Bitte um Logfileanalyse durch Profis |
||
---|---|---|
#0
| ||
02.11.2005, 01:33
Member
Beiträge: 14 |
||
|
||
02.11.2005, 02:31
Member
Beiträge: 4730 |
#2
Das, was Du gefixt hast, war kein Mist, sondern der Java-Scheduler (der muss aber nicht im Autostart sein ) - der ist aber in dem HJT-Log noch vorhanden (hast Du gefixt, nachdem Du das Log erstellt hast?)
Richtiger Mist ist der Wurm Rbot.QZ oder Rbot.OQ oder Rbot.NF, der sich unter folgenden Einträgen eingenistet hat: O4 - HKLM\..\Run: [Window Monitor] winmon32.exe O4 - HKLM\..\Run: [wvsvc] wvsvc.exe O4 - HKCU\..\Run: [Window Monitor] winmon32.exe O4 - HKCU\..\Run: [wvsvc] wvsvc.exe O4 - HKCU\..\RunServices: [Window Monitor] winmon32.exe Fixe diese Einträge und lösche mit dem Programm Killbox (http://managor.de/killbox.htm) folgende Dateien: c:\windows\system32\winmon32.exe c:\windows\system32\wvwvc.exe Wenn der PC neugestartet ist, dann lade Dir die aktuelle Version von HJT herunter und erstelle damit ein neues Log (http://managor.de/hjt.htm). Evtl. entdecken wir noch ein paar andere Einträge, die mit Deiner HJT-Version nicht aufgeführt wurden. Weiterhin bitte ich Dich, Dein System im abgesicherten Modus mit dem Programm eScanCheck (http://managor.de/escan.htm) zu überprüfen und das Ergebnis hier mitzuteilen. Start -> Ausführen -> regedit Gehe zum Schlüssel HKLM\SOFTWARE\Microsoft\Ole\ und setze dort den Eintrag "EnableDCOM" auf "Y" gehe zum Schlüssel HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ und setze dort den Eintrag "restrictanonymous" auf "0" (HKLM = HKEY_LOCAL_MACHINE; diese Einträge könnte der Wurm verändert haben) __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
04.11.2005, 02:51
Member
Themenstarter Beiträge: 14 |
#3
"Das, was Du gefixt hast, war kein Mist, sondern der Java-Scheduler (der muss aber nicht im Autostart sein ) - der ist aber in dem HJT-Log noch vorhanden (hast Du gefixt, nachdem Du das Log erstellt hast?)"
Leider ja. Wie komme ich wieder daran? Den Rest mache ich dann noch. marimba |
|
|
||
04.11.2005, 03:20
Member
Beiträge: 4730 |
#4
Wie gesagt, es ist nicht tragisch. Den kannste auch ruhig in der Versenkung lassen. Aber wenn Du ihn aus irgendwelchen unerfindlichen Gründen wieder zurück haben möchtest, starte HijackThis und nehme die Option "View the list of backups". Von dort aus kannste es wiederherstellen.
__________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
04.11.2005, 03:52
Member
Themenstarter Beiträge: 14 |
#5
Hier das neue Logfile, nach dem fixen und der Killbox - mit aktuellem HJT.
