TR/Click.526 - Wie werde ich es los? |
||
|---|---|---|
| #0
| ||
|
28.10.2005, 05:48
Moderator
Beiträge: 7805 |
||
 
|
|
|
|
28.10.2005, 09:13
Member
Beiträge: 21 |
#17
Hilfe!!! Jede Menge hat er gefunden...
der MWAV.Log ist superlang, welchen Teil soll ich da posten? Gruß Birgit |
|
|
|
|
|
|
28.10.2005, 11:11
Moderator
Beiträge: 7805 |
#18
Du musst das log "azufbereiten" entweder wie im Artikel beschrieben mit Escan:
3. Möglichkeit - eScan-Checkb10 von Seeker: Lade eScan-Checkb10 und entpacke das Archiv z.B. in den vorgeschlagenen Ordner 'C:\escheck' -> Installieren -> Datei -> eScan-Log öffnen -> mwav.log auswählen -> Haken setzen bei 'Backup der gelöschten Dateien anlegen' und 'Alle Dateien beim Neustart löschen' -> die gewünschten Dateien anhaken und auf den Button 'Dateien löschen' klicken. oder mit find.bat(dazu muss sich ie mwav.log aber in c:\bases oder c:\bases_x befinden http://www.trojaner-board.de/showthread.php?t=16936 [5] Rechtsklick auf die Find.rar -> Ziel speichern unter... z.B. 'C:\Find.rar' -> 'Find.rar' entpacken z.B. 'C:\Find.bat' -> 'Find.bat' doppelklicken und den Scan abwarten -> den Inhalt [6] der automatisch erstellten 'C:\eScan_neu.txt' posten. __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
28.10.2005, 15:52
Member
Beiträge: 21 |
#19
Hallo Ralf,
ich bekomme das nicht auf die Reihe... ich bin aber nicht blond... Gibt en noch einen anderen Escan? Gruß Birgit |
|
|
|
|
|
|
28.10.2005, 16:05
Moderator
Beiträge: 7805 |
#20
 Du kannst es auh auf die herkoemmliche Art machen. Lasse dir den Report am ende des Scanns anzeigen und kopiere nur die Zeilen aus dem Log, die "no actiion" enthalten hier ins Forum.Wenn alle stricke Reissen, schicke das komplette log am besten mit Zip gepackt an vius@proteus.de __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
28.10.2005, 17:11
Member
Beiträge: 21 |
#21
Hallo Ralf,
das ist gut, das kann ich, denke ich... So richtig??? Fri Oct 28 17:08:48 2005 => ***** Scanning Registry and File system for Adware/Spyware ***** Fri Oct 28 17:08:49 2005 => Loading Spyware Signatures from new External Database (Size: 145160). Fri Oct 28 17:08:49 2005 => Indexed Spyware Databases Successfully Created... Fri Oct 28 17:09:19 2005 => Offending file found: C:\WINDOWS\system32\mydll.dll Fri Oct 28 17:09:19 2005 => System found infected with advsearch Spyware/Adware (mydll.dll)! Action taken: No Action Taken. Fri Oct 28 17:09:29 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\programme\ebay\turbo lister\helper.exe Fri Oct 28 17:09:29 2005 => System found infected with helper Spyware/Adware (helper.exe)! Action taken: No Action Taken. Fri Oct 28 17:09:29 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\blank.html Fri Oct 28 17:09:29 2005 => System found infected with media tickets Spyware/Adware (blank.html)! Action taken: No Action Taken. Fri Oct 28 17:09:29 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\loading.html Fri Oct 28 17:09:29 2005 => System found infected with purityscan Spyware/Adware (loading.html)! Action taken: No Action Taken. Fri Oct 28 17:09:30 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\search.html Fri Oct 28 17:09:30 2005 => System found infected with whenu.sidefinder Spyware/Adware (search.html)! Action taken: No Action Taken. Fri Oct 28 17:09:30 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\terms.html Fri Oct 28 17:09:30 2005 => System found infected with tv media display Spyware/Adware (terms.html)! Action taken: No Action Taken. Fri Oct 28 17:09:48 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Lokale Einstellungen\anwendungsdaten\im\runtime\emoticoncenter\new.gif Fri Oct 28 17:09:48 2005 => System found infected with ezula toptext Spyware/Adware (new.gif)! Action taken: No Action Taken. Fri Oct 28 17:09:53 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Lokale Einstellungen\temporary internet files\content.ie5\h8dshbmm\show_ads[2].js Fri Oct 28 17:09:53 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. Fri Oct 28 17:09:57 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Lokale Einstellungen\Anwendungsdaten\im\runtime\emoticoncenter\new.gif Fri Oct 28 17:09:57 2005 => System found infected with ezula toptext Spyware/Adware (new.gif)! Action taken: No Action Taken. Fri Oct 28 17:09:58 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Lokale Einstellungen\Temporary Internet Files\content.ie5\h8dshbmm\show_ads[2].js Fri Oct 28 17:09:58 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. Fri Oct 28 17:10:04 2005 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Favoriten\online pharmacy Fri Oct 28 17:10:04 2005 => Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken. Fri Oct 28 17:10:06 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\programme\ebay\turbo lister\helper.exe Fri Oct 28 17:10:06 2005 => System found infected with helper Spyware/Adware (helper.exe)! Action taken: No Action Taken. Fri Oct 28 17:10:06 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\blank.html Fri Oct 28 17:10:06 2005 => System found infected with media tickets Spyware/Adware (blank.html)! Action taken: No Action Taken. Fri Oct 28 17:10:06 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\loading.html Fri Oct 28 17:10:06 2005 => System found infected with purityscan Spyware/Adware (loading.html)! Action taken: No Action Taken. Fri Oct 28 17:10:06 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\search.html Fri Oct 28 17:10:06 2005 => System found infected with whenu.sidefinder Spyware/Adware (search.html)! Action taken: No Action Taken. Fri Oct 28 17:10:07 2005 => Offending file found: C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\terms.html Fri Oct 28 17:10:07 2005 => System found infected with tv media display Spyware/Adware (terms.html)! Action taken: No Action Taken. Fri Oct 28 17:10:07 2005 => ***** Scanning Registry for errors created because of Adware/Spyware ***** Fri Oct 28 17:10:07 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPUWalcontrol.dll". Action Taken: No Action Taken. Fri Oct 28 17:10:07 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ipixx.ocx". Action Taken: No Action Taken. Fri Oct 28 17:10:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\UDConn.dll". Action Taken: No Action Taken. Fri Oct 28 17:10:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\PWActiveXImgCtl.dll". Action Taken: No Action Taken. Fri Oct 28 17:10:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPScontrol.dll". Action Taken: No Action Taken. Fri Oct 28 17:10:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPUWalcontrol.dll". Action Taken: No Action Taken. Fri Oct 28 17:10:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ipixx.ocx". Action Taken: No Action Taken. Fri Oct 28 17:10:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\FRITZ!DSL\Avmcsock.dll". Action Taken: No Action Taken. Fri Oct 28 17:10:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\Rar$EX28.426\hijackthis.exe". Action Taken: No Action Taken. Fri Oct 28 17:10:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\CBF\Shopentwickler\". Action Taken: No Action Taken. Fri Oct 28 17:10:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\CBF\". Action Taken: No Action Taken. Fri Oct 28 17:10:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\CBF\Shopentwickler\temp\". Action Taken: No Action Taken. Fri Oct 28 17:10:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Roxio\WinOnCD 6 Power Edition\". Action Taken: No Action Taken. Fri Oct 28 17:10:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Roxio\". Action Taken: No Action Taken. Fri Oct 28 17:10:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Roxio\WinOnCD 6 Power Edition\Internet\". Action Taken: No Action Taken. Fri Oct 28 17:10:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\SchnapperPro\". Action Taken: No Action Taken. Fri Oct 28 17:10:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\SchnapperPlus\". Action Taken: No Action Taken. Fri Oct 28 17:10:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Willi-3-gebotmanager\". Action Taken: No Action Taken. Fri Oct 28 17:10:15 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".$$$". Action Taken: No Action Taken. Fri Oct 28 17:10:15 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".05". Action Taken: No Action Taken. Fri Oct 28 17:10:15 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".CTG". Action Taken: No Action Taken. Fri Oct 28 17:10:15 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/html/". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".icq". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rft". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".shopscript". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sln". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".THM". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".UAS". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ad-aware 6 Personal". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Date Manager". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "IncrediMail Xe". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{2219B71E-F823-4B58-870B-C239B0076DF9}". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "kAmel". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB282010". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810243". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817778". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB820291". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821253". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821557". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823559". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823980". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833998". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837272". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Pdf995". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "PrecisionTime". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q322011". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q328310". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329048". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329115". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329170". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329390". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329441". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329834". Action Taken: No Action Taken. Fri Oct 28 17:10:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331953". Action Taken: No Action Taken. Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810565". Action Taken: No Action Taken. Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810577". Action Taken: No Action Taken. Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810833". Action Taken: No Action Taken. Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q811493". Action Taken: No Action Taken. Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814033". Action Taken: No Action Taken. Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken. Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815021". Action Taken: No Action Taken. Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815485". Action Taken: No Action Taken. Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817606". Action Taken: No Action Taken. Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken. Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Uninstall VistaShuttle". Action Taken: No Action Taken. Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Yahoo! Companion". Action Taken: No Action Taken. Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{37F9ADDE-0532-4C50-A2D1-850BF1DB0D36}". Action Taken: No Action Taken. Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AEEB3643-71DE-414d-9E3F-1159177FE211}". Action Taken: No Action Taken. Fri Oct 28 17:10:17 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C5D3B8FB-C4B5-4506-A452-B044246026F3}". Action Taken: No Action Taken. Fri Oct 28 17:10:19 2005 => Entry "HKCR\CLSID\{550B32CE-4EDA-11D2-A4C7-00104B9E1179}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ipixx.ocx". Action Taken: No Action Taken. Fri Oct 28 17:10:19 2005 => Entry "HKCR\CLSID\{5F28894A-C443-4FCB-885B-13411C1A0602}" refers to invalid object "C:\Programme\willi-3\willi3.exe". Action Taken: No Action Taken. Fri Oct 28 17:10:19 2005 => Entry "HKCR\CLSID\{6C059294-28B5-4AAF-96F8-2046C5FE463A}" refers to invalid object "C:\Programme\willi-3\willi3.exe". Action Taken: No Action Taken. Fri Oct 28 17:10:20 2005 => Entry "HKCR\CLSID\{BBE0BE84-4863-4308-B76B-6D914AD84CCF}" refers to invalid object "C:\Programme\willi-3\willi3.exe". Action Taken: No Action Taken. Fri Oct 28 17:10:21 2005 => Entry "HKCR\CLSID\{EA81472C-AE18-41F1-853C-38B130CD5B75}" refers to invalid object "C:\Programme\willi-3\willi3.exe". Action Taken: No Action Taken. Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{0B442C4B-F857-4264-A490-30844304A6C4}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{36F3E833-E71E-4D03-A0E3-98617CD270F4}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{442E941B-A800-4CA4-B824-ACAEAB231285}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{523AC2C3-6FAE-4126-A43E-18F810607FCE}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{64AD6936-1E5F-4C97-93D2-5A673FFD7B1A}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{771E59B4-841C-4947-8269-69EA3BE1D77D}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken. Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{816EB4BA-739A-4626-8FC9-A9251E5D19B9}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{86F39C41-E736-4B1C-91B2-A0DFC7FB4961}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. Fri Oct 28 17:10:22 2005 => Entry "HKCR\TypeLib\{AE0FA2CA-3A4B-409B-8C02-1D4AE09E74EA}" refers to invalid object "C:\DOKUME~1\bho\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. Fri Oct 28 17:10:23 2005 => Entry "HKCR\TypeLib\{D32AFCC3-1ED4-45E7-ABBB-935930C00F6F}" refers to invalid object "C:\Programme\willi-3\willi3.exe". Action Taken: No Action Taken. Fri Oct 28 17:10:24 2005 => Entry "HKCR\Cdooff.ItemType" refers to invalid object "{9EFBF860-5685-11D3-AA3D-00C04F4C5275}". Action Taken: No Action Taken. Fri Oct 28 17:10:24 2005 => Entry "HKCR\Cdooff.ItemType.1" refers to invalid object "{9EFBF860-5685-11D3-AA3D-00C04F4C5275}". Action Taken: No Action Taken. Fri Oct 28 17:10:26 2005 => Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken. Fri Oct 28 17:10:26 2005 => Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken. Fri Oct 28 17:10:26 2005 => Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken. Fri Oct 28 17:10:26 2005 => Entry "HKCR\Ulead.VOE.1" refers to invalid object "{6C91BBFD-0781-4936-A3DC-10D60BA3294D} ". Action Taken: No Action Taken. Fri Oct 28 17:10:26 2005 => ***** Checking for specific ITW Viruses ***** Fri Oct 28 17:10:26 2005 => Checking for Welchia Virus... Fri Oct 28 17:10:26 2005 => Checking for LovGate Virus... Fri Oct 28 17:10:26 2005 => Checking for CodeRed Virus... Fri Oct 28 17:10:26 2005 => Checking for OpaServ Virus... Fri Oct 28 17:10:26 2005 => Checking for Sobig.e Virus... Fri Oct 28 17:10:26 2005 => Checking for Winupie Virus... Fri Oct 28 17:10:26 2005 => Checking for Swen Virus... Fri Oct 28 17:10:27 2005 => Checking for JS.Fortnight Virus... Fri Oct 28 17:10:27 2005 => Checking for Novarg Virus... Fri Oct 28 17:10:27 2005 => Checking for Pagabot Virus... Fri Oct 28 17:10:27 2005 => Checking for Parite.b Virus... Fri Oct 28 17:10:27 2005 => Checking for Parite.a Virus... Fri Oct 28 17:10:27 2005 => Checking for Adware.SeekSeek Virus... Fri Oct 28 17:10:27 2005 => ***** Scanning complete. ***** Fri Oct 28 17:10:27 2005 => Total Objects Scanned: 22477 Fri Oct 28 17:10:27 2005 => Total Virus(es) Found: 16 Fri Oct 28 17:10:27 2005 => Total Disinfected Files: 0 Fri Oct 28 17:10:27 2005 => Total Files Renamed: 0 Fri Oct 28 17:10:27 2005 => Total Deleted Objects: 0 Fri Oct 28 17:10:27 2005 => Total Errors: 116 Fri Oct 28 17:10:27 2005 => Time Elapsed: 00:02:41 Fri Oct 28 17:10:27 2005 => Virus Database Date: 2005/10/21 Fri Oct 28 17:10:27 2005 => Virus Database Count: 155382 Fri Oct 28 17:10:27 2005 => Scan Completed. Gruß Birgit |
|
|
|
|
|
|
28.10.2005, 17:17
Moderator
Beiträge: 7805 |
#22
Das sieht stark nach resten/ueberbleibsel in der Registrierung aus.
Versuche diese mit ccleaner www.cleaner.com zu beseitigen, oder nutze Tuneup Utilities dafuer: http://www.tuneup.de/ __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
28.10.2005, 17:48
Member
Beiträge: 21 |
||
|
|
|
|
|
28.10.2005, 17:58
Moderator
Beiträge: 7805 |
#24
Nein, brauchst du nicht unbedingt. Wenn du mit dem "Tuneup Registrycleaner" alles gereinigt hast, sollte nichts mehr gemeldet werden, bzw sind diese Eintraege nicht gefaehrlich.
__________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
28.10.2005, 18:07
Member
Beiträge: 21 |
||
|
|
|
|
|
28.10.2005, 18:08
Ehrenmitglied
 Beiträge: 29434 |
#26
gleddes
das sollte geloescht werden C:\WINDOWS\system32\mydll.dll C:\Dokumente und Einstellungen\bho\Eigene Dateien\shop\de\search.html C:\Dokumente und Einstellungen\bho\Lokale Einstellungen\anwendungsdaten\im\runtime\emoticoncenter\new.gif C:\Dokumente und Einstellungen\All Users\Favoriten\online pharmacy C:\Dokumente und Einstellungen\bho\Lokale Einstellungen\Temporary Internet Files\content.ie5\h8dshbmm\show_ads[2].js CCleaner (zum Loeschen der temporaeren Dateien) http://virus-protect.org/temp.html EWIDO (scannen) http://virus-protect.org/ewido.html COUNTERSPY (scannen und nach Anweisung alle Malware loeschen) http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
28.10.2005, 18:49
Member
Beiträge: 21 |
#27
Hallo Sabina,
oh je... wie oder wo lösche ich die Dateien, damit sie auch wirklich weck sind? Gruß Birgit |
|
|
|
|
|
|
29.10.2005, 16:05
Ehrenmitglied
Beiträge: 29434 |
#28
nun, manuell vielleicht ? Mit der Windows-Suche und dann fleissig loeschen
 Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren + Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
__________
MfG Ralf
SEO-Spam Hunter