taken. 84: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6BF64CB0.class infected by "Trojan.Java.ClassLoader.ak" Virus! Action Taken: No Action Taken. 85: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2D45475E.class infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. 86: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2D83651A.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus! Action Taken: No Action Taken. 87: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2D9D34FD.class infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. 88: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4DF63BE6.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. 89: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4E0039DB.class infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. 90: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4E100BC9.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus! Action Taken: No Action Taken. 91: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4E1A09BF.class infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. 92: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\49F43D8A.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. 93: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4A12376A.class infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. 94: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4A465731.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus! Action Taken: No Action Taken. 95: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4A5D7D17.class infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. 96: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7CCF4AB8.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. 97: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4156574F.class infected by "Trojan.Java.Binny.a" Virus! Action Taken: No Action Taken. 98: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\09694838.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. 99: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\09701C31.class infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. 100: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\097D4422.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus! Action Taken: No Action Taken. 101: Wed Sep 28 14:56:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\09806E1F.class infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. 102: Wed Sep 28 14:57:27 2005 => File C:\System Volume Information\_restore{18A3BEE4-69C8-4613-BC76-0027E40DCE5D}\RP157\A0030772.tlb infected by "HackTool.Win32.Hidd.n" Virus! Action Taken: No Action Taken. 103: Wed Sep 28 14:57:27 2005 => File C:\System Volume Information\_restore{18A3BEE4-69C8-4613-BC76-0027E40DCE5D}\RP157\A0030788.tlb infected by "HackTool.Win32.Hidd.n" Virus! Action Taken: No Action Taken. 104: Wed Sep 28 14:57:28 2005 => File C:\System Volume Information\_restore{18A3BEE4-69C8-4613-BC76-0027E40DCE5D}\RP157\A0030803.tlb infected by "HackTool.Win32.Hidd.n" Virus! Action Taken: No Action Taken. 105: Wed Sep 28 14:57:28 2005 => File C:\System Volume Information\_restore{18A3BEE4-69C8-4613-BC76-0027E40DCE5D}\RP157\A0030792.EXE.VIR infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken. 106: Wed Sep 28 14:57:28 2005 => File C:\System Volume Information\_restore{18A3BEE4-69C8-4613-BC76-0027E40DCE5D}\RP157\A0030805.DLL.VIR infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken. 107: Wed Sep 28 14:57:28 2005 => File C:\System Volume Information\_restore{18A3BEE4-69C8-4613-BC76-0027E40DCE5D}\RP157\A0030808.EXE.VIR infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken. 108: Wed Sep 28 14:57:28 2005 => File C:\System Volume Information\_restore{18A3BEE4-69C8-4613-BC76-0027E40DCE5D}\RP157\A0030832.tlb infected by "HackTool.Win32.Hidd.n" Virus! Action Taken: No Action Taken. 109: Wed Sep 28 14:59:24 2005 => Scanning Folder: D:\Antivirenzeug\INFECTED\*.* -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Wed Sep 28 14:41:06 2005 => ERROR!!! Invalid Entry {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = C:\Programme\Norton AntiVirus\NavShExt.dll (in key SOFTWARE\Microsoft\Internet Explorer\Toolbar). No Action Taken. 2: Wed Sep 28 14:41:06 2005 => ERROR!!! Invalid Entry {EF99BD32-C1FB-11D2-892F-0090271D4F88} = C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (in key SOFTWARE\Microsoft\Internet Explorer\Toolbar). No Action Taken. 3: Wed Sep 28 14:41:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken. 4: Wed Sep 28 14:41:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken. 5: Wed Sep 28 14:41:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\xvid.ax". Action Taken: No Action Taken. 6: Wed Sep 28 14:41:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\xvidcore.dll". Action Taken: No Action Taken. 7: Wed Sep 28 14:41:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\system32\cmmgr32.exe". Action Taken: No Action Taken. 8: Wed Sep 28 14:41:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ecs_setup.exe" refers to invalid object "C:\Programme\Sony Ericsson\ecs_setup.exe". Action Taken: No Action Taken. 9: Wed Sep 28 14:41:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Programme\ATI Technologies\ATI Control Panel\setup.exe". Action Taken: No Action Taken. 10: Wed Sep 28 14:41:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\Programme\ATI Multimedia\yourapp.Exe". Action Taken: No Action Taken. 11: Wed Sep 28 14:41:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\NewTech Infosystems\NTI CD-Maker\Default\FileCD\". Action Taken: No Action Taken. 12: Wed Sep 28 14:41:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\NewTech Infosystems\NTI CD-Maker\Default\". Action Taken: No Action Taken. 13: Wed Sep 28 14:41:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\NTI CD & DVD-Maker\". Action Taken: No Action Taken. 14: Wed Sep 28 14:41:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\NewTech Infosystems\NTI Backup NOW! 3\Default\". Action Taken: No Action Taken. 15: Wed Sep 28 14:41:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Jasc Software\". Action Taken: No Action Taken. 16: Wed Sep 28 14:41:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Jasc Software\Hilfsprogramme\". Action Taken: No Action Taken. 17: Wed Sep 28 14:41:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office\Microsoft Office Tools\". Action Taken: No Action Taken. 18: Wed Sep 28 14:41:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office\". Action Taken: No Action Taken. 19: Wed Sep 28 14:41:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton AntiVirus\". Action Taken: No Action Taken. 20: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".acr". Action Taken: No Action Taken. 21: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".b3d". Action Taken: No Action Taken. 22: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bak". Action Taken: No Action Taken. 23: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cam". Action Taken: No Action Taken. 24: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".crw". Action Taken: No Action Taken. 25: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dcm". Action Taken: No Action Taken. 26: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dds". Action Taken: No Action Taken. 27: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".djvu". Action Taken: No Action Taken. 28: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".e3". Action Taken: No Action Taken. 29: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ecw". Action Taken: No Action Taken. 30: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".f3". Action Taken: No Action Taken. 31: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fsh". Action Taken: No Action Taken. 32: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".g3". Action Taken: No Action Taken. 33: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gsm". Action Taken: No Action Taken. 34: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".h3". Action Taken: No Action Taken. 35: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".icl". Action Taken: No Action Taken. 36: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ids". Action Taken: No Action Taken. 37: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ima". Action Taken: No Action Taken. 38: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iw44". Action Taken: No Action Taken. 39: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".j2k". Action Taken: No Action Taken. 40: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jng". Action Taken: No Action Taken. 41: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jp2". Action Taken: No Action Taken. 42: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpc". Action Taken: No Action Taken. 43: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpf". Action Taken: No Action Taken. 44: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpm". Action Taken: No Action Taken. 45: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ldf". Action Taken: No Action Taken. 46: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lds". Action Taken: No Action Taken. 47: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lwf". Action Taken: No Action Taken. 48: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".m6". Action Taken: No Action Taken. 49: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".med". Action Taken: No Action Taken. 50: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".Nam". Action Taken: No Action Taken. 51: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ngg". Action Taken: No Action Taken. 52: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nlm". Action Taken: No Action Taken. 53: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nol". Action Taken: No Action Taken. 54: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".part". Action Taken: No Action Taken. 55: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pcf". Action Taken: No Action Taken. 56: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ra". Action Taken: No Action Taken. 57: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sff". Action Taken: No Action Taken. 58: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfw". Action Taken: No Action Taken. 59: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sid". Action Taken: No Action Taken. 60: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sun". Action Taken: No Action Taken. 61: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VIR". Action Taken: No Action Taken. 62: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".wbmp". Action Taken: No Action Taken. 63: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xpm". Action Taken: No Action Taken. 64: Wed Sep 28 14:41:46 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken. 65: Wed Sep 28 14:41:46 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-000000000001}". Action Taken: No Action Taken. 66: Wed Sep 28 14:41:46 2005 => Entry "HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" refers to invalid object "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll". Action Taken: No Action Taken. 