Was bewirken der Eintrag "EnableDCOM" auf "Y" setzen und den Eintrag "restrictanonymous" auf "0" setzen (Schlüssel)? eScan folgt, findet der noch andere Sachen, die HJT nicht nennt? marimba Logfile of HijackThis v1.99.1 Scan saved at 03:40:56, on 04.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\eManager\anbmServ.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Launch Manager\QtZgAcer.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sicherheit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE |
|
|
||
04.11.2005, 15:15
Member
Beiträge: 4730 |
#6
Zitat Was bewirken der Eintrag "EnableDCOM" auf "Y" setzen und den Eintrag "restrictanonymous" auf "0" setzen (Schlüssel)?Das stellt die Einstellungen wieder her, die der Virus verändert hat. Allerdings habe ich gerade nochmal nachgelesen und es stellte sich heraus, dass die durch den Virus geänderten Werte ruhig geändert bleiben können - evtl. wird dann nur das Lokale Netzwerk nicht ordnungsgemäß funktionieren. Zitat eScan folgt, findet der noch andere Sachen, die HJT nicht nennt?HijackThis listet nur auf, was beim Systemstart geladen wird. Viren selbst findet HijackThis nicht, da es kein Virenscanner ist. eScan hingegen ist ein sehr brauchbarer Virenscanner, der quasi jeden Virus und jede Spyware auf Deiner Festplatte aufspürt. __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser Dieser Beitrag wurde am 04.11.2005 um 15:18 Uhr von Managor editiert.
|
|
|
||
04.11.2005, 15:54
Member
Themenstarter Beiträge: 14 |
#7
ich hab jetzt mit stinger, adaware, spyware, und antivirus gescannt. escan findet ggf. noch mehr? Mein Log, finde ich, sieht eigentlich nun ganz gut aus.
ich frage, weil escan sehr groß zum downloaden ist und ich erst wieder an einen PC mit DSL muß, das dauert paar tage. Nur C:\DOKUME~1\***\LOKALE~1\TEMP\_VWUPSRV.EXE wird noch angemäkelt bei autoanalyse.. -> Eventuell Böse! Laut unserer Datenbank läuft dieser Prozess nomalerweise in c:\programme\avpersonal\! Überprüfen Sie, ob Sie die Datei kennen und führen Sie ggf. einen Virencheck durch. marimba Logfile of HijackThis v1.99.1 Scan saved at 15:45:48, on 04.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\eManager\anbmServ.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\DOKUME~1\***\LOKALE~1\TEMP\_VWUPSRV.EXE C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Sicherheit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FD19495E-3E9F-44B0-9E8A-7051A86E1C3F}: NameServer = 62.134.11.4 195.182.110.132 O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE |
|
|
||
04.11.2005, 16:10
Member
Beiträge: 4730 |
#8
Auf AntiVir würde ich nicht setzen. eScan arbeitet ganz unabhängig davon und hat eine viel bessere Erkennung.
Der bemängelte Eintrag gehört zu AntiVir. Ggf. musst Du AntiVir neu installieren, um ein eventuell auftretendes Problem damit zu beheben. __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
06.11.2005, 16:46
...neu hier
Beiträge: 3 |
#9
guten tag.. wollte keinen neuen thread aufmachen, deswegen setze ich hier mein log file rein.... mir kommts so vor als sieht das bei mir ein wenig anders aus als bei euch in sachen newdotnet... nojo.. hoffe mal mir kann geholfen werden..
Logfile of HijackThis v1.99.1 Scan saved at 16:32:43, on 06.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\Microsoft AntiSpyware\gcasServ.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.EXE C:\Dokumente und Einstellungen\tobi\Eigene Dateien\entpackt\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: C:\WINDOWS\lbbho.dll - {E029E468-EDF6-4E03-AF90-045BF94EAE12} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Trillian.lnk.disabled O9 - Extra button: (no name) - c95fe080-8f5d-112d-a20b-00aa003c157a - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.ebay.de O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?946767249234 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://god.t-online.de/godcheck/CLASSES/ExentCtl.ocx O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.johannrain-softwareentwicklung.de/scan/Msie/bitdefender.cab O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {D15BA650-0D6A-468D-9953-D199665145EB} - http://212.6.171.60/dialer/dlstt.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4592/mcfscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O19 - User stylesheet: (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe |
|
|
||
09.11.2005, 01:17
Member
Themenstarter Beiträge: 14 |
#10
Hi Managor, inzwischen habe ich im abgesicherten Modus escanCheck durchgeführt. Leider hatte das MWAV.logfile 1200 Seiten, die ich hier sicher nicht posten sollte und kann. Ich habe einen Haufen Kram gelöscht und vorrangig nur seltsames und error /invalid objects etc. gelassen (rot)
marimba Voilá: Tue Nov 08 01:21:06 2005 => ********************************************************** Tue Nov 08 01:21:06 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility. Tue Nov 08 01:21:06 2005 => Version 7.2.8 (C:\DOKUME~1\***\LOKALE~1\Temp\mwavscan.com) Tue Nov 08 01:21:06 2005 => Log File: C:\DOKUME~1\***\LOKALE~1\Temp\MWAV.LOG Tue Nov 08 01:21:06 2005 => MWAV Registered: FALSE. Tue Nov 08 01:21:06 2005 => MWAV Mode: Only Scan files. Tue Nov 08 01:21:06 2005 => Latest Date of files inside MWAV: 02 Nov 2005 09:25:03. Tue Nov 08 01:21:06 2005 => Regvalue RestrictAnonymous Reset. This could be part of a worm!!! Tue Nov 08 01:21:09 2005 => AV Library Loaded... Tue Nov 08 01:21:09 2005 => MWAV doing self scanning... Tue Nov 08 01:21:09 2005 => Scanning File ….. Tue Nov 08 01:21:09 2005 => MWAV files are clean. Tue Nov 08 01:22:05 2005 => MWAV License Agreement and conditions NOT accepted by user. Aborting... Tue Nov 08 01:22:05 2005 => AV Library Unloaded (2)... ********************************************************** Tue Nov 08 01:23:44 2005 => Version 7.2.8 (C:\DOKUME~1\***\LOKALE~1\Temp\mwavscan.com) Tue Nov 08 01:23:44 2005 => Log File: C:\DOKUME~1\***\LOKALE~1\Temp\MWAV.LOG Tue Nov 08 01:23:44 2005 => MWAV Mode: Only Scan files. Tue Nov 08 01:23:44 2005 => Latest Date of files inside MWAV: 02 Nov 2005 09:25:03. Tue Nov 08 01:23:45 2005 => AV Library Loaded... Tue Nov 08 01:23:45 2005 => MWAV doing self scanning... Tue Nov 08 01:23:45 2005 => Scanning File Tue Nov 08 01:23:45 2005 => MWAV files are clean. Tue Nov 08 01:23:50 2005 => Virus Database Date: 2005/11/02 Tue Nov 08 01:23:50 2005 => Virus Database Count: 157742 ********************************************************** Tue Nov 08 01:24:36 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility. Tue Nov 08 01:24:36 2005 => Version 7.2.8 (C:\DOKUME~1\***\LOKALE~1\Temp\mwavscan.com) Tue Nov 08 01:24:36 2005 => Log File: C:\DOKUME~1\***\LOKALE~1\Temp\MWAV.LOG Tue Nov 08 01:24:36 2005 => User Account: *** Tue Nov 08 01:24:36 2005 => Windows Root Folder: C:\WINDOWS Tue Nov 08 01:24:36 2005 => Windows Sys32 Folder: C:\WINDOWS\system32 Tue Nov 08 01:24:36 2005 => OS: Windows NT Tue Nov 08 01:24:36 2005 => Latest Date of files inside MWAV: 02 Nov 2005 09:25:03. Tue Nov 08 01:24:36 2005 => Options Selected by User: Tue Nov 08 01:24:36 2005 => Memory Check: Enabled Tue Nov 08 01:24:36 2005 => Registry Check: Enabled Tue Nov 08 01:24:36 2005 => StartUp Folder Check: Enabled Tue Nov 08 01:24:36 2005 => System Folder Check: Enabled Tue Nov 08 01:24:36 2005 => System Area Check: Disabled Tue Nov 08 01:24:36 2005 => Services Check: Enabled Tue Nov 08 01:24:36 2005 => Drive Check Option Disabled Tue Nov 08 01:24:36 2005 => Folder Check: Disabled Tue Nov 08 01:24:36 2005 => ***** Scanning Memory Files ***** Tue Nov 08 01:24:53 2005 => ***** Scanning Registry Files ***** Tue Nov 08 01:24:53 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad Tue Nov 08 01:24:53 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll Tue Nov 08 01:24:53 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll Tue Nov 08 01:24:53 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll Tue Nov 08 01:24:53 2005 => Scanning File C:\WINDOWS\System32\stobject.dll Tue Nov 08 01:24:53 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad Tue Nov 08 01:24:53 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension Tue Nov 08 01:24:53 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar Tue Nov 08 01:24:53 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects Tue Nov 08 01:24:53 2005 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll Tue Nov 08 01:24:53 2005 => Scanning File C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.DLL Tue Nov 08 01:24:53 2005 => {53707962-6F74-2D53-2644-206D7942484F} = C:\Programme\Spybot - Search & Destroy\SDHelper.dll Tue Nov 08 01:24:53 2005 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll Tue Nov 08 01:24:53 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler Tue Nov 08 01:24:53 2005 => Scanning File C:\WINDOWS\System32\browseui.dll Tue Nov 08 01:24:53 2005 => Scanning File C:\WINDOWS\System32\browseui.dll Tue Nov 08 01:24:53 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Tue Nov 08 01:25:00 2005 => ERROR!!! Invalid Entry Window Monitor = winmon32.exe (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. Tue Nov 08 01:25:00 2005 => ERROR!!! Invalid Entry wvsvc = wvsvc.exe (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. Tue Nov 08 01:25:40 2005 => ***** Scanning Registry and File system for Adware/Spyware ***** Tue Nov 08 01:25:40 2005 => Loading Spyware Signatures from new External Database (Size: 145242). Tue Nov 08 01:25:42 2005 => Indexed Spyware Databases Successfully Created... Tue Nov 08 01:25:54 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. Tue Nov 08 01:25:56 2005 => Offending file found: C:\WINDOWS\uninstall.ini Tue Nov 08 01:25:56 2005 => System found infected with whistlesoftware Spyware/Adware (uninstall.ini)! Action taken: No Action Taken. Tue Nov 08 01:25:56 2005 => Offending file found: C:\WINDOWS\system32\acodec.dll Tue Nov 08 01:25:56 2005 => System found infected with tencent qq Spyware/Adware (acodec.dll)! Action taken: No Action Taken. Tue Nov 08 01:25:56 2005 => Offending file found: C:\DOKUME~1\***\LOKALE~1\Temp\insthelp.dll Tue Nov 08 01:25:56 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken. Tue Nov 08 01:25:56 2005 => Offending file found: C:\DOKUME~1\***\LOKALE~1\Temp\skin.ini Tue Nov 08 01:25:56 2005 => System found infected with tencent qq Spyware/Adware (skin.ini)! Action taken: No Action Taken. Tue Nov 08 01:25:57 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Anwendungsdaten\mgi\photosuite4\tempps4\common\toolbar.html Tue Nov 08 01:25:57 2005 => System found infected with rapidblaster Spyware/Adware (toolbar.html)! Action taken: No Action Taken. Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Recent\internet.lnk Tue Nov 08 01:26:00 2005 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken. Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\outlook logging\firstrun.log Tue Nov 08 01:26:00 2005 => System found infected with clientman Spyware/Adware (firstrun.log)! Action taken: No Action Taken. Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\insthelp.dll Tue Nov 08 01:26:00 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken. Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\skin.ini Tue Nov 08 01:26:00 2005 => System found infected with tencent qq Spyware/Adware (skin.ini)! Action taken: No Action Taken. Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\wtq309ir\formie[1].css Tue Nov 08 01:26:00 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken. Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\wtq309ir\blank[1].htm Tue Nov 08 01:26:00 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\wtq309ir\common[1].js Tue Nov 08 01:26:00 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\wtq309ir\external[1].js Tue Nov 08 01:26:00 2005 => System found infected with redv Spyware/Adware (external[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:00 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\wtq309ir\stylesheet[1].css Tue Nov 08 01:26:00 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\shq381i7\common[1].js Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\shq381i7\stylesheet[1].css Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\shq381i7\global[1].js Tue Nov 08 01:26:01 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\shq381i7\show_ads[2].js Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\c1mv036v\common[1].js Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\c1mv036v\stylesheet[1].css Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\c1mv036v\blank[1].htm Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\khmrotun\common[1].js Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\khmrotun\stylesheet[1].css Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\khmrotun\show_ads[2].js Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\09abuvw9\common[1].js Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\gpa3g1ub\ticker[1].js Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (ticker[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\gpa3g1ub\common[1].js Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\gpa3g1ub\external[1].js Tue Nov 08 01:26:01 2005 => System found infected with redv Spyware/Adware (external[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\wz2ju5id\common[1].js Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\wz2ju5id\external[1].js Tue Nov 08 01:26:01 2005 => System found infected with redv Spyware/Adware (external[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\k16rc9en\common[1].js Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\89qb4dyj\stylesheet[1].css Tue Nov 08 01:26:01 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken. Tue Nov 08 01:26:01 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\41c16jkx\blank[1].htm Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\41c16jkx\common[1].js Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\ctmfot2n\blank[1].htm Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\ctmfot2n\common[1].js Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\ktub0xqb\blank[1].htm Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\ktub0xqb\external[1].js Tue Nov 08 01:26:02 2005 => System found infected with redv Spyware/Adware (external[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\ktub0xqb\common[1].js Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\h4c3pl8p\stylesheet[1].css Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken. Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\h4c3pl8p\common[1].js Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\yl7o10z6\s_code[1].js Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (s_code[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\yl7o10z6\blank[1].htm Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\yl7o10z6\front[1].htm Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (front[1].htm)! Action taken: No Action Taken. Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\37173lww\blank[1].htm Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\37173lww\common[1].js Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:02 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temporary internet files\content.ie5\ofvjy89x\formie[1].css Tue Nov 08 01:26:02 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\wtq309ir\formie[1].css Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\wtq309ir\blank[1].htm Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\wtq309ir\common[1].js Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\wtq309ir\external[1].js Tue Nov 08 01:26:03 2005 => System found infected with redv Spyware/Adware (external[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\wtq309ir\stylesheet[1].css Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\shq381i7\common[1].js Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\shq381i7\stylesheet[1].css Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\shq381i7\global[1].js Tue Nov 08 01:26:03 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\shq381i7\show_ads[2].js Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\c1mv036v\common[1].js Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\c1mv036v\stylesheet[1].css Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\c1mv036v\blank[1].htm Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\khmrotun\common[1].js Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\khmrotun\stylesheet[1].css Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\khmrotun\show_ads[2].js Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\09abuvw9\common[1].js Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\gpa3g1ub\ticker[1].js Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (ticker[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\gpa3g1ub\common[1].js Tue Nov 08 01:26:03 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:03 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\gpa3g1ub\external[1].js Tue Nov 08 01:26:03 2005 => System found infected with redv Spyware/Adware (external[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\wz2ju5id\common[1].js Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\wz2ju5id\external[1].js Tue Nov 08 01:26:04 2005 => System found infected with redv Spyware/Adware (external[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\k16rc9en\common[1].js Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\89qb4dyj\stylesheet[1].css Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\41c16jkx\blank[1].htm Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\41c16jkx\common[1].js Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\ctmfot2n\blank[1].htm Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\ctmfot2n\common[1].js Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\ktub0xqb\blank[1].htm Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\ktub0xqb\external[1].js Tue Nov 08 01:26:04 2005 => System found infected with redv Spyware/Adware (external[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\ktub0xqb\common[1].js Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\h4c3pl8p\stylesheet[1].css Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\h4c3pl8p\common[1].js Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\yl7o10z6\s_code[1].js Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (s_code[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\yl7o10z6\blank[1].htm Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\yl7o10z6\front[1].htm Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (front[1].htm)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\37173lww\blank[1].htm Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\37173lww\common[1].js Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Tue Nov 08 01:26:04 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\content.ie5\ofvjy89x\formie[1].css Tue Nov 08 01:26:04 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken. Tue Nov 08 01:26:08 2005 => ***** Scanning Registry for errors created because of Adware/Spyware ***** Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Fonts\Reqrd\Base\AdobeFnt.lst". Action Taken: No Action Taken. Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Adobe SVG Viewer" refers to invalid object "C:\WINDOWS\System32\Adobe\SVG Viewer\Adobe SVG Viewer". Action Taken: No Action Taken. Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken. Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\DigitalCam Pro" refers to invalid object "C:\Programme\Unknown\DigitalCam Pro\DigitalCam Pro". Action Taken: No Action Taken. Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\RegAnyDVD" refers to invalid object "C:\Programme\SlySoft\AnyDVD\RegAnyDVD.exe". Action Taken: No Action Taken. Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\RegCloneCD" refers to invalid object "C:\Programme\SlySoft\CloneCD\RegCloneCD.exe". Action Taken: No Action Taken. Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Programme\ATI Technologies\ATI Control Panel\setup.exe". Action Taken: No Action Taken. Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SmartSurfer3.0" refers to invalid object "C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer3.0". Action Taken: No Action Taken. Tue Nov 08 01:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\Programme\Ligos\Indeo\yourapp.Exe". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\NewTech Infosystems\NTI CD-Maker\Default\FileCD\". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\NewTech Infosystems\NTI CD-Maker\Default\". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\NewTech Infosystems\NTI Backup NOW! 3\Default\". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".adr". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BUP". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fu0". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".GHS". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".opt". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pp_". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pza". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tab". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821187". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveReg". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveUpdate". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken. Tue Nov 08 01:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "q329623". Action Taken: No Action Taken. Tue Nov 08 01:26:10 2005 => Entry "HKCR\CLSID\{11B3DA78-9E11-4B17-A879-FFE918F0D4B3}" refers to invalid object "C:\WINDOWS\system32\mscoree.dll". Action Taken: No Action Taken. Tue Nov 08 01:26:10 2005 => Entry "HKCR\CLSID\{36773DF3-37FC-47B6-9F8F-CC4699917938}" refers to invalid object "E:\Acer\tools\LaunchRS.ocx". Action Taken: No Action Taken. Tue Nov 08 01:26:10 2005 => Entry "HKCR\CLSID\{7F7061D5-7D67-11D3-92C5-006067310535}" refers to invalid object "E:\Acer\tools\regactvx.exe". Action Taken: No Action Taken. Tue Nov 08 01:26:10 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken. Tue Nov 08 01:26:11 2005 => Entry "HKCR\CLSID\{90914AA1-0A85-407B-AA90-AD5BE725D805}" refers to invalid object "E:\Acer\tools\LaunchRS.ocx". Action Taken: No Action Taken. Tue Nov 08 01:26:12 2005 => Entry "HKCR\TypeLib\{746BAB70-810C-4FC5-8583-C1E7A40642C7}" refers to invalid object "E:\Acer\tools\LaunchRS.ocx". Action Taken: No Action Taken. Tue Nov 08 01:26:12 2005 => Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken. Tue Nov 08 01:26:12 2005 => Entry "HKCR\.png" refers to invalid object "Fireworks.Doc.4". Action Taken: No Action Taken. Tue Nov 08 01:26:12 2005 => Entry "HKCR\.sdp" refers to invalid object "soffice.StarStorageDocument.5". Action Taken: No Action Taken. Tue Nov 08 01:26:12 2005 => Entry "HKCR\.stl" refers to invalid object "FireworksStyleLibrary". Action Taken: No Action Taken. Tue Nov 08 01:26:12 2005 => Entry "HKCR\.x16" refers to invalid object "MacromediaXtra16". Action Taken: No Action Taken. Tue Nov 08 01:26:12 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Tue Nov 08 01:26:12 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Tue Nov 08 01:26:12 2005 => Entry "HKCR\Clickomania.Game\shell\open\command" refers to invalid object ""C:\Programme\click.exe" "%1"". Action Taken: No Action Taken. Tue Nov 08 01:26:12 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken. Tue Nov 08 01:26:13 2005 => Entry "HKCR\FreeHand.Doc" refers to invalid object "{F6167714-0787-11d2-9827-00C04FB17ABD}". Action Taken: No Action Taken. Tue Nov 08 01:26:13 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Tue Nov 08 01:26:13 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Tue Nov 08 01:26:13 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Tue Nov 08 01:26:13 2005 => Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken. Tue Nov 08 01:26:13 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Tue Nov 08 01:26:13 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Tue Nov 08 01:26:13 2005 => Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken. Tue Nov 08 01:26:14 2005 => Entry "HKCR\rar_auto_file\shell\open\command" refers to invalid object ""C:\Programme\SlySoft\AnyDVD\RegAnyDVD.exe" "%1"". Action Taken: No Action Taken. Tue Nov 08 01:26:14 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Tue Nov 08 01:26:14 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Tue Nov 08 01:26:14 2005 => Entry "HKCR\SharePoint.WebPartPage.Document" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken. Tue Nov 08 01:26:14 2005 => Entry "HKCR\SharePoint.WebPartPage.Document.1.0" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken. Tue Nov 08 01:26:14 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Tue Nov 08 01:26:14 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Tue Nov 08 01:41:55 2005 => ***** Scanning complete. ***** Tue Nov 08 01:41:55 2005 => Total Objects Scanned: 49247 Tue Nov 08 01:41:55 2005 => Total Virus(es) Found: 86 Tue Nov 08 01:41:55 2005 => Total Disinfected Files: 0 Tue Nov 08 01:41:55 2005 => Total Files Renamed: 0 Tue Nov 08 01:41:55 2005 => Total Deleted Objects: 0 Tue Nov 08 01:41:55 2005 => Total Errors: 63 Tue Nov 08 01:41:55 2005 => Time Elapsed: 00:17:17 Tue Nov 08 01:41:55 2005 => Virus Database Date: 2005/11/02 Tue Nov 08 01:41:55 2005 => Virus Database Count: 157742 Tue Nov 08 01:41:55 2005 => Scan Completed. Dieser Beitrag wurde am 09.11.2005 um 01:33 Uhr von marimba editiert.
|
|
|
||
Zuvor habe ich mit Stinger einen sdbot.worm gefunden und gelöscht. Ich hoffe, der ist weg und kommt nicht wieder.
Vielen Dank für Hilfe
marimba
Logfile of HijackThis v1.99.0
Scan saved at 00:49:12, on 02.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Launch Manager\QtZgAcer.EXE
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Outlook Express\msimn.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Programme\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Window Monitor] winmon32.exe
O4 - HKLM\..\Run: [wvsvc] wvsvc.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\RunServices: [Window Monitor] winmon32.exe
O4 - HKLM\..\RunServices: [wvsvc] wvsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Monitor] winmon32.exe
O4 - HKCU\..\Run: [wvsvc] wvsvc.exe
O4 - HKCU\..\RunServices: [Window Monitor] winmon32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD19495E-3E9F-44B0-9E8A-7051A86E1C3F}: NameServer = 62.104.191.241 62.104.196.134
O23 - Service: Notebook Manager Service - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE