Bitte um Logfileanalyse durch Profis

#0
02.11.2005, 01:33
Member

Beiträge: 14
#1 Liebe Profis, kann bitte jemand mal das Logfile durchsehen. Ich hab schon selbst eine Analyse versucht, konnte aber anhand von Anleitungen nur O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe als Mist identifizieren (und fixen). Ab 08 und folgend vermute ich noch mehr Zeugs, aber ich weiß nicht....
Zuvor habe ich mit Stinger einen sdbot.worm gefunden und gelöscht. Ich hoffe, der ist weg und kommt nicht wieder.
Vielen Dank für Hilfe
marimba

Logfile of HijackThis v1.99.0
Scan saved at 00:49:12, on 02.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Launch Manager\QtZgAcer.EXE
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Outlook Express\msimn.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Programme\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Window Monitor] winmon32.exe
O4 - HKLM\..\Run: [wvsvc] wvsvc.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\RunServices: [Window Monitor] winmon32.exe
O4 - HKLM\..\RunServices: [wvsvc] wvsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Monitor] winmon32.exe
O4 - HKCU\..\Run: [wvsvc] wvsvc.exe
O4 - HKCU\..\RunServices: [Window Monitor] winmon32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD19495E-3E9F-44B0-9E8A-7051A86E1C3F}: NameServer = 62.104.191.241 62.104.196.134
O23 - Service: Notebook Manager Service - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
Seitenanfang Seitenende
02.11.2005, 02:31
Member
Avatar Gool

Beiträge: 4730
#2 Das, was Du gefixt hast, war kein Mist, sondern der Java-Scheduler (der muss aber nicht im Autostart sein ;) ) - der ist aber in dem HJT-Log noch vorhanden (hast Du gefixt, nachdem Du das Log erstellt hast?)

Richtiger Mist ist der Wurm Rbot.QZ oder Rbot.OQ oder Rbot.NF, der sich unter folgenden Einträgen eingenistet hat:

O4 - HKLM\..\Run: [Window Monitor] winmon32.exe
O4 - HKLM\..\Run: [wvsvc] wvsvc.exe
O4 - HKCU\..\Run: [Window Monitor] winmon32.exe
O4 - HKCU\..\Run: [wvsvc] wvsvc.exe
O4 - HKCU\..\RunServices: [Window Monitor] winmon32.exe

Fixe diese Einträge und lösche mit dem Programm Killbox (http://managor.de/killbox.htm) folgende Dateien:

c:\windows\system32\winmon32.exe
c:\windows\system32\wvwvc.exe

Wenn der PC neugestartet ist, dann lade Dir die aktuelle Version von HJT herunter und erstelle damit ein neues Log (http://managor.de/hjt.htm). Evtl. entdecken wir noch ein paar andere Einträge, die mit Deiner HJT-Version nicht aufgeführt wurden.

Weiterhin bitte ich Dich, Dein System im abgesicherten Modus mit dem Programm eScanCheck (http://managor.de/escan.htm) zu überprüfen und das Ergebnis hier mitzuteilen.

Start -> Ausführen -> regedit

Gehe zum Schlüssel

HKLM\SOFTWARE\Microsoft\Ole\

und setze dort den Eintrag "EnableDCOM" auf "Y"

gehe zum Schlüssel

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\

und setze dort den Eintrag "restrictanonymous" auf "0"

(HKLM = HKEY_LOCAL_MACHINE; diese Einträge könnte der Wurm verändert haben)
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
04.11.2005, 02:51
Member

Themenstarter

Beiträge: 14
#3 "Das, was Du gefixt hast, war kein Mist, sondern der Java-Scheduler (der muss aber nicht im Autostart sein ) - der ist aber in dem HJT-Log noch vorhanden (hast Du gefixt, nachdem Du das Log erstellt hast?)"
Leider ja. Wie komme ich wieder daran?