67: Wed Sep 28 14:41:46 2005 => Entry "HKCR\CLSID\{0ECDED32-7998-11D4-9039-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 68: Wed Sep 28 14:41:46 2005 => Entry "HKCR\CLSID\{107AC600-8BEA-11D5-9149-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\anubisps.dll". Action Taken: No Action Taken. 69: Wed Sep 28 14:41:46 2005 => Entry "HKCR\CLSID\{2524A5A2-6DE6-433B-A067-33AAA8CF1587}" refers to invalid object "C:\PROGRA~2\INTERA~1\INTERA~1\iPlayer.exe". Action Taken: No Action Taken. 70: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{2F42F2D4-AF4D-4508-AA49-B32BC29E8167}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\PhoneNameDB_object.dll". Action Taken: No Action Taken. 71: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{3E15374C-3069-11D4-8FD8-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 72: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" refers to invalid object "C:\Programme\Norton AntiVirus\NavShExt.dll". Action Taken: No Action Taken. 73: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{444600D0-9289-11D3-B305-006008559C91}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\phonebook_object.dll". Action Taken: No Action Taken. 74: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{4549BCA5-7D56-11D3-83F5-006008676AF8}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\phonebook_object.dll". Action Taken: No Action Taken. 75: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{4C492775-3180-11D4-824B-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\EPMWOR~1.EXE". Action Taken: No Action Taken. 76: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{5268D8E3-481E-11D4-A1A8-000000000000}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\esirsock_object.dll". Action Taken: No Action Taken. 77: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{5268D9E3-481E-11D4-A1A8-765432100098}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\msmeirsock_object.dll". Action Taken: No Action Taken. 78: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{5268D9E3-481E-11D4-A1A8-987654321000}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\ms98irsock_object.dll". Action Taken: No Action Taken. 79: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" refers to invalid object "C:\Programme\Norton AntiVirus\NavShExt.dll". Action Taken: No Action Taken. 80: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{5357DDDC-2FAE-11D4-8FD7-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 81: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{56CFF462-F1CB-11D4-A983-0060977EFFD4}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\anubisutils.dll". Action Taken: No Action Taken. 82: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{5A88E0ED-42A3-11D4-8BFB-0060084C152B}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 83: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{6701C9E9-3067-11D3-8164-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\epoc_object.dll". Action Taken: No Action Taken. 84: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{69C6BDB0-8162-11d3-81A5-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\cellphone_object.dll". Action Taken: No Action Taken. 85: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{6ED96182-85EE-11D3-B2F3-006008559C91}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\sms_object.dll". Action Taken: No Action Taken. 86: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{743FF640-2E08-11D3-815C-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\status_object.dll". Action Taken: No Action Taken. 87: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{762EA5BA-7289-11D4-9028-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 88: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{777AAC32-95B0-11D3-B307-006008559C91}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\sms_object.dll". Action Taken: No Action Taken. 89: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{7A3BAF1E-8E64-46ef-8684-6FCDC3BB881D}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\sms_object.dll". Action Taken: No Action Taken. 90: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{7DC76603-9051-11D4-9053-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 91: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{7DC76617-9051-11D4-9053-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 92: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{7DC76627-9051-11D4-9053-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 93: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{7DC76637-9051-11D4-9053-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 94: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{7DC76647-9051-11D4-9053-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 95: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{7DC76657-9051-11D4-9053-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 96: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{7DC76667-9051-11D4-9053-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 97: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{7DC76677-9051-11D4-9053-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 98: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{7DC76687-9051-11D4-9053-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 99: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{7DC766A7-9051-11D4-9053-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 100: Wed Sep 28 14:41:47 2005 => Entry "HKCR\CLSID\{7DC766B7-9051-11D4-9053-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 101: Wed Sep 28 14:41:48 2005 => Entry "HKCR\CLSID\{870A393C-9440-11D4-9056-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 102: Wed Sep 28 14:41:48 2005 => Entry "HKCR\CLSID\{89F307EE-CF23-11D3-820B-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 103: Wed Sep 28 14:41:48 2005 => Entry "HKCR\CLSID\{90E882E1-F5C4-11d4-A986-0060977EFFD4}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\anubisutils.dll". Action Taken: No Action Taken. 104: Wed Sep 28 14:41:48 2005 => Entry "HKCR\CLSID\{97B72AC1-FC81-11D2-813D-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\EPMWOR~1.EXE". Action Taken: No Action Taken. 105: Wed Sep 28 14:41:48 2005 => Entry "HKCR\CLSID\{A1842DD4-481C-11D4-A1A8-000000000000}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\msirsock_object.dll". Action Taken: No Action Taken. 106: Wed Sep 28 14:41:48 2005 => Entry "HKCR\CLSID\{A988112F-808C-11D3-81A4-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\db_objects.dll". Action Taken: No Action Taken. 107: Wed Sep 28 14:41:48 2005 => Entry "HKCR\CLSID\{B2349BE4-2582-11D3-8156-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\EPMWOR~1.EXE". Action Taken: No Action Taken. 108: Wed Sep 28 14:41:48 2005 => Entry "HKCR\CLSID\{BB65CDD1-1F0E-11D3-8153-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\cellphone_object.dll". Action Taken: No Action Taken. 109: Wed Sep 28 14:41:48 2005 => Entry "HKCR\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}" refers to invalid object "C:\Programme\Norton AntiVirus\NavShExt.dll". Action Taken: No Action Taken. 110: Wed Sep 28 14:41:48 2005 => Entry "HKCR\CLSID\{C6F1797C-32F5-11D4-8FD9-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 111: Wed Sep 28 14:41:48 2005 => Entry "HKCR\CLSID\{C6F17992-32F5-11D4-8FD9-006008530540}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 112: Wed Sep 28 14:41:48 2005 => Entry "HKCR\CLSID\{C9D4128F-64FB-11D3-817F-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\obex_object.dll". Action Taken: No Action Taken. 113: Wed Sep 28 14:41:48 2005 => Entry "HKCR\CLSID\{CB1CB9C8-B636-11D4-8277-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\obexsyncreq_object.dll". Action Taken: No Action Taken. 114: Wed Sep 28 14:41:49 2005 => Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken. 115: Wed Sep 28 14:41:49 2005 => Entry "HKCR\CLSID\{EECB7D0B-38B4-4db7-BC92-0F71A9289DB3}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\sms_object.dll". Action Taken: No Action Taken. 116: Wed Sep 28 14:41:49 2005 => Entry "HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" refers to invalid object "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll". Action Taken: No Action Taken. 117: Wed Sep 28 14:41:49 2005 => Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken. 118: Wed Sep 28 14:41:49 2005 => Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken. 119: Wed Sep 28 14:41:49 2005 => Entry "HKCR\TypeLib\{2292E927-BD89-40DE-999A-4E72CE0EAA4F}" refers to invalid object "C:\Programme\Norton AntiVirus\NavShExt.dll". Action Taken: No Action Taken. 120: Wed Sep 28 14:41:49 2005 => Entry "HKCR\TypeLib\{3245CF6F-597A-4075-9196-5FF203D71786}" refers to invalid object "C:\Programme\Alambik\Alambik Viewer\system\AlambikViewer.dll". Action Taken: No Action Taken. 121: Wed Sep 28 14:41:49 2005 => Entry "HKCR\TypeLib\{5268D8D6-481E-11D4-A1A8-000000000000}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\esirsock_object.dll". Action Taken: No Action Taken. 122: Wed Sep 28 14:41:49 2005 => Entry "HKCR\TypeLib\{5268D9D6-481E-11D4-A1A8-765432100098}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\msmeirsock_object.dll". Action Taken: No Action Taken. 123: Wed Sep 28 14:41:49 2005 => Entry "HKCR\TypeLib\{5268D9D6-481E-11D4-A1A8-987654321000}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\ms98irsock_object.dll". Action Taken: No Action Taken. 124: Wed Sep 28 14:41:49 2005 => Entry "HKCR\TypeLib\{56CFF433-F1CB-11D4-A983-0060977EFFD4}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\anubisutils.dll". Action Taken: No Action Taken. 125: Wed Sep 28 14:41:49 2005 => Entry "HKCR\TypeLib\{6701C9B3-3067-11D3-8164-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\epoc_object.dll". Action Taken: No Action Taken. 126: Wed Sep 28 14:41:49 2005 => Entry "HKCR\TypeLib\{6ED96171-85EE-11D3-B2F3-006008559C91}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\sms_object.dll". Action Taken: No Action Taken. 127: Wed Sep 28 14:41:49 2005 => Entry "HKCR\TypeLib\{743FF633-2E08-11D3-815C-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\status_object.dll". Action Taken: No Action Taken. 128: Wed Sep 28 14:41:49 2005 => Entry "HKCR\TypeLib\{97B72AB4-FC81-11D2-813D-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\epmworker.exe". Action Taken: No Action Taken. 129: Wed Sep 28 14:41:49 2005 => Entry "HKCR\TypeLib\{A1842DC6-481C-11D4-A1A8-000000000000}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\msirsock_object.dll". Action Taken: No Action Taken. 130: Wed Sep 28 14:41:49 2005 => Entry "HKCR\TypeLib\{A9881122-808C-11D3-81A4-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\db_objects.dll". Action Taken: No Action Taken. 131: Wed Sep 28 14:41:49 2005 => Entry "HKCR\TypeLib\{B1CDDEA5-610B-4C96-8038-5672B271C1FE}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\PhoneNameDB_object.dll". Action Taken: No Action Taken. 132: Wed Sep 28 14:41:49 2005 => Entry "HKCR\TypeLib\{BB65CDC4-1F0E-11D3-8153-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\cellphone_object.dll". Action Taken: No Action Taken. 133: Wed Sep 28 14:41:50 2005 => Entry "HKCR\TypeLib\{BEAF7BF9-E090-4BED-8F5B-3F9990C4C723}" refers to invalid object "C:\Programme\SiteKiosk\SiteKiosk.exe". Action Taken: No Action Taken. 134: Wed Sep 28 14:41:50 2005 => Entry "HKCR\TypeLib\{C5F1FC7F-CF25-11D3-820B-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\settings_object.dll". Action Taken: No Action Taken. 