TR/Click.526 - Wie werde ich es los?

#0
28.10.2005, 05:48
Moderator

Beiträge: 7805
#16 Ein Update waere nicht noetig. Das ergebnis der Find.bat oder von escancheck waere nicht schlecht, sofern escan noch was gefunden hat
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
28.10.2005, 09:13
Member

Beiträge: 21
#17 Hilfe!!! Jede Menge hat er gefunden...
der MWAV.Log ist superlang, welchen Teil soll ich da posten?

Gruß Birgit
Seitenanfang Seitenende
28.10.2005, 11:11
Moderator

Beiträge: 7805
#18 Du musst das log "azufbereiten" entweder wie im Artikel beschrieben mit Escan:
3. Möglichkeit - eScan-Checkb10 von Seeker:

Lade eScan-Checkb10 und entpacke das Archiv z.B. in den vorgeschlagenen Ordner 'C:\escheck' -> Installieren -> Datei -> eScan-Log öffnen -> mwav.log auswählen -> Haken setzen bei 'Backup der gelöschten Dateien anlegen' und 'Alle Dateien beim Neustart löschen' -> die gewünschten Dateien anhaken und auf den Button 'Dateien löschen' klicken.

oder mit find.bat(dazu muss sich ie mwav.log aber in c:\bases oder c:\bases_x befinden

http://www.trojaner-board.de/showthread.php?t=16936
[5] Rechtsklick auf die Find.rar -> Ziel speichern unter... z.B. 'C:\Find.rar' -> 'Find.rar' entpacken z.B. 'C:\Find.bat' -> 'Find.bat' doppelklicken und den Scan abwarten -> den Inhalt [6] der automatisch erstellten 'C:\eScan_neu.txt' posten.
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
28.10.2005, 15:52
Member

Beiträge: 21
#19 Hallo Ralf,
ich bekomme das nicht auf die Reihe... ich bin aber nicht blond...
Gibt en noch einen anderen Escan?

Gruß Birgit
Seitenanfang Seitenende
28.10.2005, 16:05
Moderator

Beiträge: 7805
#20 ;) Du kannst es auh auf die herkoemmliche Art machen. Lasse dir den Report am ende des Scanns anzeigen und kopiere nur die Zeilen aus dem Log, die "no actiion" enthalten hier ins Forum.

Wenn alle stricke Reissen, schicke das komplette log am besten mit Zip gepackt an vius@proteus.de
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
28.10.2005, 17:11
Member

Beiträge: 21
#21 Hallo Ralf,
das ist gut, das kann ich, denke ich...

So richtig???

Fri Oct 28 17:08:48 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Fri Oct 28 17:08:49 2005 => Loading Spyware Signatures from new External Database (Size: 145160).
Fri Oct 28 17:08:49 2005 => Indexed Spyware Databases Successfully Created...

Fri Oct 28 17:09:19 2005 => Offending file found: C:\WINDOWS\system32\mydll.dll
Fri Oct 28 17:09:19 2005 => System found infected with advsearch Spyware/Adware (mydll.dll)! Action taken: No Action Taken.

Fri Oct 28 17:09:29 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\programme\ebay\turbo lister\helper.exe
Fri Oct 28 17:09:29 2005 => System found infected with helper Spyware/Adware (helper.exe)! Action taken: No Action Taken.

Fri Oct 28 17:09:29 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\blank.html
Fri Oct 28 17:09:29 2005 => System found infected with media tickets Spyware/Adware (blank.html)! Action taken: No Action Taken.

Fri Oct 28 17:09:29 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\loading.html
Fri Oct 28 17:09:29 2005 => System found infected with purityscan Spyware/Adware (loading.html)! Action taken: No Action Taken.

Fri Oct 28 17:09:30 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\search.html
Fri Oct 28 17:09:30 2005 => System found infected with whenu.sidefinder Spyware/Adware (search.html)! Action taken: No Action Taken.

Fri Oct 28 17:09:30 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\terms.html
Fri Oct 28 17:09:30 2005 => System found infected with tv media display Spyware/Adware (terms.html)! Action taken: No Action Taken.

Fri Oct 28 17:09:48 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Lokale Einstellungen\anwendungsdaten\im\runtime\emoticoncenter\new.gif
Fri Oct 28 17:09:48 2005 => System found infected with ezula toptext Spyware/Adware (new.gif)! Action taken: No Action Taken.

Fri Oct 28 17:09:53 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Lokale Einstellungen\temporary internet files\content.ie5\h8dshbmm\show_ads[2].js
Fri Oct 28 17:09:53 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.

Fri Oct 28 17:09:57 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Lokale Einstellungen\Anwendungsdaten\im\runtime\emoticoncenter\new.gif
Fri Oct 28 17:09:57 2005 => System found infected with ezula toptext Spyware/Adware (new.gif)! Action taken: No Action Taken.

Fri Oct 28 17:09:58 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Lokale Einstellungen\Temporary Internet Files\content.ie5\h8dshbmm\show_ads[2].js
Fri Oct 28 17:09:58 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.

Fri Oct 28 17:10:04 2005 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Favoriten\online pharmacy
Fri Oct 28 17:10:04 2005 => Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Fri Oct 28 17:10:06 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\programme\ebay\turbo lister\helper.exe
Fri Oct 28 17:10:06 2005 => System found infected with helper Spyware/Adware (helper.exe)! Action taken: No Action Taken.

Fri Oct 28 17:10:06 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\blank.html
Fri Oct 28 17:10:06 2005 => System found infected with media tickets Spyware/Adware (blank.html)! Action taken: No Action Taken.

Fri Oct 28 17:10:06 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\loading.html
Fri Oct 28 17:10:06 2005 => System found infected with purityscan Spyware/Adware (loading.html)! Action taken: No Action Taken.

Fri Oct 28 17:10:06 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\search.html
Fri Oct 28 17:10:06 2005 => System found infected with whenu.sidefinder Spyware/Adware (search.html)! Action taken: No Action Taken.

Fri Oct 28 17:10:07 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\terms.html
Fri Oct 28 17:10:07 2005 => System found infected with tv media display Spyware/Adware (terms.html)! Action taken: No Action Taken.


Fri Oct 28 17:10:07 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Fri Oct 28 17:10:07 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPUWalcontrol.dll". Action Taken: No Action Taken.

Fri Oct 28 17:10:07 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ipixx.ocx". Action Taken: No Action Taken.

Fri Oct 28 17:10:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\UDConn.dll". Action Taken: No Action Taken.

Fri Oct 28 17:10:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\PWActiveXImgCtl.dll". Action Taken: No Action Taken.

Fri Oct 28 17:10:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPScontrol.dll". Action Taken: No Action Taken.

Fri Oct 28 17:10:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPUWalcontrol.dll". Action Taken: No Action Taken.

Fri Oct 28 17:10:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ipixx.ocx". Action Taken: No Action Taken.

Fri Oct 28 17:10:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\FRITZ!DSL\Avmcsock.dll". Action Taken: No Action Taken.

Fri Oct 28 17:10:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\Rar$EX28.426\hijackthis.exe". Action Taken: No Action Taken.

Fri Oct 28 17:10:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\CBF\Shopentwickler\". Action Taken: No Action Taken.

Fri Oct 28 17:10:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\CBF\". Action Taken: No Action Taken.

Fri Oct 28 17:10:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\CBF\Shopentwickler\temp\". Action Taken: No Action Taken.

Fri Oct 28 17:10:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Roxio\WinOnCD 6 Power Edition\". Action Taken: No Action Taken.

Fri Oct 28 17:10:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Roxio\". Action Taken: No Action Taken.

Fri Oct 28 17:10:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Roxio\WinOnCD 6 Power Edition\Internet\". Action Taken: No Action Taken.

Fri Oct 28 17:10:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\SchnapperPro\". Action Taken: No Action Taken.

Fri Oct 28 17:10:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\SchnapperPlus\". Action Taken: No Action Taken.

Fri Oct 28 17:10:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Willi-3-gebotmanager\". Action Taken: No Action Taken.

Fri Oct 28 17:10:15 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".$$$". Action Taken: No Action Taken.

Fri Oct 28 17:10:15 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".05". Action Taken: No Action Taken.

Fri Oct 28 17:10:15 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".CTG". Action Taken: No Action Taken.

Fri Oct 28 17:10:15 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/html/". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".icq". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rft". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".shopscript". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sln". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".THM". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".UAS". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ad-aware 6 Personal". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Date Manager". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "IncrediMail Xe". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{2219B71E-F823-4B58-870B-C239B0076DF9}". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "kAmel". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB282010". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810243". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817778". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB820291". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821253". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821557". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823559". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823980". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833998". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837272". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Pdf995". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "PrecisionTime". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q322011". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q328310". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329048". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329115". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329170". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329390". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329441". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329834". Action Taken: No Action Taken.

Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331953". Action Taken: No Action Taken.

Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810565". Action Taken: No Action Taken.

Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810577". Action Taken: No Action Taken.

Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810833". Action Taken: No Action Taken.

Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q811493". Action Taken: No Action Taken.

Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814033". Action Taken: No Action Taken.

Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken.

Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815021". Action Taken: No Action Taken.

Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815485". Action Taken: No Action Taken.

Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817606". Action Taken: No Action Taken.

Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.

Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Uninstall VistaShuttle". Action Taken: No Action Taken.

Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Yahoo! Companion". Action Taken: No Action Taken.

Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{37F9ADDE-0532-4C50-A2D1-850BF1DB0D36}". Action Taken: No Action Taken.

Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AEEB3643-71DE-414d-9E3F-1159177FE211}". Action Taken: No Action Taken.

Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C5D3B8FB-C4B5-4506-A452-B044246026F3}". Action Taken: No Action Taken.

Fri Oct 28 17:10:19 2005 => Entry "HKCR\CLSID\{550B32CE-4EDA-11D2-A4C7-00104B9E1179}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ipixx.ocx". Action Taken: No Action Taken.

Fri Oct 28 17:10:19 2005 => Entry "HKCR\CLSID\{5F28894A-C443-4FCB-885B-13411C1A0602}" refers to invalid object "C:\Programme\willi-3\willi3.exe". Action Taken: No Action Taken.

Fri Oct 28 17:10:19 2005 => Entry "HKCR\CLSID\{6C059294-28B5-4AAF-96F8-2046C5FE463A}" refers to invalid object "C:\Programme\willi-3\willi3.exe". Action Taken: No Action Taken.

Fri Oct 28 17:10:20 2005 => Entry "HKCR\CLSID\{BBE0BE84-4863-4308-B76B-6D914AD84CCF}" refers to invalid object "C:\Programme\willi-3\willi3.exe". Action Taken: No Action Taken.

Fri Oct 28 17:10:21 2005 => Entry "HKCR\CLSID\{EA81472C-AE18-41F1-853C-38B130CD5B75}" refers to invalid object "C:\Programme\willi-3\willi3.exe". Action Taken: No Action Taken.

Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{0B442C4B-F857-4264-A490-30844304A6C4}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.

Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{36F3E833-E71E-4D03-A0E3-98617CD270F4}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.

Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{442E941B-A800-4CA4-B824-ACAEAB231285}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.

Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{523AC2C3-6FAE-4126-A43E-18F810607FCE}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.

Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{64AD6936-1E5F-4C97-93D2-5A673FFD7B1A}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.

Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{771E59B4-841C-4947-8269-69EA3BE1D77D}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.

Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{816EB4BA-739A-4626-8FC9-A9251E5D19B9}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.

Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{86F39C41-E736-4B1C-91B2-A0DFC7FB4961}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.

Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{AE0FA2CA-3A4B-409B-8C02-1D4AE09E74EA}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.

Fri Oct 28 17:10:23 2005 => Entry "HKCR\TypeLib\{D32AFCC3-1ED4-45E7-ABBB-935930C00F6F}" refers to invalid object "C:\Programme\willi-3\willi3.exe". Action Taken: No Action Taken.

Fri Oct 28 17:10:24 2005 => Entry "HKCR\Cdooff.ItemType" refers to invalid object "{9EFBF860-5685-11D3-AA3D-00C04F4C5275}". Action Taken: No Action Taken.

Fri Oct 28 17:10:24 2005 => Entry "HKCR\Cdooff.ItemType.1" refers to invalid object "{9EFBF860-5685-11D3-AA3D-00C04F4C5275}". Action Taken: No Action Taken.

Fri Oct 28 17:10:26 2005 => Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.

Fri Oct 28 17:10:26 2005 => Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.

Fri Oct 28 17:10:26 2005 => Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.

Fri Oct 28 17:10:26 2005 => Entry "HKCR\Ulead.VOE.1" refers to invalid object "{6C91BBFD-0781-4936-A3DC-10D60BA3294D}

". Action Taken: No Action Taken.


Fri Oct 28 17:10:26 2005 => ***** Checking for specific ITW Viruses *****
Fri Oct 28 17:10:26 2005 => Checking for Welchia Virus...
Fri Oct 28 17:10:26 2005 => Checking for LovGate Virus...
Fri Oct 28 17:10:26 2005 => Checking for CodeRed Virus...
Fri Oct 28 17:10:26 2005 => Checking for OpaServ Virus...
Fri Oct 28 17:10:26 2005 => Checking for Sobig.e Virus...
Fri Oct 28 17:10:26 2005 => Checking for Winupie Virus...
Fri Oct 28 17:10:26 2005 => Checking for Swen Virus...
Fri Oct 28 17:10:27 2005 => Checking for JS.Fortnight Virus...
Fri Oct 28 17:10:27 2005 => Checking for Novarg Virus...
Fri Oct 28 17:10:27 2005 => Checking for Pagabot Virus...
Fri Oct 28 17:10:27 2005 => Checking for Parite.b Virus...
Fri Oct 28 17:10:27 2005 => Checking for Parite.a Virus...
Fri Oct 28 17:10:27 2005 => Checking for Adware.SeekSeek Virus...

Fri Oct 28 17:10:27 2005 => ***** Scanning complete. *****

Fri Oct 28 17:10:27 2005 => Total Objects Scanned: 22477
Fri Oct 28 17:10:27 2005 => Total Virus(es) Found: 16
Fri Oct 28 17:10:27 2005 => Total Disinfected Files: 0
Fri Oct 28 17:10:27 2005 => Total Files Renamed: 0
Fri Oct 28 17:10:27 2005 => Total Deleted Objects: 0
Fri Oct 28 17:10:27 2005 => Total Errors: 116
Fri Oct 28 17:10:27 2005 => Time Elapsed: 00:02:41
Fri Oct 28 17:10:27 2005 => Virus Database Date: 2005/10/21
Fri Oct 28 17:10:27 2005 => Virus Database Count: 155382

Fri Oct 28 17:10:27 2005 => Scan Completed.

Gruß Birgit
Seitenanfang Seitenende
28.10.2005, 17:17
Moderator

Beiträge: 7805
#22 Das sieht stark nach resten/ueberbleibsel in der Registrierung aus.

Versuche diese mit ccleaner www.cleaner.com zu beseitigen, oder nutze Tuneup Utilities dafuer: http://www.tuneup.de/
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
28.10.2005, 17:48
Member

Beiträge: 21
#23 Hallo Ralf,
habe ich gemacht mit Tuneup Utilities, und was jetzt?
Nochmal einen Escan?

Gruß Birgit
Seitenanfang Seitenende
28.10.2005, 17:58
Moderator

Beiträge: 7805
#24 Nein, brauchst du nicht unbedingt. Wenn du mit dem "Tuneup Registrycleaner" alles gereinigt hast, sollte nichts mehr gemeldet werden, bzw sind diese Eintraege nicht gefaehrlich.
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
28.10.2005, 18:07
Member

Beiträge: 21
#25 Dann danke ich Dir vielmals für Deine Engelsgeduld und Hilfe!

Gruß Birgit
Seitenanfang Seitenende
28.10.2005, 18:08
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#26 gleddes

das sollte geloescht werden

C:\WINDOWS\system32\mydll.dll

C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\search.html
C:\Dokumente und Einstellungen\bho\Lokale Einstellungen\anwendungsdaten\im\runtime\emoticoncenter\new.gif

C:\Dokumente und Einstellungen\All Users\Favoriten\online pharmacy

C:\Dokumente und Einstellungen\bho\Lokale Einstellungen\Temporary Internet Files\content.ie5\h8dshbmm\show_ads[2].js

CCleaner (zum Loeschen der temporaeren Dateien)
http://virus-protect.org/temp.html

EWIDO (scannen)
http://virus-protect.org/ewido.html

COUNTERSPY (scannen und nach Anweisung alle Malware loeschen)
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.10.2005, 18:49
Member

Beiträge: 21
#27 Hallo Sabina,
oh je... wie oder wo lösche ich die Dateien, damit sie auch wirklich weck sind?

Gruß Birgit
Seitenanfang Seitenende
29.10.2005, 16:05
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#28 nun, manuell vielleicht ? Mit der Windows-Suche und dann fleissig loeschen ;)

Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren
+
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: