Hartnäckige Trojaner

#1 Hallo ihr lieben,
habe heute folgendes Problem.
Auf meinem Rechner sind zwei Trojaner (Troj. Pferd TR/Click.AG.dj.13 A + 13 B und Troj. Pferd TR/Puper.BA.1) die ich weder unbenennen noch löschen kann.
Habe WinXP, mein Virenprogramm ist Antivir (neues update hab ich schon, löscht den mist aber trotzdem nicht). Das Zeug hat sich übrigens bei Windows/System32 eingenisstet.
Hier direkt mal die Logfile.

Logfile of HijackThis v1.99.1
Scan saved at 20:47:30, on 10.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\shnlog.exe
H:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
H:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
H:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
H:\Programme\AVPersonal\AVGNT.EXE
H:\Programme\Java\jre1.5.0_04\bin\jusched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Programme\Logitech\SetPoint\KEM.exe
H:\Programme\WinZip\WZQKPICK.EXE
H:\Programme\Logitech\SetPoint\KHALMNPR.EXE
H:\WINDOWS\system32\intmon.exe
H:\Programme\AVPersonal\AVGUARD.EXE
H:\Programme\AVPersonal\AVWUPSRV.EXE
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\Programme\Opera\opera.exe
H:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
H:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
H:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
H:\Programme\Steganos Trace Destructor 6\itd.exe
H:\Programme\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - H:\WINDOWS\system32\hp5B9D.tmp
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - H:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [EM_EXEC] H:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "H:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ToADiMon.exe] H:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [TkBellExe] "H:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] "H:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RegSvr32] H:\WINDOWS\system32\msmsgs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "H:\Programme\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = H:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = H:\Programme\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = H:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Alles mit FlashGet laden - H:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - H:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - H:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - H:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.bigfishgames.com/online/tumblebugs/axhost.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.lycos.de/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{86A3BC59-606E-43CF-97C4-1800E8E80F5A}: NameServer = 217.237.150.97 217.237.150.225
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - H:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - H:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - H:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hoffe mir kann jemand helfen.
LG
Nelli

#2 Fixe (Häkchen setzen, "fix checked" klicken) folgende Einträge:

O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - H:\WINDOWS\system32\hp5B9D.tmp
O4 - HKLM\..\Run: [RegSvr32] H:\WINDOWS\system32\msmsgs.exe
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.bigfishgames.com/online/tumblebugs/axhost.cab

Lösche mit Killbox (http://managor.de/killbox.htm) folgende Dateien:

H:\WINDOWS\system32\shnlog.exe
H:\WINDOWS\system32\msmsgs.exe
H:\WINDOWS\system32\intmon.exe
H:\WINDOWS\system32\intmonp.exe
H:\WINDOWS\system32\hp5B9D.tmp

Mache einen Scan mit eScanCheck (http://managor.de/escan.htm) uns poste das Ergebnis.

Außerdem fertige nach der Anleitung auf folgender Seite vier Log-Dateien an, aus denen Du alle Einträge der vergangenen drei Wochen inkl. Pfadangabe kopierst (vor jedem Eintrag steht ein Datum):
http://virus-protect.org/datfindbat.html
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

#3 Tja, es lässt sich leider nicht fixen.
Sobald ich das machen will, geht garnichts mehr und ich muss mein pc von hand ausmachen.

#4 Nicht so tragisch. Dann lösche erstmal wie beschrieben die genannten Dateien und fahre mit den anderen Schritten fort.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

#5 Hallo ihr lieben,
mache gerade ein eScanCheck, weiss jemand wielange das dauert? Es läuft bei mir schon 3 std. und ich würde gerne ins bett gehen, da ich morgen sehr früh wieder aufstehen muss.

Wär nett wenn ihr so schnell wie möglich antwortet.

LG Nelli

#6 Oh, sorry, dass ich jetzt erst antworte. Wenn es so lang dauert, dann brich es ab. Starte den PC in den abgesicherten Modus (während des Starts die Taste F8 drücken) und probiere es dort nochmal. Vorher jedoch eine evtl. vorhandene mwav.log im Verzeichnis c:\bases_x löschen.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

#7 Hallo
Hier das ergebnis:


--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Wed Oct 12 20:50:33 2005 => File H:\WINDOWS\popuper.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken.
2: Wed Oct 12 20:50:41 2005 => File H:\WINDOWS\system32\intmonp.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken.
3: Wed Oct 12 20:51:03 2005 => File H:\WINDOWS\popuper.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken.
4: Wed Oct 12 20:51:24 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
5: Wed Oct 12 20:51:24 2005 => System found infected with flashget Spyware/Adware ({a5366673-e8ca-11d3-9cd9-0090271d075b})! Action taken: No Action Taken.
6: Wed Oct 12 20:51:24 2005 => System found infected with flashget Spyware/Adware ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: No Action Taken.
7: Wed Oct 12 20:51:24 2005 => System found infected with flashget Spyware/Adware ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: No Action Taken.
8: Wed Oct 12 20:51:25 2005 => Offending file found: H:\WINDOWS\popuper.exe
9: Wed Oct 12 20:51:25 2005 => System found infected with popuper Spyware/Adware (popuper.exe)! Action taken: No Action Taken.
10: Wed Oct 12 20:51:25 2005 => Offending file found: H:\WINDOWS\sites.ini
11: Wed Oct 12 20:51:25 2005 => System found infected with smitfraud Spyware/Adware (sites.ini)! Action taken: No Action Taken.
12: Wed Oct 12 20:51:25 2005 => Offending file found: H:\WINDOWS\system32\intmonp.exe
13: Wed Oct 12 20:51:25 2005 => System found infected with popuper Spyware/Adware (intmonp.exe)! Action taken: No Action Taken.
14: Wed Oct 12 20:51:25 2005 => Offending file found: H:\Programme\jcdeu.ini
15: Wed Oct 12 20:51:25 2005 => System found infected with flashget Spyware/Adware (jcdeu.ini)! Action taken: No Action Taken.
16: Wed Oct 12 20:51:30 2005 => Offending file found: H:\Dokumente und Einstellungen\Melanie\Lokale Einstellungen\temporary internet files\content.ie5\ji901ims\common[1].js
17: Wed Oct 12 20:51:30 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
18: Wed Oct 12 20:51:30 2005 => Offending file found: H:\Dokumente und Einstellungen\Melanie\Lokale Einstellungen\temporary internet files\content.ie5\qratuvwx\common[1].js
19: Wed Oct 12 20:51:30 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
20: Wed Oct 12 20:51:30 2005 => Offending file found: H:\Dokumente und Einstellungen\Melanie\Lokale Einstellungen\Temporary Internet Files\content.ie5\ji901ims\common[1].js
21: Wed Oct 12 20:51:30 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
22: Wed Oct 12 20:51:30 2005 => Offending file found: H:\Dokumente und Einstellungen\Melanie\Lokale Einstellungen\Temporary Internet Files\content.ie5\qratuvwx\common[1].js
23: Wed Oct 12 20:51:30 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
24: Wed Oct 12 20:53:20 2005 => File H:\WINDOWS\system32\intell32.exe infected by "Trojan-Downloader.Win32.Small.vu" Virus! Action Taken: No Action Taken.
25: Wed Oct 12 20:53:20 2005 => File H:\WINDOWS\system32\intmonp.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken.
26: Wed Oct 12 21:21:17 2005 => Scanning Folder: H:\Programme\AVPersonal\INFECTED\*.*
27: Wed Oct 12 21:21:17 2005 => Scanning File H:\Programme\AVPersonal\INFECTED\MSOLE32.EXE.VIR
28: Wed Oct 12 21:21:17 2005 => File H:\Programme\AVPersonal\INFECTED\MSOLE32.EXE.VIR infected by "Trojan-Clicker.Win32.Agent.cr" Virus! Action Taken: No Action Taken.
29: Wed Oct 12 21:21:17 2005 => Scanning File H:\Programme\AVPersonal\INFECTED\OPR0FY5L.HTM.VIR [**]
30: Wed Oct 12 21:21:17 2005 => Scanning File H:\Programme\AVPersonal\INFECTED\OPR0LTE5.HTML.VIR [**]
31: Wed Oct 12 21:21:22 2005 => File H:\Programme\backups\backup-20051011-211210-401.dll infected by "Trojan.Win32.Puper.be" Virus! Action Taken: No Action Taken.
32: Wed Oct 12 21:21:22 2005 => File H:\Programme\backups\backup-20051011-211227-921.dll infected by "Trojan.Win32.Puper.be" Virus! Action Taken: No Action Taken.
33: Wed Oct 12 21:27:51 2005 => File H:\Programme\freeripmp3.exe infected by "Trojan-Downloader.Win32.Agent.kr" Virus! Action Taken: No Action Taken.
34: Wed Oct 12 23:05:43 2005 => File H:\RECYCLER\S-1-5-21-1547161642-1085031214-682003330-1003\Dh15.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
35: Wed Oct 12 23:05:44 2005 => File H:\RECYCLER\S-1-5-21-1547161642-1085031214-682003330-1003\Dh20.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
36: Wed Oct 12 23:07:16 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0058658.exe infected by "Trojan.Win32.Puper.bf" Virus! Action Taken: No Action Taken.
37: Wed Oct 12 23:07:16 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0058659.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
38: Wed Oct 12 23:07:16 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0058660.exe infected by "Trojan.Win32.Puper.bd" Virus! Action Taken: No Action Taken.
39: Wed Oct 12 23:07:17 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0058683.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
40: Wed Oct 12 23:07:17 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0059686.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
41: Wed Oct 12 23:07:17 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0059687.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
42: Wed Oct 12 23:07:17 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0059695.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
43: Wed Oct 12 23:07:17 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060695.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
44: Wed Oct 12 23:07:17 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060696.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
45: Wed Oct 12 23:07:23 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060802.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
46: Wed Oct 12 23:07:23 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060813.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
47: Wed Oct 12 23:07:23 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060814.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
48: Wed Oct 12 23:07:23 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060822.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
49: Wed Oct 12 23:07:23 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060823.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
50: Wed Oct 12 23:07:23 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060833.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
51: Wed Oct 12 23:07:23 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060834.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
52: Wed Oct 12 23:07:24 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060874.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken.
53: Wed Oct 12 23:07:24 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060875.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
54: Wed Oct 12 23:07:24 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060876.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
55: Wed Oct 12 23:07:24 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0061874.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken.
56: Wed Oct 12 23:07:25 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0061875.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
57: Wed Oct 12 23:07:25 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0061876.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
58: Wed Oct 12 23:07:25 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0062874.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken.
59: Wed Oct 12 23:07:25 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0062875.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
60: Wed Oct 12 23:07:25 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0062876.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
61: Wed Oct 12 23:07:26 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062885.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken.
62: Wed Oct 12 23:07:26 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062886.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
63: Wed Oct 12 23:07:26 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062894.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken.
64: Wed Oct 12 23:07:26 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062895.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
65: Wed Oct 12 23:07:26 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062903.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken.
66: Wed Oct 12 23:07:27 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062904.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
67: Wed Oct 12 23:07:27 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062905.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
68: Wed Oct 12 23:07:27 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062940.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
69: Wed Oct 12 23:07:28 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062959.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken.
70: Wed Oct 12 23:07:28 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062979.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken.
71: Wed Oct 12 23:07:28 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062980.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
72: Wed Oct 12 23:07:28 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062981.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
73: Wed Oct 12 23:07:29 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062997.exe infected by "Trojan.Win32.Puper.bf" Virus! Action Taken: No Action Taken.
74: Wed Oct 12 23:07:29 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062998.exe infected by "Trojan-Downloader.Win32.Zlob.at" Virus! Action Taken: No Action Taken.
75: Wed Oct 12 23:07:29 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062999.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
76: Wed Oct 12 23:07:29 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0063000.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken.
77: Wed Oct 12 23:07:29 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0063001.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken.
78: Thu Oct 13 01:12:19 2005 => File H:\WINDOWS\system32\intell32.exe infected by "Trojan-Downloader.Win32.Small.vu" Virus! Action Taken: No Action Taken.
79: Thu Oct 13 01:12:19 2005 => File H:\WINDOWS\system32\intmonp.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken.
80: Thu Oct 13 01:12:45 2005 => File H:\WINDOWS\system32\LogFiles\OD0080400.so infected by "Trojan-Downloader.Win32.Small.bqx" Virus! Action Taken: No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Wed Oct 12 20:50:54 2005 => ERROR!!! Invalid Entry = H:\WINDOWS\system32\hp72CE.tmp (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}). No Action Taken.
2: Wed Oct 12 20:51:03 2005 => ERROR!!! Invalid Entry notepad.exe = msmsgs.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken.
3: Wed Oct 12 20:51:03 2005 => ERROR!!! Invalid Entry paint.exe = shnlog.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken.
4: Wed Oct 12 20:51:03 2005 => ERROR!!! Invalid Entry winlogon.exe = msole32.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken.
5: Wed Oct 12 20:51:12 2005 => ERROR!!! Invalid Entry System32\DRIVERS\imounter.sys in SYSTEM\CurrentControlSet\Services\im_bus...
6: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "H:\WINDOWS\Downloaded Program Files\axhost.dll". Action Taken: No Action Taken.
7: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "H:\WINDOWS\Downloaded Program Files\Midasa.dll". Action Taken: No Action Taken.
8: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Downloaded Program Files\Midasa.dll". Action Taken: No Action Taken.
9: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Programme\Ahead\CoverDesigner\NeroCoverDesigner_fra.chm". Action Taken: No Action Taken.
10: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Programme\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken.
11: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Programme\Ahead\Nero BackItUp\NeroBackItUp_Fra.chm". Action Taken: No Action Taken.
12: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Programme\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Action Taken: No Action Taken.
13: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Programme\Ahead\Nero StartSmart\NeroStartSmart_jpn.chm". Action Taken: No Action Taken.
14: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Programme\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken.
15: Wed Oct 12 20:51:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Downloaded Program Files\axhost.dll". Action Taken: No Action Taken.
16: Wed Oct 12 20:51:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Programme\bfgtoolbar\bfgtoolbar.dll". Action Taken: No Action Taken.
17: Wed Oct 12 20:51:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "H:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
18: Wed Oct 12 20:51:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "H:\Programme\ATI Technologies\ATI Control Panel\setup.exe". Action Taken: No Action Taken.
19: Wed Oct 12 20:51:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "H:\Dokumente und Einstellungen\Melanie\Startmenü\Programme\MP3 Player Utilities 1.22\". Action Taken: No Action Taken.
20: Wed Oct 12 20:51:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "H:\Dokumente und Einstellungen\Melanie\Anwendungsdaten\Microsoft\Installer\{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}\". Action Taken: No Action Taken.
21: Wed Oct 12 20:51:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BUP". Action Taken: No Action Taken.
22: Wed Oct 12 20:51:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DIP". Action Taken: No Action Taken.
23: Wed Oct 12 20:51:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.
24: Wed Oct 12 20:51:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VIR". Action Taken: No Action Taken.
25: Wed Oct 12 20:51:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Language pack for Ad-Aware SE". Action Taken: No Action Taken.
26: Wed Oct 12 20:51:35 2005 => Entry "HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" refers to invalid object "H:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll". Action Taken: No Action Taken.
27: Wed Oct 12 20:51:35 2005 => Entry "HKCR\CLSID\{390CE9F2-C4A0-11D4-8A92-0090271D4F88}" refers to invalid object "H:\Programme\Yahoo!\Messenger\ycrwin32.dll". Action Taken: No Action Taken.
28: Wed Oct 12 20:51:36 2005 => Entry "HKCR\CLSID\{41695A8E-6414-11D4-8FB3-00D0B7730277}" refers to invalid object "H:\Programme\Yahoo!\Messenger\asw.dll". Action Taken: No Action Taken.
29: Wed Oct 12 20:51:36 2005 => Entry "HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}" refers to invalid object "H:\Programme\Spybot - Search & Destroy\SDHelper.dll". Action Taken: No Action Taken.
30: Wed Oct 12 20:51:36 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "H:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
31: Wed Oct 12 20:51:36 2005 => Entry "HKCR\CLSID\{A5366673-E8CA-11D3-9CD9-0090271D075B}" refers to invalid object "H:\PROGRA~1\FlashGet\Jccatch.dll". Action Taken: No Action Taken.
32: Wed Oct 12 20:51:36 2005 => Entry "HKCR\CLSID\{B29DEB73-0511-4372-95E2-0EB539D929C9}" refers to invalid object "H:\PROGRA~1\ICQLite\ICQLIT~2.EXE". Action Taken: No Action Taken.
33: Wed Oct 12 20:51:37 2005 => Entry "HKCR\CLSID\{C16F618E-0B1A-426B-9216-1F588AE91F60}" refers to invalid object "H:\Programme\Ahead\nero\APHandler.dll". Action Taken: No Action Taken.
34: Wed Oct 12 20:51:37 2005 => Entry "HKCR\CLSID\{FB5DA722-162B-11D3-8B9B-AA70B4B0B524}" refers to invalid object "H:\PROGRA~1\FlashGet\Jccatch.dll". Action Taken: No Action Taken.
35: Wed Oct 12 20:51:37 2005 => Entry "HKCR\CLSID\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524}" refers to invalid object "H:\PROGRA~1\FlashGet\Jccatch.dll". Action Taken: No Action Taken.
36: Wed Oct 12 20:51:37 2005 => Entry "HKCR\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}" refers to invalid object "H:\WINDOWS\system32\hp72CE.tmp". Action Taken: No Action Taken.
37: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{057BA78D-FF70-4882-A53A-EE726AE26EE4}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
38: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{05801C43-50F8-4223-A789-8E91DAE773E7}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
39: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{07BA37DF-595F-4E86-85E7-C81B6E418ED9}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
40: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{08438D8A-B9D0-4D40-8CE5-C8837C9D15A6}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
41: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{0B40A8C3-3793-4FA3-9E59-87C8986F152F}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
42: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{0B969D90-3ABD-415C-8BD8-A30FFFC5D825}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
43: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{0CD88880-FF32-4E5B-8C98-40BABF42737B}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
44: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{0E6109B1-4C50-4DAD-AD73-14DCC0003C00}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
45: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{10219CB0-704B-4D7C-8765-A1AF6540D7B1}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
46: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{1139493D-6061-413E-9691-ED12539FB252}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
47: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{119F7B79-D650-4FE6-ACFE-018587BC7C73}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
48: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{12BE4F40-0F3B-451B-8FC8-3D5C34298F54}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
49: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{1495ABF6-82AE-4539-A9D9-0252FE84401D}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
50: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{1A76411C-C410-4B8A-90C6-9BEB1D21132D}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
51: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{1E1B286C-88FF-11D2-8D96-D7ACAC95951F}" refers to invalid object "H:\WINDOWS\system32\hp72CE.tmp". Action Taken: No Action Taken.
52: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{213869C6-EA82-4F9C-BBEB-C81FCF06800A}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
53: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{21613C3B-5CF9-4613-BCBC-E475975160B3}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
54: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{24229B9B-CDFD-4E92-BA9B-E6A9A2377097}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
55: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{24D62100-FD86-4A90-859C-04C4164CE241}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
56: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{286694D4-D584-47EB-BC06-8D67FF36B0E5}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
57: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{2900A216-A2BB-41F6-AECA-92D1EE56D267}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
58: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{2BEFE347-1343-49A1-836F-F1AEA2E8FA52}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
59: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{339E39AB-6905-4620-90D0-69499F9DC490}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
60: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{34E7DF3C-1041-421B-B803-980624DD044D}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
61: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{38E67511-7653-48A1-B05B-294BC8E39099}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
62: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{390CE9E4-C4A0-11D4-8A92-0090271D4F88}" refers to invalid object "H:\Programme\Yahoo!\Messenger\ycrwin32.dll". Action Taken: No Action Taken.
63: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{41695A81-6414-11D4-8FB3-00D0B7730277}" refers to invalid object "H:\Programme\Yahoo!\Messenger\asw.dll". Action Taken: No Action Taken.
64: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{47623C67-2106-4D70-8128-A4F7BD997BA7}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
65: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{497C0B82-5D89-45DE-8997-DEC99F839D2D}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
66: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{4B63B9F1-73D8-4BD9-86BB-91D7811AC61B}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
67: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{52412E06-1F41-427C-989B-367FB3CADC07}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
68: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{58D8372B-4EBC-42D5-B79F-3AAC7E05C9A8}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
69: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{5B6FE72C-0253-4DD1-BC6C-216985DB8D4B}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
70: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}" refers to invalid object "H:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll". Action Taken: No Action Taken.
71: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{604C88B3-2AFB-43C6-903C-7D853005ABCC}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
72: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{619152D9-2DE6-4089-B206-640F49FE29B3}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
73: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{658DD4F0-DC08-4CAB-BA13-28C8E0C4F121}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
74: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{680918E6-DD17-4CAD-8107-3F8933E7D426}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
75: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{69ADC9C2-8CBA-42ED-8EC1-FC52C2DD07A1}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
76: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{6BC4B2B6-69DB-4256-BAF5-2B72CC4D4E6F}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
77: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{79DE8D41-161C-11D3-8B9B-DF77640BA112}" refers to invalid object "H:\PROGRA~1\FlashGet\Jccatch.dll". Action Taken: No Action Taken.
78: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{80E6C5EB-7265-4BE3-A999-ECEBAACD7040}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
79: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{81882DAB-BEE5-4EC8-960C-6F5832F6853E}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
80: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{84A70B70-E99A-49CD-8C73-8FA3684A748D}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
81: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{86B79BD9-5ADD-4AFA-894F-F4E8A84B7AAC}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
82: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{8B7C6883-F480-4DD6-B8D6-CC74CD66F05D}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
83: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{8DAA47DA-B3B1-401F-B0A9-E7932DF0B1FC}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
84: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{8FD21A76-6F86-43FC-9B65-230D2ECDC725}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
85: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{90040D1B-521D-4F95-859C-5981CD78F709}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
86: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{905070B5-0BB5-44AE-9BCB-3F5283471A7F}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
87: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{98955799-4C17-4851-AAE0-93C15FA965FA}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
88: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{A0E34A59-8491-4CA9-9E16-1B9073C9F5CD}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
89: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{A69BC616-FE4B-419D-8056-BEB00DD72C0C}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
90: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{B3624A3A-5ABB-473F-A8F8-1DBAD47E96FA}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
91: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{B4970C2F-E853-43D8-AEBA-562BB333B8A9}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
92: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{B4A7B9CD-55CB-4691-95DB-8DA281457591}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
93: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{BA0A64C6-9661-4F5F-ACB5-AF807DC3C2B5}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
94: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{BAFF6A41-E3B3-48AD-8DAB-691C0B5EE0D9}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
95: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{BB294182-2C81-4819-B28B-998F8617328F}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
96: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{BBC490CB-AD64-477C-A979-F1EF41A2B56D}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
97: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{BC4F85BC-AB96-4912-9EB9-219F5C8A409F}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
98: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{BD42887E-3E98-4AE9-A0C9-7380FF73B02F}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
99: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{BEBF08B4-1B6A-4276-A3A6-C8D2AFECACD1}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
100: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{BF84BFD8-B411-4948-9BDA-3A6C02CE7BD4}" refers to invalid object "H:\Programme\Ahead\NeroVision\NeroVisionAPI.dll". Action Taken: No Action Taken.
101: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{C1EC16BD-0F60-44B6-9640-AF3F561928AC}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
102: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{C3323208-A7ED-401A-AF3A-D95645921F39}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
103: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{C69282D8-5924-4E70-8DE2-B7BABF0EA08A}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
104: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{C6C36510-76B3-4771-882B-833060201D05}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
105: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{C78ACB31-0603-448C-B3D0-298A148B71B2}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
106: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{CF59C96D-4E5F-4AD5-B9B1-F121D1DB9395}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
107: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{D0571F19-8904-40B6-8DDB-EBEA4F72B09D}" refers to invalid object "H:\Programme\Ahead\nero\APHandler.dll". Action Taken: No Action Taken.
108: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{D35760BE-AC10-4D1C-B15B-44493B715D78}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
109: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{D69D1DB2-C415-4982-AA93-05482AE5F1EA}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
110: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{D72843DE-F378-43D3-9F26-0C69E960144C}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
111: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{D760FD2A-A1C2-49EF-8BC4-340356E4AE84}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
112: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{DA010BB6-6D96-48A3-9983-E0C490B3DBDF}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
113: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{DBC8A4E0-3152-4D0D-AD6D-4EA05033695A}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
114: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "H:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
115: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{DDD641F3-EE4E-4872-A5C1-3324239960B3}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
116: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{DF5295A9-B00A-49CB-870B-EFB831764A1A}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
117: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{E0CAEC52-CAE6-4B98-B751-271E576D248D}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
118: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{E1A5D1CF-A05B-426F-9077-06A93341C165}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
119: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{E20C06DC-C336-45AD-B27E-A9EA9C3C4844}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
120: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{E39A07F5-4CBE-4151-AE41-21E86324D5F2}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
121: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{E3F00479-9753-40CC-B15A-AA955C3C45BE}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
122: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{E45D0B4F-F9E8-4D80-8BB9-F56DB24BDA01}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
123: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{EA458F2A-16CB-4392-92FA-804033BE99B4}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
124: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{F321E262-14AF-4F1A-AF3A-0F171372BEF4}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
125: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{FB3DB9A2-6480-48DB-B7EC-D34D09C78C0B}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
126: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{FF1FDC7F-86E3-4CCA-8B8A-1763C44D3B9E}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
127: Wed Oct 12 20:51:38 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
128: Wed Oct 12 20:51:38 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
129: Wed Oct 12 20:51:38 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "H:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
130: Wed Oct 12 20:51:38 2005 => Entry "HKCR\HP.1" refers to invalid object "{76b17cf3-3e51-4d69-a5e6-3fbed70f3481}". Action Taken: No Action Taken.
131: Wed Oct 12 20:51:38 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
132: Wed Oct 12 20:51:38 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
133: Wed Oct 12 20:51:38 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
134: Wed Oct 12 20:51:39 2005 => Entry "HKCR\PhotoBase.Document" refers to invalid object "{F90E7260-9545-11D0-87A0-444553540000}". Action Taken: No Action Taken.
135: Wed Oct 12 20:51:39 2005 => Entry "HKCR\PhotoBase.Document\shell\open\command" refers to invalid object "H:\Programme\ArcSoft\PhotoStudio 2000\PhotoBase\PHBASE.EXE "%1"". Action Taken: No Action Taken.
136: Wed Oct 12 20:51:39 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
137: Wed Oct 12 20:51:39 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
138: Wed Oct 12 20:51:39 2005 => Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
139: Wed Oct 12 20:51:39 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
140: Wed Oct 12 20:51:39 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
141: Wed Oct 12 20:51:39 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
142: Wed Oct 12 20:51:39 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
143: Wed Oct 12 20:51:39 2005 => Entry "HKCR\Zb.ZbCmdProcessRawImages" refers to invalid object "{4DCADFA0-556A-4288-AB68-833C51A2CF6B}". Action Taken: No Action Taken.
144: Wed Oct 12 20:51:39 2005 => Entry "HKCR\Zb.ZbCmdProcessRawImages.1" refers to invalid object "{4DCADFA0-556A-4288-AB68-833C51A2CF6B}". Action Taken: No Action Taken.
145: Wed Oct 12 20:51:39 2005 => Entry "HKCR\Zb.ZbCmdRemoteCapture" refers to invalid object "{7D5BAFEE-5A7D-4BB0-B709-A17422EEB658}". Action Taken: No Action Taken.
146: Wed Oct 12 20:51:39 2005 => Entry "HKCR\Zb.ZbCmdRemoteCapture.1" refers to invalid object "{7D5BAFEE-5A7D-4BB0-B709-A17422EEB658}". Action Taken: No Action Taken.

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: H:\WINDOWS\popuper.exe => Trojan.Win32.Puper.bg
2: H:\WINDOWS\system32\intmonp.exe => Trojan.Win32.Puper.bg
3: H:\WINDOWS\system32\intell32.exe => Trojan-Downloader.Win32.Small.vu
4: H:\Programme\AVPersonal\INFECTED\MSOLE32.EXE.VIR => Trojan-Clicker.Win32.Agent.cr
5: H:\Programme\backups\backup-20051011-211210-401.dll => Trojan.Win32.Puper.be
6: H:\Programme\backups\backup-20051011-211227-921.dll => Trojan.Win32.Puper.be
7: H:\Programme\freeripmp3.exe => Trojan-Downloader.Win32.Agent.kr
8: H:\RECYCLER\S-1-5-21-1547161642-1085031214-682003330-1003\Dh15.dll => Trojan-Clicker.Win32.Agent.dj
9: H:\RECYCLER\S-1-5-21-1547161642-1085031214-682003330-1003\Dh20.dll => Trojan-Clicker.Win32.Agent.dj
10: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0058658.exe => Trojan.Win32.Puper.bf
11: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0058659.exe => Trojan-Clicker.Win32.Agent.dj
12: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0058660.exe => Trojan.Win32.Puper.bd
13: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0058683.exe => Trojan-Clicker.Win32.Agent.dj
14: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0059686.exe => Trojan-Clicker.Win32.Agent.dj
15: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0059687.dll => Trojan-Clicker.Win32.Agent.dj
16: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0059695.dll => Trojan-Clicker.Win32.Agent.dj
17: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060695.exe => Trojan-Clicker.Win32.Agent.dj
18: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060696.dll => Trojan-Clicker.Win32.Agent.dj
19: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060802.exe => Trojan-Clicker.Win32.Agent.dj
20: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060813.exe => Trojan-Clicker.Win32.Agent.dj
21: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060814.dll => Trojan-Clicker.Win32.Agent.dj
22: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060822.exe => Trojan-Clicker.Win32.Agent.dj
23: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060823.dll => Trojan-Clicker.Win32.Agent.dj
24: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060833.exe => Trojan-Clicker.Win32.Agent.dj
25: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060834.dll => Trojan-Clicker.Win32.Agent.dj
26: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060874.exe => Trojan.Win32.Puper.bg
27: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060875.exe => Trojan-Clicker.Win32.Agent.dj
28: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060876.dll => Trojan-Clicker.Win32.Agent.dj
29: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0061874.exe => Trojan.Win32.Puper.bg
30: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0061875.exe => Trojan-Clicker.Win32.Agent.dj
31: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0061876.dll => Trojan-Clicker.Win32.Agent.dj
32: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0062874.exe => Trojan.Win32.Puper.bg
33: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0062875.exe => Trojan-Clicker.Win32.Agent.dj
34: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0062876.dll => Trojan-Clicker.Win32.Agent.dj
35: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062885.exe => Trojan.Win32.Puper.bg
36: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062886.dll => Trojan-Clicker.Win32.Agent.dj
37: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062894.exe => Trojan.Win32.Puper.bg
38: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062895.dll => Trojan-Clicker.Win32.Agent.dj
39: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062903.exe => Trojan.Win32.Puper.bg
40: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062904.exe => Trojan-Clicker.Win32.Agent.dj
41: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062905.dll => Trojan-Clicker.Win32.Agent.dj
42: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062940.exe => Trojan-Clicker.Win32.Agent.dj
43: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062959.exe => Trojan.Win32.Puper.bg
44: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062979.exe => Trojan.Win32.Puper.bg
45: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062980.exe => Trojan-Clicker.Win32.Agent.dj
46: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062981.dll => Trojan-Clicker.Win32.Agent.dj
47: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062997.exe => Trojan.Win32.Puper.bf
48: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062998.exe => Trojan-Downloader.Win32.Zlob.at
49: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062999.exe => Trojan-Clicker.Win32.Agent.dj
50: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0063000.exe => Trojan.Win32.Puper.bg
51: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0063001.dll => Trojan-Clicker.Win32.Agent.dj
52: H:\WINDOWS\system32\LogFiles\OD0080400.so => Trojan-Downloader.Win32.Small.bqx

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Thu Oct 13 01:17:28 2005 => Total Objects Scanned: 96614
Thu Oct 13 01:17:28 2005 => Total Virus(es) Found: 72
Thu Oct 13 01:17:28 2005 => Total Errors: 146
Thu Oct 13 01:17:28 2005 => Virus Database Date: 2005/10/12
Thu Oct 13 01:17:28 2005 => Virus Database Count: 153674
Thu Oct 13 01:28:53 2005 => Total Objects Scanned: 96614
Thu Oct 13 01:28:53 2005 => Total Virus(es) Found: 72
Thu Oct 13 01:28:53 2005 => Total Errors: 146
_________________________________________________________________

Volume in Laufwerk H: hat keine Bezeichnung.
Volumeseriennummer: 782A-5E54

Verzeichnis von H:\WINDOWS\system32

13.10.2005 13:33 3.072 intmonp.exe
13.10.2005 13:33 889 vsconfig.xml
10.10.2005 15:41 4.286 ot.ico
10.10.2005 15:41 4.286 ts.ico
10.10.2005 15:40 6.656 intell32.exe
10.10.2005 14:38 2.206 wpa.dbl
15.09.2005 15:31 3.799 jupdate-1.5.0_04-b05.log
20.08.2005 23:51 4.212 zllictbl.dat

Volume in Laufwerk H: hat keine Bezeichnung.
Volumeseriennummer: 782A-5E54

Verzeichnis von H:\DOKUME~1\Melanie\LOKALE~1\Temp

13.10.2005 13:37 16.384 ~DFA39E.tmp
13.10.2005 13:34 16.384 Perflib_Perfdata_abc.dat
13.10.2005 13:33 3.875 jusched.log
12.10.2005 20:36 398 kb.log
12.10.2005 20:27 16.384 ~DFC25C.tmp
11.10.2005 19:24 16.384 ~DF3739.tmp
11.10.2005 19:01 16.384 ~DF7E1C.tmp
11.10.2005 18:58 16.384 Perflib_Perfdata_dcc.dat
8 Datei(en) 102.577 Bytes
0 Verzeichnis(se), 10.062.856.192 Bytes frei

Volume in Laufwerk H: hat keine Bezeichnung.
Volumeseriennummer: 782A-5E54

Verzeichnis von H:\WINDOWS

13.10.2005 13:34 949 win.ini
13.10.2005 13:33 0 0.log
13.10.2005 13:33 159 wiadebug.log
13.10.2005 13:33 50 wiaservc.log
13.10.2005 13:32 2.048 bootstat.dat
13.10.2005 01:29 32.634 SchedLgU.Txt
13.10.2005 01:29 229.093 WindowsUpdate.log
11.10.2005 21:06 439 system.ini
10.10.2005 22:35 17.193 popuper.exe
10.10.2005 22:35 1.640 sites.ini
10.10.2005 15:40 3.072 uninstIU.exe
10.10.2005 15:40 1.668 warnhp.html
06.10.2005 15:32 116 NeroDigital.ini
26.09.2005 16:45 132 homeDVD-Fotos2_5.INI
20.09.2005 18:34 4.096 d3dx.dat
08.09.2005 14:53 1.233 pstudio.ini
04.09.2005 06:35 400 ODBC.INI
01.09.2005 18:44 218 cdplayer.ini
21.08.2005 21:38 130 TM.INI

Volume in Laufwerk H: hat keine Bezeichnung.
Volumeseriennummer: 782A-5E54

Verzeichnis von H:\

13.10.2005 13:55 0 sys.txt
13.10.2005 13:54 6.849 system.txt
13.10.2005 13:54 658 systemtemp.txt
13.10.2005 13:50 98.033 system32.txt
13.10.2005 13:32 402.653.184 pagefile.sys
29.09.2005 11:22 26 ioSpecial.ini
29.01.2005 22:53 3.693.597 ow32dede754,opera.exe
29.01.2005 20:12 210 boot.ini
29.01.2005 20:07 47.564 NTDETECT.COM
29.01.2005 20:07 251.184 ntldr
23.08.2001 16:00 4.952 bootfont.bin
11 Datei(en) 406.756.257 Bytes
0 Verzeichnis(se), 10.062.843.904 Bytes frei


LG
Nelli

#8 Hallo@nelli73

CCleaner (loesche alle temp-Dateien)
http://virus-protect.org/temp.html

KILLBOX
http://www.bleepingcomputer.com/files/killbox.php
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

Delete File on Reboot -- anhaken

reinkopieren:
...

und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

H:\Programme\AVPersonal\INFECTED\MSOLE32.EXE.VIR
H:\RECYCLER\S-1-5-21-1547161642-1085031214-682003330-1003\Dh15.dll
H:\RECYCLER\S-1-5-21-1547161642-1085031214-682003330-1003\Dh20.dll
H:\Programme\freeripmp3.exe
H:\WINDOWS\system32\intmonp.exe
H:\WINDOWS\system32\vsconfig.xml
H:\WINDOWS\system32\ot.ico
H:\WINDOWS\system32\ts.ico
H:\WINDOWS\system32\intell32.exe
H:\WINDOWS\popuper.exe
H:\WINDOWS\sites.ini
H:\Programme\jcdeu.ini
H:\WINDOWS\uninstIU.exe
H:\WINDOWS\warnhp.html
H:\WINDOWS\system32\LogFiles\OD0080400.so

PC neustarten

*reg-Datei
oben im Browser: Datei -- Seite speichern unter.. -- wähle "Desktop" -- speichern
http://www.bleepingcomputer.com/files/reg/smitfraud.reg
dann erscheint eine smitfraud.reg auf dem Desktop
Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "smitfraud.reg" auf dem Desktop doppelklicken und mit "ja" bestätigen, damit die reg*-Datei der Registry beigefügt wird und sofort den PC neustarten.

smitRem TOOL (Entfernungstool)
http://noahdfear.geekstogo.com/
öffne smitRem folder,Doppelklick: RunThis.bat
warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal)
suche smitfiles.txt und poste die Textdatei in den Thread

Deaktivieren Wiederherstellung
«XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

scanne mit ewido und poste den Scanreport
http://virus-protect.org/ewido.html
__________
MfG Sabina

rund um die PC-Sicherheit

#9 Hallo,
hier die dateien.


smitRem log file
version 2.6

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN!
_________________________________________________________________

---------------------------------------------------------
ewido security suite - Scan Report
---------------------------------------------------------

+ Erstellt am: 17:12:20, 14.10.2005
+ Report-Checksumme: 522A1215

+ Scanergebnis:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Gesäubert mit Backup
HKU\S-1-5-21-1547161642-1085031214-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Gesäubert mit Backup
H:\Dokumente und Einstellungen\Melanie\Cookies\melanie@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Gesäubert mit Backup
H:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll -> Spyware.HotBar : Gesäubert mit Backup
H:\WINDOWS\system32\AdCache -> Adware.Cydoor : Gesäubert mit Backup
H:\WINDOWS\system32\AdCache\B_434_0_0_106300.gif -> Adware.Cydoor : Gesäubert mit Backup
H:\WINDOWS\system32\AdCache\B_434_0_0_115100.gif -> Adware.Cydoor : Gesäubert mit Backup
H:\WINDOWS\system32\AdCache\B_434_0_0_132500.gif -> Adware.Cydoor : Gesäubert mit Backup
H:\WINDOWS\system32\AdCache\B_434_0_0_132600.gif -> Adware.Cydoor : Gesäubert mit Backup
H:\WINDOWS\system32\AdCache\B_434_0_0_157600.gif -> Adware.Cydoor : Gesäubert mit Backup
H:\WINDOWS\system32\AdCache\B_434_0_0_257900.gif -> Adware.Cydoor : Gesäubert mit Backup
H:\WINDOWS\system32\AdCache\B_434_0_0_262400.gif -> Adware.Cydoor : Gesäubert mit Backup
H:\WINDOWS\system32\AdCache\B_434_0_0_278400.gif -> Adware.Cydoor : Gesäubert mit Backup
H:\WINDOWS\system32\AdCache\B_434_0_0_278600.gif -> Adware.Cydoor : Gesäubert mit Backup
H:\WINDOWS\system32\AdCache\B_434_0_0_278800.gif -> Adware.Cydoor : Gesäubert mit Backup
H:\WINDOWS\system32\AdCache\B_434_0_0_278900.gif -> Adware.Cydoor : Gesäubert mit Backup
H:\WINDOWS\system32\AdCache\B_434_0_0_303900.gif -> Adware.Cydoor :
::Report Ende



LG Nelli

#10 http://virus-protect.org/onlinescan.html
scanne mit Panda und poste den Scanreport (falls der Antivirus "meckert"--> nicht beachten
__________
MfG Sabina

rund um die PC-Sicherheit

#11 Incident Status Location

Adware:adware/securityerror No disinfected H:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Center.url
Virus:Exploit/Mhtredir.gen Disinfected H:\Programme\AVPersonal\INFECTED\OPR0FY5L.HTM.VIR
Security Risk:Exploit/MIE.CHM No disinfected H:\Programme\AVPersonal\INFECTED\OPR0LTE5.HTML.VIR
LG nelli

#12 loesche manuell oder mit der Killbox:

H:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Center.url

H:\Programme\AVPersonal\INFECTED\OPR0FY5L.HTM.VIR
H:\Programme\AVPersonal\INFECTED\OPR0LTE5.HTML.VIR

dann poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit

#13 Hallo
Hier das ergebnis.

Logfile of HijackThis v1.99.1
Scan saved at 20:51:37, on 15.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
H:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
H:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
H:\Programme\AVPersonal\AVGNT.EXE
H:\Programme\Java\jre1.5.0_04\bin\jusched.exe
H:\Programme\Messenger\msmsgs.exe
H:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
H:\Programme\Logitech\SetPoint\KEM.exe
H:\Programme\WinZip\WZQKPICK.EXE
H:\Programme\Logitech\SetPoint\KHALMNPR.EXE
H:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
H:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
H:\Programme\AVPersonal\AVWUPSRV.EXE
H:\Programme\ewido\security suite\ewidoctrl.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\Programme\HijackThis.exe

O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - H:\Programme\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - H:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - H:\Programme\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [EM_EXEC] H:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "H:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ToADiMon.exe] H:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [TkBellExe] "H:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] "H:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "H:\Programme\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "H:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = H:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = H:\Programme\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = H:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Alles mit FlashGet laden - H:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - H:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - H:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - H:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.lycos.de/activex/zylomgamesplayer.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - H:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - H:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - H:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - H:\WINDOWS\system32\ZoneLabs\vsmon.exe

LG nelli

#14 nun muesste alles wieder in Ordnung sein, aber wir ueberpruefen NOCH EINMAL

lade die Trialversion (rechts), scanne und poste den Scanreport
http://www.webroot.com/consumer/products/spysweeper/index.html
__________
MfG Sabina

rund um die PC-Sicherheit

#15 ********
21:10: | Start of Session, Samstag, 15. Oktober 2005 |
21:10: Spy Sweeper started
21:10: Sweep initiated using definitions version 555
21:10: Starting Memory Sweep
21:14: Memory Sweep Complete, Elapsed Time: 00:04:06
21:14: Starting Registry Sweep
21:15: Found Adware: psguard desktop hijacker
21:15: HKLM\software\microsoft\windows\currentversion\uninstall\internet update\ (2 subtraces) (ID = 136964)
21:15: Found Trojan Horse: trojan-downloader-zlob
21:15: HKCR\nvideocodek.chl\ (2 subtraces) (ID = 820294)
21:15: HKLM\software\classes\nvideocodek.chl\ (2 subtraces) (ID = 820324)
21:15: Registry Sweep Complete, Elapsed Time:00:01:06
21:15: Starting Cookie Sweep
21:15: Found Spy Cookie: falkag cookie
21:15: melanie@as1.falkag[1].txt (ID = 2650)
21:15: Found Spy Cookie: fe.lea.lycos.com cookie
21:15: melanie@fe.lea.lycos[1].txt (ID = 2660)
21:15: Found Spy Cookie: tradedoubler cookie
21:15: melanie@tradedoubler[1].txt (ID = 3575)
21:15: Cookie Sweep Complete, Elapsed Time: 00:00:00
21:15: Starting File Sweep
21:33: File Sweep Complete, Elapsed Time: 00:18:01
21:33: Full Sweep has completed. Elapsed time 00:23:19
21:33: Traces Found: 12
********
21:08: | Start of Session, Samstag, 15. Oktober 2005 |
21:08: Spy Sweeper started
21:09: Your spyware definitions have been updated.
21:10: | End of Session, Samstag, 15. Oktober 2005 |


Übrigens ist mein Desktop immer noch weiss, ich kann dort kein bild reinmachen.

LG Nelli