Den Rest mache ich dann noch.
marimba
Seitenanfang Seitenende
04.11.2005, 03:20
Member
Avatar Gool

Beiträge: 4730
#4 Wie gesagt, es ist nicht tragisch. Den kannste auch ruhig in der Versenkung lassen. Aber wenn Du ihn aus irgendwelchen unerfindlichen Gründen wieder zurück haben möchtest, starte HijackThis und nehme die Option "View the list of backups". Von dort aus kannste es wiederherstellen.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
04.11.2005, 03:52
Member

Themenstarter

Beiträge: 14
#5 Hier das neue Logfile, nach dem fixen und der Killbox - mit aktuellem HJT.

Was bewirken der Eintrag "EnableDCOM" auf "Y" setzen und den Eintrag "restrictanonymous" auf "0" setzen (Schlüssel)?

eScan folgt, findet der noch andere Sachen, die HJT nicht nennt?
marimba

Logfile of HijackThis v1.99.1
Scan saved at 03:40:56, on 04.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Launch Manager\QtZgAcer.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sicherheit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
Seitenanfang Seitenende
04.11.2005, 15:15
Member
Avatar Gool

Beiträge: 4730
#6

Zitat

Was bewirken der Eintrag "EnableDCOM" auf "Y" setzen und den Eintrag "restrictanonymous" auf "0" setzen (Schlüssel)?
Das stellt die Einstellungen wieder her, die der Virus verändert hat.
Allerdings habe ich gerade nochmal nachgelesen und es stellte sich heraus, dass die durch den Virus geänderten Werte ruhig geändert bleiben können - evtl. wird dann nur das Lokale Netzwerk nicht ordnungsgemäß funktionieren.

Zitat

eScan folgt, findet der noch andere Sachen, die HJT nicht nennt?
HijackThis listet nur auf, was beim Systemstart geladen wird. Viren selbst findet HijackThis nicht, da es kein Virenscanner ist.

eScan hingegen ist ein sehr brauchbarer Virenscanner, der quasi jeden Virus und jede Spyware auf Deiner Festplatte aufspürt.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Dieser Beitrag wurde am 04.11.2005 um 15:18 Uhr von Managor editiert.
Seitenanfang Seitenende
04.11.2005, 15:54
Member

Themenstarter

Beiträge: 14
#7 ich hab jetzt mit stinger, adaware, spyware, und antivirus gescannt. escan findet ggf. noch mehr? Mein Log, finde ich, sieht eigentlich nun ganz gut aus.

ich frage, weil escan sehr groß zum downloaden ist und ich erst wieder an einen PC mit DSL muß, das dauert paar tage.

Nur C:\DOKUME~1\***\LOKALE~1\TEMP\_VWUPSRV.EXE
wird noch angemäkelt bei autoanalyse.. ->
Eventuell Böse! Laut unserer Datenbank läuft dieser Prozess nomalerweise in c:\programme\avpersonal\! Überprüfen Sie, ob Sie die Datei kennen und führen Sie ggf. einen Virencheck durch.

marimba
Logfile of HijackThis v1.99.1
Scan saved at 15:45:48, on 04.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOKUME~1\***\LOKALE~1\TEMP\_VWUPSRV.EXE
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Sicherheit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD19495E-3E9F-44B0-9E8A-7051A86E1C3F}: NameServer = 62.134.11.4 195.182.110.132
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
Seitenanfang Seitenende
04.11.2005, 16:10
Member
Avatar Gool

Beiträge: 4730
#8 Auf AntiVir würde ich nicht setzen. eScan arbeitet ganz unabhängig davon und hat eine viel bessere Erkennung.