135: Wed Sep 28 14:41:50 2005 => Entry "HKCR\TypeLib\{C9D4125B-64FB-11D3-817F-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\obex_object.dll". Action Taken: No Action Taken. 136: Wed Sep 28 14:41:50 2005 => Entry "HKCR\TypeLib\{CB1CB9BB-B636-11D4-8277-00500403AC07}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\obexsyncreq_object.dll". Action Taken: No Action Taken. 137: Wed Sep 28 14:41:50 2005 => Entry "HKCR\TypeLib\{D443EB2F-7D63-11D3-83F5-006008676AF8}" refers to invalid object "C:\PROGRA~1\SONYER~1\MOBILE~1\phonebook_object.dll". Action Taken: No Action Taken. 138: Wed Sep 28 14:41:50 2005 => Entry "HKCR\TypeLib\{EF99BD24-C1FB-11D2-892F-0090271D4F88}" refers to invalid object "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll". Action Taken: No Action Taken. 139: Wed Sep 28 14:41:50 2005 => Entry "HKCR\TypeLib\{F57B25DE-1945-4BE1-8B3D-A1065F8B31A9}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken. 140: Wed Sep 28 14:41:50 2005 => Entry "HKCR\.iti" refers to invalid object "ITIClient.Document". Action Taken: No Action Taken. 141: Wed Sep 28 14:41:50 2005 => Entry "HKCR\.vpl" refers to invalid object "VaroDVD_File". Action Taken: No Action Taken. 142: Wed Sep 28 14:41:50 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\system32\CMMGR32.EXE "%1"". Action Taken: No Action Taken. 143: Wed Sep 28 14:41:51 2005 => Entry "HKCR\ed2k\shell\open\command" refers to invalid object ""D:\emule\eMule.exe" "%1"". Action Taken: No Action Taken. 144: Wed Sep 28 14:41:51 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. 145: Wed Sep 28 14:41:51 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. 146: Wed Sep 28 14:41:51 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. 147: Wed Sep 28 14:41:51 2005 => Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken. 148: Wed Sep 28 15:03:09 2005 => Result: ERROR!!! File G:\Downloads\HA1.zip is Not Scanned 149: Wed Sep 28 15:03:10 2005 => Result: ERROR!!! File G:\Downloads\MCH_SS2005.zip is Not Scanned 150: Wed Sep 28 15:03:10 2005 => Result: ERROR!!! File G:\Downloads\MCH_SS2005neu.zip is Not Scanned 151: Wed Sep 28 15:03:10 2005 => Result: ERROR!!! File G:\Downloads\MCH_SS2005_2.zip is Not Scanned -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: C:\WINDOWS\system32\mscornet.exe => Trojan-Downloader.Win32.Zlob.aq 2: C:\WINDOWS\q73188309.dll => Trojan-Downloader.Win32.Delf.wp 3: C:\WINDOWS\system32\msvol.tlb => HackTool.Win32.Hidd.n 4: C:\WINDOWS\system32\WININET.DLL.VIR => Virus.Win32.Nsag.b 5: C:\Programme\Norton AntiVirus\Quarantine\6BF64CB0.class => Trojan.Java.ClassLoader.ak 6: C:\Programme\Norton AntiVirus\Quarantine\2D45475E.class => Trojan.Java.ClassLoader.c 7: C:\Programme\Norton AntiVirus\Quarantine\2D83651A.class => Trojan.Java.ClassLoader.Dummy.a 8: C:\Programme\Norton AntiVirus\Quarantine\2D9D34FD.class => Exploit.Java.Bytverify 9: C:\Programme\Norton AntiVirus\Quarantine\4DF63BE6.zip => Trojan.Java.ClassLoader.c 10: C:\Programme\Norton AntiVirus\Quarantine\4E0039DB.class => Trojan.Java.ClassLoader.c 11: C:\Programme\Norton AntiVirus\Quarantine\4E100BC9.class => Trojan.Java.ClassLoader.Dummy.a 12: C:\Programme\Norton AntiVirus\Quarantine\4E1A09BF.class => Exploit.Java.Bytverify 13: C:\Programme\Norton AntiVirus\Quarantine\49F43D8A.zip => Trojan.Java.ClassLoader.c 14: C:\Programme\Norton AntiVirus\Quarantine\4A12376A.class => Trojan.Java.ClassLoader.c 15: C:\Programme\Norton AntiVirus\Quarantine\4A465731.class => Trojan.Java.ClassLoader.Dummy.a 16: C:\Programme\Norton AntiVirus\Quarantine\4A5D7D17.class => Exploit.Java.Bytverify 17: C:\Programme\Norton AntiVirus\Quarantine\7CCF4AB8.zip => Trojan.Java.ClassLoader.c 18: C:\Programme\Norton AntiVirus\Quarantine\4156574F.class => Trojan.Java.Binny.a 19: C:\Programme\Norton AntiVirus\Quarantine\09694838.zip => Trojan.Java.ClassLoader.c 20: C:\Programme\Norton AntiVirus\Quarantine\09701C31.class => Trojan.Java.ClassLoader.c 21: C:\Programme\Norton AntiVirus\Quarantine\097D4422.class => Trojan.Java.ClassLoader.Dummy.a 22: C:\Programme\Norton AntiVirus\Quarantine\09806E1F.class => Exploit.Java.Bytverify 23: C:\System Volume Information\_restore{18A3BEE4-69C8-4613-BC76-0027E40DCE5D}\RP157\A0030772.tlb => HackTool.Win32.Hidd.n 24: C:\System Volume Information\_restore{18A3BEE4-69C8-4613-BC76-0027E40DCE5D}\RP157\A0030788.tlb => HackTool.Win32.Hidd.n 25: C:\System Volume Information\_restore{18A3BEE4-69C8-4613-BC76-0027E40DCE5D}\RP157\A0030803.tlb => HackTool.Win32.Hidd.n 26: C:\System Volume Information\_restore{18A3BEE4-69C8-4613-BC76-0027E40DCE5D}\RP157\A0030792.EXE.VIR => Trojan.Win32.Small.ev 27: C:\System Volume Information\_restore{18A3BEE4-69C8-4613-BC76-0027E40DCE5D}\RP157\A0030805.DLL.VIR => Trojan.Win32.Small.ev 28: C:\System Volume Information\_restore{18A3BEE4-69C8-4613-BC76-0027E40DCE5D}\RP157\A0030808.EXE.VIR => Trojan.Win32.Small.ev 29: C:\System Volume Information\_restore{18A3BEE4-69C8-4613-BC76-0027E40DCE5D}\RP157\A0030832.tlb => HackTool.Win32.Hidd.n -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Wed Sep 28 15:03:21 2005 => Total Objects Scanned: 72849 Wed Sep 28 15:03:21 2005 => Total Virus(es) Found: 72 Wed Sep 28 15:03:21 2005 => Total Errors: 151 Wed Sep 28 15:03:21 2005 => Virus Database Date: 2005/09/28 Wed Sep 28 15:03:21 2005 => Virus Database Count: 151535 Wed Sep 28 15:05:06 2005 => Total Objects Scanned: 72849 Wed Sep 28 15:05:06 2005 => Total Virus(es) Found: 72 Wed Sep 28 15:05:06 2005 => Total Errors: 151 Dieser Beitrag wurde am 28.09.2005 um 15:32 Uhr von der Stopfen editiert.
|
|
|
|
|
|
|
28.09.2005, 15:31
Member
Beiträge: 4730 |
#6
Sehr schön.
Deaktiviere die Systemwiederherstellung: Start -> Systemsteuerung -> System -> Systemwiederherstellung Lade Killbox und lösche damit wie beschrieben (http://managor.de/killbox.htm): C:\WINDOWS\system32\mscornet.exe C:\WINDOWS\q73188309.dll C:\WINDOWS\system32\msvol.tlb C:\WINDOWS\system32\WININET.DLL.VIR C:\WINDOWS\iun6002.exe PC wird neugestartet. smitRem: http://noahdfear.geekstogo.com/ Downloaden, entpacken, smitRem-Ordner öffnen und RunThis.bat ausführen. Ergebnis hier posten. CCleaner: http://virus-protect.org/temp.html Lösche alle temporären Dateien. Spybot S&D: http://security.kolla.de Installieren, updaten und scannen. Alle gefundenen Probleme beheben. Dasselbe mit AdAware: http://lavasoft.de Leere die Quarantäne von Norton. Mache einen Scan mit Ewido: http://virus-protect.org/ewido.html Poste den Report Dann nochmal ein HJT-Log. Übrigens: Wenn Du formatierst und Windows neu installierst und dann wieder Norton AntiVirus drauf machst, hast Du wieder ein Jahr  Norton merkt sich die Gültigkeit des Abos nur an der Zeit, als es installiert wurde.__________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
|
|
|
|
28.09.2005, 15:53
...neu hier
Beiträge: 5 |
#7
also: smitrem gab mir kein konkretes ergebnis, sondern nur eine editor-datei im smitrem-verzeichnis mit folgendem inhalt:
Testing presence of HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD --------- ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD\PSGuard Deleting ShudderLTD ---------- Checking if HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD is still present ------ Deleting leftovers in registry ------ leftovers deleted! der ccleaner ist auch durchgelaufen genauso wie spy-bot und AdAware. leich mache ich noch die beiden neuen scans! danke für deine geduld quarantäne von norton ist auch glöscht. so, und hier ist der scan-report von ewido: --------------------------------------------------------- ewido security suite - Scan Report --------------------------------------------------------- + Erstellt am: 16:36:18, 28.09.2005 + Report-Checksumme: 97777CDA + Scanergebnis: :mozilla.8:C:\Dokumente und Einstellungen\Extensa3000wlmi\Anwendungsdaten\Phoenix\Profiles\default\cfx1r80n.slt\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup :mozilla.9:C:\Dokumente und Einstellungen\Extensa3000wlmi\Anwendungsdaten\Phoenix\Profiles\default\cfx1r80n.slt\cookies.txt ::Report Ende und der hijack logfile folgt auf dem fuße: Logfile of HijackThis v1.99.1 Scan saved at 16:39:02, on 28.09.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Arcade\PCMService.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Launch Manager\QtZgAcer.EXE D:\Winamp\winampa.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe D:\Antivirenzeug\AVGNT.EXE D:\ANTIVI~1\WINPAT~1\winpatrol.exe C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Acer\eManager\anbmServ.exe D:\Antivirenzeug\AVGUARD.EXE D:\Antivirenzeug\AVWUPSRV.EXE C:\WINDOWS\system32\svchost.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\Antivirenzeug\neuer versuch\Spybot - Search & Destroy\TeaTimer.exe D:\Antivirenzeug\neuer versuch\security suite\ewidoctrl.exe D:\Antivirenzeug\neuer versuch\security suite\SecuritySuite.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\Antivirenzeug\neuer versuch\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\ICQToolbar\toolbaru.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Antivirenzeug\neuer versuch\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programme\Gemeinsame Dateien\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVGCtrl] "D:\Antivirenzeug\AVGNT.EXE" /min O4 - HKLM\..\Run: [WinPatrol] d:\ANTIVI~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Antivirenzeug\neuer versuch\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\icq\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\icq\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = uni-giessen.de O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = uni-giessen.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = uni-giessen.de O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Antivirenzeug\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Antivirenzeug\AVWUPSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: ewido security suite control - ewido networks - D:\Antivirenzeug\neuer versuch\security suite\ewidoctrl.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe danke, danke, danke Dieser Beitrag wurde am 28.09.2005 um 16:37 Uhr von der Stopfen editiert.
|
|
|
|
|
|
|
10.05.2006, 22:41
Member
Beiträge: 19 |
#8
nabend , habe auch den trojaner.Zlob drauf , habe mal die logfile von hicjak kopiert, könnt ihr damit was anfangen? wäre sehr schön gruß micky 1987
Logfile of HijackThis v1.99.1 Scan saved at 22:33:38, on 10.05.2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton Personal Firewall\ISSVC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\atmclk.exe C:\WINDOWS\System32\dcomcfg.exe C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\Programme\Winamp\winampa.exe C:\Programme\D-Tools\daemon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\SlySoft\AnyDVD\AnyDVD.exe C:\Programme\Trojancheck 6\tcguard.exe C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Yahoo!\Messenger\YahooMessenger.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\DT\Sinus 1054 data\Wifiusb.exe C:\Programme\OpenOffice.org1.1.0\program\soffice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\Norton AntiVirus\NAVW32.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Micky\Desktop\sicherheitstools\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll R3 - URLSearchHook: ScriptInocUI Class - - (no file) O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp8691.tmp O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6\tcguard.exe O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Programme\OpenOffice.org1.1.0\program\quickstart.exe O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Sinus 1054 data WLAN Manager.lnk = ? O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0374340D-477E-4ED0-8DAC-2290091D1167} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0374340D-477E-4ED0-8DAC-2290091D1167} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8C738FD6-5B2A-42E2-B139-3381C139D9F1}: NameServer = 192.168.0.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{E61B1ABB-FA54-4FCF-94E6-D22DF0149F7B}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{F8D0FABC-E3C8-4E2E-8661-6EFDE82D0F29}: NameServer = 192.168.2.1 O20 - Winlogon Notify: wingob32 - wingob32.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Personal Firewall\ISSVC.exe O23 - Service: Marmiko ZeroConfig Controller (MZCCntrl) - Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe |
|
|
|
|
|
|
12.05.2006, 12:55
Ehrenmitglied
 Beiträge: 29434 |
#9
Micky1987
stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
14.05.2006, 20:52
Member
Beiträge: 19 |
#10
ok habe dieses cleanup gemacht, nur was hat es mit diesem donate auf sich? ach ja,, soll ich diese vier textdateien in windows/system 32 einfügen?
|
|
|
|
|
|
|
14.05.2006, 22:58
Ehrenmitglied
Beiträge: 29434 |
#11
es ist genau auf der seite erklaert, wenn sich der texteditor oeffnet, kopiere alles ab ..hier rein...(d.h. 3 Monate reichen..ist nach Datum aufgelistet)
dann schliesst du den Texteditor, klickst bei weiterhin geoeffnetem DOS eine Taste und es oeffnet sich wieder der Editor...usw. alles in allem sind es 4 logs, die ich hier sehen will __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
14.05.2006, 23:45
Member
Beiträge: 19 |
#12
ok erster log :
Verzeichnis von C:\WINDOWS\system32 14.05.2006 23:38 6.144 simpole.tlb 14.05.2006 23:38 5.012 stdole3.tlb 14.05.2006 23:38 22.571 nvapps.xml 14.05.2006 23:38 29.696 hpEC56.tmp 14.05.2006 23:12 9.948 atmclk.exe 14.05.2006 22:50 43.520 CmdLineExt03.dll 14.05.2006 22:22 29.696 hp82CC.tmp 14.05.2006 22:22 48.128 dcomcfg.exe 14.05.2006 11:30 33.805 ld680E.tmp 14.05.2006 11:30 2.184 wpa.dbl 14.05.2006 01:08 384 DVCStateBkp-{00000000-00000000-0000000F-00001102-00000004-20021102}.dat 14.05.2006 01:08 1.080 settingsbkup.sfm 14.05.2006 01:08 1.080 settings.sfm 14.05.2006 01:08 384 DVCState-{00000000-00000000-0000000F-00001102-00000004-20021102}.dat 14.05.2006 01:08 32.088 BMXBkpCtrlState-{00000000-00000000-0000000F-00001102-00000004-20021102}.rfx 14.05.2006 01:08 32.088 BMXCtrlState-{00000000-00000000-0000000F-00001102-00000004-20021102}.rfx 14.05.2006 01:08 32.592 BMXState-{00000000-00000000-0000000F-00001102-00000004-20021102}.rfx 14.05.2006 01:08 32.592 BMXStateBkp-{00000000-00000000-0000000F-00001102-00000004-20021102}.rfx 11.05.2006 16:57 43.008 hp94F6.tmp 01.05.2006 20:33 176.128 twain32.dll 01.05.2006 20:28 15.205 regperf.exe 13.04.2006 19:17 98.304 CmdLineExt.dll 02.04.2006 22:24 11.891 wingob32.dll.exe 26.03.2006 12:30 39.992 perfc009.dat 26.03.2006 12:30 311.604 perfh009.dat 26.03.2006 12:30 316.594 perfh007.dat 26.03.2006 12:30 48.156 perfc007.dat 26.03.2006 12:30 723.744 PerfStringBackup.INI 06.02.2006 12:46 21.840 SIntfNT.dll 06.02.2006 12:46 17.212 SIntf32.dll 06.02.2006 12:46 12.067 SIntf16.dll 06.02.2006 11:52 0 shell386.exe 06.02.2006 11:51 11.042 azebar.xml 04.02.2006 22:14 103.824 FNTCACHE.DAT 02.02.2006 17:44 2.368 SVKP.sys 2 log: Verzeichnis von C:\DOKUME~1\Micky\LOKALE~1\Temp 14.05.2006 23:39 16.384 ~DF89E0.tmp 14.05.2006 23:39 16.384 Perflib_Perfdata_50c.dat 14.05.2006 23:36 25.064 BNeCA.tmp 14.05.2006 22:50 4.592 SIntfIcn.ani 14.05.2006 22:50 24.744 SIntfNT.dll 14.05.2006 22:50 20.016 SIntf32.dll 14.05.2006 22:50 12.305 SIntf16.dll 14.05.2006 11:31 16.384 ~DFBB9B.tmp 3 log: Verzeichnis von C:\WINDOWS 14.05.2006 23:38 4.933.320 {00000000-00000000-0000000F-00001102-00000004-20021102}.CDF 14.05.2006 23:37 96.395 WindowsUpdate.log 14.05.2006 22:49 192 winamp.ini 14.05.2006 11:30 0 0.log 14.05.2006 11:30 2.048 bootstat.dat 14.05.2006 01:08 32.476 SchedLgU.Txt 12.05.2006 00:16 49 NeroDigital.ini 11.05.2006 17:03 26 Lic.xxx 03.05.2006 10:18 3.368.328 REGBK00.ZIP 15.02.2006 22:02 2.909 mozver.dat 15.02.2006 20:24 0 nsreg.dat 15.02.2006 20:24 107.134 UninstallFirefox.exe 15.02.2006 20:11 5.888 ModemLog_Samsung GPRS MODEM.txt 06.02.2006 13:42 745 COD.INI 06.02.2006 12:54 395 SIERRA.INI 06.02.2006 11:51 12.344 azesearch.bmp 06.02.2006 11:50 276 game.ini 05.02.2006 18:17 0 kl1.exe 05.02.2006 18:16 0 uniq 04.02.2006 21:34 618 eReg.dat Verzeichnis von C:\ 15.05.2006 00:47 0 sys.txt 15.05.2006 00:46 4.996 system.txt 15.05.2006 00:46 647 systemtemp.txt 15.05.2006 00:46 101.084 system32.txt 14.05.2006 11:30 805.306.368 pagefile.sys 11.05.2006 18:44 6 AVPCallback.log ups, habe dann falsch gedrückt, habe es dann jetzt richtig gemacht Dieser Beitrag wurde am 15.05.2006 um 00:49 Uhr von Micky1987 editiert.
|
|
|
|
|
|
|
14.05.2006, 23:52
Ehrenmitglied
Beiträge: 29434 |
#13
Micky1987
das 3. und 4. Log sind gleich... und du hast auch die Pfade oberhalb nicht mit abkopiert...so kann ich nichts machen. das 3.Log ist C:\Windows und das 4. Log muesste C:\ sein Korrigiere das bitte Zitat C:\WINDOWS\system32\simpole.tlb __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
15.05.2006, 17:02
Member
Beiträge: 19 |
#14
habe das dann mal geändert
|
|
|
|
|
|
|
15.05.2006, 18:21
Ehrenmitglied
Beiträge: 29434 |
#15
warte bitte bis heute abend, ich habe im Moment nicht genuegend Zeit, um alles aufzulisten.
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Ich hab folgendes problem:
Ich hab im Internet gesurft und plötzlich war mein desktop-hintergrund weg. An dessen stelle war nun ein schwarzer Hintergrund auf dem in roter Schrift stand: "Your computer is infected with spyware." Darunter stand dann noch etwas mit einem "click here" Link. Dieser Link hat mich zu einem Download des Programms Spy-Trooper geführt, welches ich auch runtergeladen und installiert habe. Der scan hat ergeben, dass ich so ca. 80 Spyware-progamme auf dem pc hatte. Das Programm bot mir an, die Spyware zu löschen, doch dafür hätte ich mir die Vollversion für ca.40€ kaufen müssen. Also hab ich mich nach Alternativen umgeschaut und bin dann auf Spybot S&D gestoßen, welches aber keines der Spyware-programme gefunden hat. Ein kumpel von mir hat mir dann den "Spy Sweeper" von Webroot empfohlen. Ich hab mir die kostenlose 30-Tage Version aus dem Netz geladen und installiert. Der Spy Sweeper hat dann auch alles gefunden und vernichtet. Bis auf den Trojaner "trojan-downloader-zlob", welcher laut Spy Sweeper im Reg-Key:
HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || wininet.dll
festgesetzt hat. Ich werde dieses blöde Teil einfach nicht mehr los! Wenn das Ding beim Scan von Spy Sweeper entdeckt wird, kann ich es löschen. Wenn ich dann aber ein zweites mal scanne (egal ob nach windows-neustart oder nicht) ist es wieder da! Ich habs auch schon mit Adaware probiert, der findet garnichts.
Dann hab ich mir Hijack This v.1.99.1 runtergeladen und diese Logfile erstellt:
Logfile of HijackThis v1.99.1
Scan saved at 18:27:09, on 26.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\TVR\RecSche.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\T-Online\DSL-Manager\TODslMgr.exe
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\lvhidsvc.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\VR-Web\vr-web.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\Heinz Jakobs\Desktop\hijackthis_199\HijackThis.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RecSche] "C:\Programme\TVR\RecSche.exe"
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [T-Online DSL-Manager] "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE /nosplash
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AF3EA30-D686-434D-9D5B-1822A8CCFFC9}: NameServer = 217.237.151.225 217.237.150.225
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ich hoffe ihr könnt mir helfen.
Mfg
Team.Killer