Der bemängelte Eintrag gehört zu AntiVir. Ggf. musst Du AntiVir neu installieren, um ein eventuell auftretendes Problem damit zu beheben.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
06.11.2005, 16:46
...neu hier

Beiträge: 3
#9 guten tag.. wollte keinen neuen thread aufmachen, deswegen setze ich hier mein log file rein.... mir kommts so vor als sieht das bei mir ein wenig anders aus als bei euch in sachen newdotnet... nojo.. hoffe mal mir kann geholfen werden..

Logfile of HijackThis v1.99.1
Scan saved at 16:32:43, on 06.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Dokumente und Einstellungen\tobi\Eigene Dateien\entpackt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {E029E468-EDF6-4E03-AF90-045BF94EAE12} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Trillian.lnk.disabled
O9 - Extra button: (no name) - c95fe080-8f5d-112d-a20b-00aa003c157a - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.ebay.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?946767249234
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://god.t-online.de/godcheck/CLASSES/ExentCtl.ocx
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.johannrain-softwareentwicklung.de/scan/Msie/bitdefender.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {D15BA650-0D6A-468D-9953-D199665145EB} - http://212.6.171.60/dialer/dlstt.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4592/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Seitenanfang Seitenende
09.11.2005, 01:17
Member

Themenstarter

Beiträge: 14
#10 Hi Managor, inzwischen habe ich im abgesicherten Modus escanCheck durchgeführt. Leider hatte das MWAV.logfile 1200 Seiten, die ich hier sicher nicht posten sollte und kann. Ich habe einen Haufen Kram gelöscht und vorrangig nur seltsames und error /invalid objects etc. gelassen (rot)
marimba

Voilá:
Tue Nov 08 01:21:06 2005 => **********************************************************
Tue Nov 08 01:21:06 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Tue Nov 08 01:21:06 2005 => Version 7.2.8 (C:\DOKUME~1\***\LOKALE~1\Temp\mwavscan.com)
Tue Nov 08 01:21:06 2005 => Log File: C:\DOKUME~1\***\LOKALE~1\Temp\MWAV.LOG
Tue Nov 08 01:21:06 2005 => MWAV Registered: FALSE.
Tue Nov 08 01:21:06 2005 => MWAV Mode: Only Scan files.
Tue Nov 08 01:21:06 2005 => Latest Date of files inside MWAV: 02 Nov 2005 09:25:03.
Tue Nov 08 01:21:06 2005 => Regvalue RestrictAnonymous Reset. This could be part of a worm!!!
Tue Nov 08 01:21:09 2005 => AV Library Loaded...
Tue Nov 08 01:21:09 2005 => MWAV doing self scanning...
Tue Nov 08 01:21:09 2005 => Scanning File
…..
Tue Nov 08 01:21:09 2005 => MWAV files are clean.
Tue Nov 08 01:22:05 2005 => MWAV License Agreement and conditions NOT accepted by user. Aborting...
Tue Nov 08 01:22:05 2005 => AV Library Unloaded (2)...
**********************************************************
Tue Nov 08 01:23:44 2005 => Version 7.2.8 (C:\DOKUME~1\***\LOKALE~1\Temp\mwavscan.com)
Tue Nov 08 01:23:44 2005 => Log File: C:\DOKUME~1\***\LOKALE~1\Temp\MWAV.LOG
Tue Nov 08 01:23:44 2005 => MWAV Mode: Only Scan files.
Tue Nov 08 01:23:44 2005 => Latest Date of files inside MWAV: 02 Nov 2005 09:25:03.
Tue Nov 08 01:23:45 2005 => AV Library Loaded...
Tue Nov 08 01:23:45 2005 => MWAV doing self scanning...
Tue Nov 08 01:23:45 2005 => Scanning File
Tue Nov 08 01:23:45 2005 => MWAV files are clean.
Tue Nov 08 01:23:50 2005 => Virus Database Date: 2005/11/02
Tue Nov 08 01:23:50 2005 => Virus Database Count: 157742

**********************************************************
Tue Nov 08 01:24:36 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Tue Nov 08 01:24:36 2005 => Version 7.2.8 (C:\DOKUME~1\***\LOKALE~1\Temp\mwavscan.com)
Tue Nov 08 01:24:36 2005 => Log File: C:\DOKUME~1\***\LOKALE~1\Temp\MWAV.LOG
Tue Nov 08 01:24:36 2005 => User Account: ***
Tue Nov 08 01:24:36 2005 => Windows Root Folder: C:\WINDOWS
Tue Nov 08 01:24:36 2005 => Windows Sys32 Folder: C:\WINDOWS\system32
Tue Nov 08 01:24:36 2005 => OS: Windows NT
Tue Nov 08 01:24:36 2005 => Latest Date of files inside MWAV: 02 Nov 2005 09:25:03.

Tue Nov 08 01:24:36 2005 => Options Selected by User:
Tue Nov 08 01:24:36 2005 => Memory Check: Enabled
Tue Nov 08 01:24:36 2005 => Registry Check: Enabled
Tue Nov 08 01:24:36 2005 => StartUp Folder Check: Enabled
Tue Nov 08 01:24:36 2005 => System Folder Check: Enabled
Tue Nov 08 01:24:36 2005 => System Area Check: Disabled
Tue Nov 08 01:24:36 2005 => Services Check: Enabled
Tue Nov 08 01:24:36 2005 => Drive Check Option Disabled
Tue Nov 08 01:24:36 2005 => Folder Check: Disabled

Tue Nov 08 01:24:36 2005 => ***** Scanning Memory Files *****
Tue Nov 08 01:24:53 2005 => ***** Scanning Registry Files *****

Tue Nov 08 01:24:53 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Tue Nov 08 01:24:53 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Tue Nov 08 01:24:53 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Tue Nov 08 01:24:53 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Tue Nov 08 01:24:53 2005 => Scanning File C:\WINDOWS\System32\stobject.dll

Tue Nov 08 01:24:53 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Tue Nov 08 01:24:53 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension

Tue Nov 08 01:24:53 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

Tue Nov 08 01:24:53 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Tue Nov 08 01:24:53 2005 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
Tue Nov 08 01:24:53 2005 => Scanning File C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.DLL
Tue Nov 08 01:24:53 2005 => {53707962-6F74-2D53-2644-206D7942484F} = C:\Programme\Spybot - Search & Destroy\SDHelper.dll
Tue Nov 08 01:24:53 2005 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll

Tue Nov 08 01:24:53 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler
Tue Nov 08 01:24:53 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Nov 08 01:24:53 2005 => Scanning File C:\WINDOWS\System32\browseui.dll

Tue Nov 08 01:24:53 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

Tue Nov 08 01:25:00 2005 => ERROR!!! Invalid Entry Window Monitor = winmon32.exe (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Tue Nov 08 01:25:00 2005 => ERROR!!! Invalid Entry wvsvc = wvsvc.exe (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.


Tue Nov 08 01:25:40 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Tue Nov 08 01:25:40 2005 => Loading Spyware Signatures from new External Database (Size: 145242).
Tue Nov 08 01:25:42 2005 => Indexed Spyware Databases Successfully Created...

Tue Nov 08 01:25:54 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Tue Nov 08 01:25:56 2005 => Offending file found: C:\WINDOWS\uninstall.ini
Tue Nov 08 01:25:56 2005 => System found infected with whistlesoftware Spyware/Adware (uninstall.ini)! Action taken: No Action Taken.

Tue Nov 08 01:25:56 2005 => Offending file found: C:\WINDOWS\system32\acodec.dll
Tue Nov 08 01:25:56 2005 => System found infected with tencent qq Spyware/Adware (acodec.dll)! Action taken: No Action Taken.

Tue Nov 08 01:25:56 2005 => Offending file found: C:\DOKUME~1\***\LOKALE~1\Temp\insthelp.dll
Tue Nov 08 01:25:56 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.

Tue Nov 08 01:25:56 2005 => Offending file found: C:\DOKUME~1\***\LOKALE~1\Temp\skin.ini
Tue Nov 08 01:25:56 2005 => System found infected with tencent qq Spyware/Adware (skin.ini)! Action taken: No Action Taken.

Tue Nov 08 01:25:57 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Anwendungsdaten\mgi\photosuite4\tempps4\common\toolbar.html
Tue Nov 08 01:25:57 2005 => System found infected with rapidblaster Spyware/Adware (toolbar.html)! Action taken: No Action Taken.

Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Recent\internet.lnk
Tue Nov 08 01:26:00 2005 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.

Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\outlook logging\firstrun.log
Tue Nov 08 01:26:00 2005 => System found infected with clientman Spyware/Adware (firstrun.log)! Action taken: No Action Taken.

Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\insthelp.dll
Tue Nov 08 01:26:00 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.

Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\skin.ini
Tue Nov 08 01:26:00 2005 => System found infected with tencent qq Spyware/Adware (skin.ini)! Action taken: No Action Taken.

Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\wtq309ir\formie[1].css
Tue Nov 08 01:26:00 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.

Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\wtq309ir\blank[1].htm
Tue Nov 08 01:26:00 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\wtq309ir\common[1].js
Tue Nov 08 01:26:00 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\wtq309ir\external[1].js
Tue Nov 08 01:26:00 2005 => System found infected with redv Spyware/Adware (external[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\wtq309ir\stylesheet[1].css
Tue Nov 08 01:26:00 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\shq381i7\common[1].js
Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\shq381i7\stylesheet[1].css
Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\shq381i7\global[1].js
Tue Nov 08 01:26:01 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\shq381i7\show_ads[2].js
Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\c1mv036v\common[1].js
Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\c1mv036v\stylesheet[1].css
Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\c1mv036v\blank[1].htm
Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\khmrotun\common[1].js
Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\khmrotun\stylesheet[1].css
Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\khmrotun\show_ads[2].js
Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\09abuvw9\common[1].js
Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\gpa3g1ub\ticker[1].js
Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (ticker[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\gpa3g1ub\common[1].js
Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\gpa3g1ub\external[1].js
Tue Nov 08 01:26:01 2005 => System found infected with redv Spyware/Adware (external[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\wz2ju5id\common[1].js
Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\wz2ju5id\external[1].js
Tue Nov 08 01:26:01 2005 => System found infected with redv Spyware/Adware (external[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\k16rc9en\common[1].js
Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\89qb4dyj\stylesheet[1].css
Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.

Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\41c16jkx\blank[1].htm
Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\41c16jkx\common[1].js
Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\ctmfot2n\blank[1].htm
Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\ctmfot2n\common[1].js
Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\ktub0xqb\blank[1].htm
Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\ktub0xqb\external[1].js
Tue Nov 08 01:26:02 2005 => System found infected with redv Spyware/Adware (external[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\ktub0xqb\common[1].js
Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\h4c3pl8p\stylesheet[1].css
Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.

Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\h4c3pl8p\common[1].js
Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\yl7o10z6\s_code[1].js
Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (s_code[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\yl7o10z6\blank[1].htm
Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\yl7o10z6\front[1].htm
Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (front[1].htm)! Action taken: No Action Taken.

Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\37173lww\blank[1].htm
Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\37173lww\common[1].js
Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\ofvjy89x\formie[1].css
Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\wtq309ir\formie[1].css
Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\wtq309ir\blank[1].htm
Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\wtq309ir\common[1].js
Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\wtq309ir\external[1].js
Tue Nov 08 01:26:03 2005 => System found infected with redv Spyware/Adware (external[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\wtq309ir\stylesheet[1].css
Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\shq381i7\common[1].js
Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\shq381i7\stylesheet[1].css
Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\shq381i7\global[1].js
Tue Nov 08 01:26:03 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\shq381i7\show_ads[2].js
Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\c1mv036v\common[1].js
Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\c1mv036v\stylesheet[1].css
Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\c1mv036v\blank[1].htm
Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\khmrotun\common[1].js
Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\khmrotun\stylesheet[1].css
Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\khmrotun\show_ads[2].js
Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\09abuvw9\common[1].js
Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\gpa3g1ub\ticker[1].js
Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (ticker[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\gpa3g1ub\common[1].js
Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\gpa3g1ub\external[1].js
Tue Nov 08 01:26:03 2005 => System found infected with redv Spyware/Adware (external[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\wz2ju5id\common[1].js
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\wz2ju5id\external[1].js
Tue Nov 08 01:26:04 2005 => System found infected with redv Spyware/Adware (external[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\k16rc9en\common[1].js
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\89qb4dyj\stylesheet[1].css
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\41c16jkx\blank[1].htm
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\41c16jkx\common[1].js
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\ctmfot2n\blank[1].htm
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\ctmfot2n\common[1].js
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\ktub0xqb\blank[1].htm
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\ktub0xqb\external[1].js
Tue Nov 08 01:26:04 2005 => System found infected with redv Spyware/Adware (external[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\ktub0xqb\common[1].js
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\h4c3pl8p\stylesheet[1].css
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\h4c3pl8p\common[1].js
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\yl7o10z6\s_code[1].js
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (s_code[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\yl7o10z6\blank[1].htm
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\yl7o10z6\front[1].htm
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (front[1].htm)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\37173lww\blank[1].htm
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\37173lww\common[1].js
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\ofvjy89x\formie[1].css
Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.


Tue Nov 08 01:26:08 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Fonts\Reqrd\Base\AdobeFnt.lst". Action Taken: No Action Taken.

Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Adobe SVG Viewer" refers to invalid object "C:\WINDOWS\System32\Adobe\SVG Viewer\Adobe SVG Viewer". Action Taken: No Action Taken.

Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.

Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\DigitalCam Pro" refers to invalid object "C:\Programme\Unknown\DigitalCam Pro\DigitalCam Pro". Action Taken: No Action Taken.

Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\RegAnyDVD" refers to invalid object "C:\Programme\SlySoft\AnyDVD\RegAnyDVD.exe". Action Taken: No Action Taken.

Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\RegCloneCD" refers to invalid object "C:\Programme\SlySoft\CloneCD\RegCloneCD.exe". Action Taken: No Action Taken.

Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Programme\ATI Technologies\ATI Control Panel\setup.exe". Action Taken: No Action Taken.

Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SmartSurfer3.0" refers to invalid object "C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer3.0". Action Taken: No Action Taken.

Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\Programme\Ligos\Indeo\yourapp.Exe". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\NewTech Infosystems\NTI CD-Maker\Default\FileCD\". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\NewTech Infosystems\NTI CD-Maker\Default\". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\NewTech Infosystems\NTI Backup NOW! 3\Default\". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".adr". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BUP". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fu0". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".GHS". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".opt". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pp_". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pza". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tab". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821187". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveReg". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveUpdate". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.

Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "q329623". Action Taken: No Action Taken.

Tue Nov 08 01:26:10 2005 => Entry "HKCR\CLSID\{11B3DA78-9E11-4B17-A879-FFE918F0D4B3}" refers to invalid object "C:\WINDOWS\system32\mscoree.dll". Action Taken: No Action Taken.

Tue Nov 08 01:26:10 2005 => Entry "HKCR\CLSID\{36773DF3-37FC-47B6-9F8F-CC4699917938}" refers to invalid object "E:\Acer\tools\LaunchRS.ocx". Action Taken: No Action Taken.

Tue Nov 08 01:26:10 2005 => Entry "HKCR\CLSID\{7F7061D5-7D67-11D3-92C5-006067310535}" refers to invalid object "E:\Acer\tools\regactvx.exe". Action Taken: No Action Taken.

Tue Nov 08 01:26:10 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.

Tue Nov 08 01:26:11 2005 => Entry "HKCR\CLSID\{90914AA1-0A85-407B-AA90-AD5BE725D805}" refers to invalid object "E:\Acer\tools\LaunchRS.ocx". Action Taken: No Action Taken.

Tue Nov 08 01:26:12 2005 => Entry "HKCR\TypeLib\{746BAB70-810C-4FC5-8583-C1E7A40642C7}" refers to invalid object "E:\Acer\tools\LaunchRS.ocx". Action Taken: No Action Taken.

Tue Nov 08 01:26:12 2005 => Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken.

Tue Nov 08 01:26:12 2005 => Entry "HKCR\.png" refers to invalid object "Fireworks.Doc.4". Action Taken: No Action Taken.

Tue Nov 08 01:26:12 2005 => Entry "HKCR\.sdp" refers to invalid object "soffice.StarStorageDocument.5". Action Taken: No Action Taken.

Tue Nov 08 01:26:12 2005 => Entry "HKCR\.stl" refers to invalid object "FireworksStyleLibrary". Action Taken: No Action Taken.

Tue Nov 08 01:26:12 2005 => Entry "HKCR\.x16" refers to invalid object "MacromediaXtra16". Action Taken: No Action Taken.

Tue Nov 08 01:26:12 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Tue Nov 08 01:26:12 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Tue Nov 08 01:26:12 2005 => Entry "HKCR\Clickomania.Game\shell\open\command" refers to invalid object ""C:\Programme\click.exe" "%1"". Action Taken: No Action Taken.

Tue Nov 08 01:26:12 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.

Tue Nov 08 01:26:13 2005 => Entry "HKCR\FreeHand.Doc" refers to invalid object "{F6167714-0787-11d2-9827-00C04FB17ABD}". Action Taken: No Action Taken.

Tue Nov 08 01:26:13 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.

Tue Nov 08 01:26:13 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Tue Nov 08 01:26:13 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Tue Nov 08 01:26:13 2005 => Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.

Tue Nov 08 01:26:13 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Tue Nov 08 01:26:13 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Tue Nov 08 01:26:13 2005 => Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.

Tue Nov 08 01:26:14 2005 => Entry "HKCR\rar_auto_file\shell\open\command" refers to invalid object ""C:\Programme\SlySoft\AnyDVD\RegAnyDVD.exe" "%1"". Action Taken: No Action Taken.

Tue Nov 08 01:26:14 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Tue Nov 08 01:26:14 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Tue Nov 08 01:26:14 2005 => Entry "HKCR\SharePoint.WebPartPage.Document" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken.

Tue Nov 08 01:26:14 2005 => Entry "HKCR\SharePoint.WebPartPage.Document.1.0" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken.

Tue Nov 08 01:26:14 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Tue Nov 08 01:26:14 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.


Tue Nov 08 01:41:55 2005 => ***** Scanning complete. *****

Tue Nov 08 01:41:55 2005 => Total Objects Scanned: 49247
Tue Nov 08 01:41:55 2005 => Total Virus(es) Found: 86
Tue Nov 08 01:41:55 2005 => Total Disinfected Files: 0
Tue Nov 08 01:41:55 2005 => Total Files Renamed: 0
Tue Nov 08 01:41:55 2005 => Total Deleted Objects: 0
Tue Nov 08 01:41:55 2005 => Total Errors: 63
Tue Nov 08 01:41:55 2005 => Time Elapsed: 00:17:17
Tue Nov 08 01:41:55 2005 => Virus Database Date: 2005/11/02
Tue Nov 08 01:41:55 2005 => Virus Database Count: 157742

Tue Nov 08 01:41:55 2005 => Scan Completed.
Dieser Beitrag wurde am 09.11.2005 um 01:33 Uhr von marimba editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: