selsame dll, verursacht Werbefenster !?

#0
02.11.2005, 21:16
...neu hier

Beiträge: 5
#1 Hallo, seit einer Stunde habe ich das Problem, dass Werbe-Fenster plötzlich aus dem NIX springen, selbst wenn ich nix mache, wird das IE ohne Grund gestartet.
Hier das HJT-Log:
http://rapidshare.de/files/7104904/hijackthis.log.html

In dem log ist es mir folgende dll-Datei aufgefallen:
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\hrno0553e.dll

Nach Neustart ändert die DLL ihren Namen und Notify (Telephony/MCD usw.). Ich kann die Datei nicht loschen. Hab's mit AmoK DelayDel v1.2 versucht leider ohne Erfolg. Nach Neustart taucht sie wieder auf aber unter einem neuen Namen? Was tun??? McAfee, Ad-Aware SE Professional und Spyware & Adware Remover finden nix bzw. erkennen die Datei nicht als Gefahr!!!

Bitte Hilfe!!!
Seitenanfang Seitenende
03.11.2005, 00:20
Member
Avatar Gool

Beiträge: 4730
#2 Bitte poste uns doch den ganzen HJT-Log. Und außerdem bitte ich Dich, vier Logs nach folgender Anweisung zu erstellen und daraus die Einträge der vergangenen drei Wochen (vor jedem Eintrag steht ein Datum) inklusiver der Pfadangabe am Anfang zu kopieren:
http://virus-protect.org/datfindbat.html

Weiterhin bitte ich Dich, im abgesicherten Modus einen Scan mit eScanCheck durchzuführen und das Ergebnis zu posten:
http://managor.de/escan.htm
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Dieser Beitrag wurde am 03.11.2005 um 00:23 Uhr von Managor editiert.
Seitenanfang Seitenende
03.11.2005, 01:32
...neu hier

Themenstarter

Beiträge: 5
#3 Hier den HJT-Log:
Logfile of HijackThis v1.99.1
Scan saved at 01:32:04, on 03.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programme\Executive Software\Diskeeper\DkService.exe
C:\Programme\F-Prot\fpavupdm.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\programme\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programme\McAfee.com\VSO\mcvsshld.exe
C:\Programme\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\progra~1\mcafee\MCAFEE~3\masalert.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\studnet\studnet.exe
C:\Programme\Overnet\overnet.exe
C:\Programme\Azureus\Azureus.exe
C:\Programme\Java\jre1.5.0_04\bin\javaw.exe
C:\Programme\Opera\Opera.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
E:\Archiv\Schutzsoftware\HijackThis 1.99\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programme\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programme\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~3\masalert.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programme\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: c:\programme\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\programme\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\programme\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\programme\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\programme\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\programme\bps spyware & adware remover\apptoport.dll
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130618950406
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CF520BC-FFEA-4779-AC8A-6209CCEFE6DD}: NameServer = 139.18.25.3
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\k6pm0g71e6.dll (file missing)
O20 - Winlogon Notify: Run_Disabled - C:\WINDOWS\system32\ir60l5jm1.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\s888lilu18q8.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programme\Executive Software\Diskeeper\DkService.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programme\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programme\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ra4swapltii - Sonic Solutions - (no file)

Log 1:

Verzeichnis von C:\WINDOWS\system32

03.11.2005 01:22 104.576 Status.MPF
03.11.2005 01:20 39.291 nvapps.xml
03.11.2005 01:20 233.780 uersdpia.dll
03.11.2005 01:20 234.745 hr6u05j9e.dll
03.11.2005 01:19 1.080 settingsbkup.sfm
03.11.2005 01:19 1.080 settings.sfm
03.11.2005 01:19 11.564 DVCState-{00000002-00000000-00000009-00001102-00000004-20021102}.rfx
03.11.2005 01:19 30.528 BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-20021102}.rfx
03.11.2005 01:19 30.528 BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-20021102}.rfx
03.11.2005 01:19 30.888 BMXState-{00000002-00000000-00000009-00001102-00000004-20021102}.rfx
03.11.2005 01:19 30.888 BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-20021102}.rfx
02.11.2005 22:56 233.780 ir60l5jm1.dll
02.11.2005 20:19 383.390 perfh009.dat
02.11.2005 20:19 394.830 perfh007.dat
02.11.2005 20:19 53.744 perfc009.dat
02.11.2005 20:19 64.796 perfc007.dat
02.11.2005 20:19 906.616 PerfStringBackup.INI
02.11.2005 13:42 2.206 wpa.dbl
01.11.2005 00:03 3.799 jupdate-1.5.0_04-b05.log
23.10.2005 12:35 158 NVU001.nvu
19.10.2005 05:37 308.400 FNTCACHE.DAT
18.10.2005 10:08 349.760 mcinsctl.dll
14.10.2005 01:37 14 MPFServiceFailureCount.txt
13.10.2005 15:23 233.472 wrap_oal.dll
10.10.2005 21:51 180.224 NVUNINST.EXE
10.10.2005 21:51 180.224 nvunrm.exe
10.10.2005 21:51 180.224 nvudisp.exe
10.10.2005 20:49 34.304 nvcod.dll
10.10.2005 20:49 1.519.616 nwiz.exe
10.10.2005 20:49 167.936 nvwrszht.dll
10.10.2005 20:49 163.840 nvwrszhc.dll
10.10.2005 20:49 425.984 keystone.exe
10.10.2005 20:49 294.912 nvwrssv.dll
10.10.2005 20:49 303.104 nvwrssl.dll
10.10.2005 20:49 299.008 nvwrssk.dll
10.10.2005 20:49 315.392 nvwrsru.dll
10.10.2005 20:49 319.488 nvwrsptb.dll
10.10.2005 20:49 323.584 nvwrspt.dll
10.10.2005 20:49 294.912 nvwrspl.dll
10.10.2005 20:49 299.008 nvwrsno.dll
10.10.2005 20:49 319.488 nvwrsnl.dll
10.10.2005 20:49 196.608 nvwrsko.dll
10.10.2005 20:49 442.368 nvappbar.exe
10.10.2005 20:49 323.584 nvwrsit.dll
10.10.2005 20:49 315.392 nvwrshu.dll
10.10.2005 20:49 278.528 nvwrshe.dll
10.10.2005 20:49 327.680 nvwrsfr.dll
10.10.2005 20:49 303.104 nvwrsfi.dll
10.10.2005 20:49 327.680 nvwrsesm.dll
10.10.2005 20:49 335.872 nvwrses.dll
10.10.2005 20:49 286.720 nvwrseng.dll
10.10.2005 20:49 335.872 nvwrsel.dll
10.10.2005 20:49 311.296 nvwrsde.dll
10.10.2005 20:49 294.912 nvwrsda.dll
10.10.2005 20:49 286.720 nvwrscs.dll
10.10.2005 20:49 282.624 nvwrsar.dll
10.10.2005 20:49 1.019.904 nvwimg.dll
10.10.2005 20:49 1.662.976 nvwdmcpl.dll
10.10.2005 20:49 81.920 nvwddi.dll
10.10.2005 20:49 3.921.024 nv4_disp.dll
10.10.2005 20:49 212.992 nvwrsja.dll
10.10.2005 20:49 45.056 nvapi.dll
10.10.2005 20:49 303.104 nvwrstr.dll
10.10.2005 20:49 73.728 nvtuicpl.cpl
10.10.2005 20:49 131.139 nvsvc32.exe
10.10.2005 20:49 466.944 nvshell.dll
10.10.2005 20:49 118.784 nvrszht.dll
10.10.2005 20:49 217.088 nvrszhc.dll
10.10.2005 20:49 249.856 nvrstr.dll
10.10.2005 20:49 245.760 nvrssv.dll
10.10.2005 20:49 249.856 nvrssl.dll
10.10.2005 20:49 249.856 nvrssk.dll
10.10.2005 20:49 262.144 nvrsru.dll
10.10.2005 20:49 262.144 nvrsptb.dll
10.10.2005 20:49 266.240 nvrspt.dll
10.10.2005 20:49 249.856 nvrspl.dll
10.10.2005 20:49 249.856 nvrsno.dll
10.10.2005 20:49 266.240 nvrsnl.dll
10.10.2005 20:49 253.952 nvrsko.dll
10.10.2005 20:49 258.048 nvrsja.dll
10.10.2005 20:49 274.432 nvrsit.dll
10.10.2005 20:49 253.952 nvrshu.dll
10.10.2005 20:49 319.488 nvrshe.dll
10.10.2005 20:49 278.528 nvrsfr.dll
10.10.2005 20:49 241.664 nvrsfi.dll
10.10.2005 20:49 34.304 nvcodins.dll
10.10.2005 20:49 274.432 nvrses.dll
10.10.2005 20:49 241.664 nvrseng.dll
10.10.2005 20:49 274.432 nvrsel.dll
10.10.2005 20:49 270.336 nvrsde.dll
10.10.2005 20:49 245.760 nvrsda.dll
10.10.2005 20:49 241.664 nvrscs.dll
10.10.2005 20:49 319.488 nvrsar.dll
10.10.2005 20:49 5.378.048 nvoglnt.dll
10.10.2005 20:49 286.720 nvnt4cpl.dll
10.10.2005 20:49 86.016 nvmctray.dll
10.10.2005 20:49 45.056 nvmccsrs.dll
10.10.2005 20:49 229.376 nvmccs.dll
10.10.2005 20:49 1.466.368 nview.dll
10.10.2005 20:49 573.440 nvhwvid.dll
10.10.2005 20:49 1.339.392 nvdspsch.exe
10.10.2005 20:49 15.868 nvdisp.nvu
10.10.2005 20:49 7.286.784 nvcpl.dll
10.10.2005 20:49 147.456 nvcolor.exe
10.10.2005 20:49 266.240 nvrsesm.dll

Log 2 :

Verzeichnis von C:\DOKUME~1\peter\LOKALE~1\Temp

03.11.2005 01:22 16.384 ~DF92D7.tmp
03.11.2005 01:21 32.768 ~DF457F.tmp
03.11.2005 01:20 32.768 ~DFF297.tmp
03.11.2005 01:20 44.643 jusched.log
02.11.2005 22:56 32.768 ~DFBFFB.tmp
02.11.2005 22:56 32.768 ~DFA610.tmp
02.11.2005 22:16 32.768 ~DF8643.tmp
02.11.2005 22:16 32.768 ~DFC9A2.tmp
02.11.2005 20:48 16.384 ~DF1B8E.tmp
02.11.2005 20:29 16.384 ~DF9C7C.tmp
02.11.2005 20:28 32.768 ~DFBFA2.tmp
02.11.2005 20:28 32.768 ~DFC75B.tmp
02.11.2005 20:17 32.768 ~DF184.tmp
02.11.2005 20:17 32.768 ~DF60C7.tmp
02.11.2005 20:02 32.768 ~DF606D.tmp
02.11.2005 20:01 32.768 ~DF9004.tmp
02.11.2005 17:31 32.768 ~DF6388.tmp
02.11.2005 17:30 32.768 ~DFF9F8.tmp
02.11.2005 17:19 73.276 ~e5.0001
02.11.2005 16:02 10 clean.reg
02.11.2005 15:50 81.920 ~DFC31A.tmp
02.11.2005 13:45 16.384 ~DF1199.tmp
02.11.2005 13:43 32.768 ~DF428B.tmp
02.11.2005 13:43 32.768 ~DFA603.tmp
01.11.2005 21:10 717 control.xml
01.11.2005 19:49 10.623 TWAIN.LOG
01.11.2005 19:49 163.648 N670UA.shd
01.11.2005 19:48 3 Twain001.Mtx
01.11.2005 19:48 156 Twunk001.MTX
01.11.2005 19:42 59.964 Adobelm_Cleanup.0001
01.11.2005 00:06 16.384 ~DF669A.tmp
01.11.2005 00:05 32.768 ~DFBD43.tmp
01.11.2005 00:05 32.768 ~DFB005.tmp
01.11.2005 00:04 813 java_install_reg.log
01.11.2005 00:03 23.544 java_install.log
01.11.2005 00:02 462 MSI3cc6a.LOG
01.11.2005 00:00 16.384 ~DF9C95.tmp
31.10.2005 23:59 32.768 ~DF330D.tmp
31.10.2005 23:59 32.768 ~DFA477.tmp
31.10.2005 09:50 32.768 ~DF3B88.tmp
31.10.2005 09:50 32.768 ~DF45F0.tmp
30.10.2005 13:46 283 wahtmltmp00.htm
30.10.2005 09:51 32.768 ~DF873A.tmp
30.10.2005 09:51 32.768 ~DF56D6.tmp
30.10.2005 00:57 16.384 ~DF3AE1.tmp
29.10.2005 23:47 32.768 ~DF262F.tmp
29.10.2005 23:47 32.768 ~DF5C9B.tmp
29.10.2005 21:47 32.768 ~DFF467.tmp
29.10.2005 20:05 32.768 ~DFBB11.tmp
29.10.2005 12:06 45.056 SWFXXLRT.DLL
29.10.2005 09:05 32.768 ~DFF8EA.tmp
29.10.2005 00:56 221.184 Cli247.tmp
28.10.2005 23:45 221.184 Cli235.tmp
28.10.2005 23:10 221.184 Cli223.tmp
28.10.2005 18:46 221.184 Cli1DC.tmp
28.10.2005 18:45 121.064 set259.tmp
28.10.2005 18:36 221.184 Cli16A.tmp
28.10.2005 08:58 32.768 ~DF3EE2.tmp
27.10.2005 21:23 32.768 ~DF7ABB.tmp
27.10.2005 21:23 32.768 ~DF8F3F.tmp
27.10.2005 21:23 32.768 ~DFE280.tmp
27.10.2005 19:49 221.184 Cli130.tmp
27.10.2005 19:49 221.184 Cli11F.tmp
27.10.2005 16:49 32.768 ~DFD6C.tmp
27.10.2005 15:14 221.184 Cli32A.tmp
27.10.2005 10:13 221.184 CliE6.tmp
27.10.2005 08:34 32.768 ~DF7D5D.tmp
27.10.2005 01:43 47 9522D6BE.TMP
26.10.2005 23:31 32.768 ~DF4E42.tmp
26.10.2005 23:31 32.768 ~DFE4D7.tmp
26.10.2005 23:30 32.768 ~DF5FE5.tmp
26.10.2005 23:30 32.768 ~DF4E6F.tmp
26.10.2005 21:45 221.184 Cli1AD.tmp
26.10.2005 18:32 221.184 Cli104.tmp
26.10.2005 11:42 221.184 Cli90.tmp
26.10.2005 09:07 32.768 ~DF63BB.tmp
25.10.2005 21:36 221.184 Cli22C.tmp
25.10.2005 21:31 221.184 Cli21A.tmp
25.10.2005 16:49 32.768 ~DF143E.tmp
25.10.2005 16:48 32.768 ~DFBD0A.tmp
25.10.2005 16:48 32.768 ~DF8529.tmp
25.10.2005 16:48 32.768 ~DF5F7C.tmp
24.10.2005 18:38 221.184 CliDC.tmp
24.10.2005 17:15 0 Twunk002.MTX
24.10.2005 15:20 32.768 ~DFD5CA.tmp
24.10.2005 13:50 16.384 ~DFAD23.tmp
24.10.2005 08:28 32.768 ~DF3B22.tmp
23.10.2005 22:25 43 dictBA49_sub_tmp.bgl
23.10.2005 22:25 43 dict2C97_sub_tmp.bgl
23.10.2005 22:25 42 dictF0D_sub_tmp.bgl
23.10.2005 22:19 23 dictBD54_sub_tmp.bgl
23.10.2005 12:37 32.768 ~DF3098.tmp
23.10.2005 12:33 32.768 ~DF30A.tmp
23.10.2005 12:19 32.768 ~DF43C2.tmp
23.10.2005 12:13 32.768 ~DF3D9B.tmp
23.10.2005 12:02 32.768 ~DF83DB.tmp
23.10.2005 11:59 32.768 ~DFC5C8.tmp
23.10.2005 11:57 54.784 24916.mst
23.10.2005 11:55 32.768 ~DFAE76.tmp
23.10.2005 11:48 32.768 ~DF58F4.tmp
23.10.2005 11:32 32.768 ~DFFF65.tmp
23.10.2005 11:28 4.533 plf3.tmp
23.10.2005 11:26 32.768 ~DF834E.tmp
23.10.2005 11:22 32.768 ~DFE23C.tmp
23.10.2005 11:19 32.768 ~DFF4B3.tmp
23.10.2005 11:13 32.768 ~DF680E.tmp
23.10.2005 11:10 3.461.440 SonyEricssonPCSuite.log
23.10.2005 11:09 55.808 62e1d8.mst
23.10.2005 11:09 32.768 ~DFD03A.tmp
23.10.2005 11:09 558 MSI212a1.LOG
23.10.2005 11:09 9.955 ~14F.tmp
23.10.2005 11:09 558 MSI212a0.LOG
23.10.2005 11:05 9.955 ~140.tmp
23.10.2005 09:22 32.768 ~DFC9E3.tmp
23.10.2005 00:54 32.768 ~DFCA70.tmp
23.10.2005 00:47 16.384 ~DF2414.tmp
23.10.2005 00:46 32.768 ~DFD1E0.tmp
23.10.2005 00:39 32.768 ~DFE97A.tmp
23.10.2005 00:34 88 misins.ini
22.10.2005 18:29 168.448 59768.mst
22.10.2005 18:19 32.768 ~DF211C.tmp
22.10.2005 18:03 32.768 ~DF80B7.tmp
22.10.2005 17:40 32.768 ~DF742.tmp
22.10.2005 17:35 32.768 ~DFB7DE.tmp
22.10.2005 17:30 2.286 IMT8F.xml
22.10.2005 17:03 16.384 ~DFAAE1.tmp
22.10.2005 14:54 32.768 ~DF8121.tmp
22.10.2005 14:25 168.448 9a5fd6.mst
22.10.2005 14:25 168.448 803481.mst
22.10.2005 11:53 32.768 ~DFE2C.tmp
22.10.2005 11:31 16.384 ~DFD622.tmp
22.10.2005 11:31 0 sqlite_8Ufknhg3XSF7Z4N
22.10.2005 11:31 0 sqlite_HIm2RARpNkXeFPw
22.10.2005 11:30 0 sqlite_GnYkYS1dyQNkbe2
22.10.2005 11:30 0 sqlite_0YIiXqIAxxobbTC
22.10.2005 11:22 32.768 ~DFC9FA.tmp
22.10.2005 11:20 32.768 ~DFB6.tmp
22.10.2005 11:19 32.768 ~DF8710.tmp
22.10.2005 11:18 32.768 ~DFD62A.tmp
22.10.2005 11:17 32.768 ~DFD70D.tmp
22.10.2005 11:10 32.768 ~DFD71D.tmp
22.10.2005 10:57 32.768 ~DF6BCD.tmp
22.10.2005 10:35 32.768 ~DF8F15.tmp
22.10.2005 08:43 32.768 ~DF7495.tmp
22.10.2005 08:29 32.768 ~DF54D0.tmp
22.10.2005 08:00 32.768 ~DFC3E2.tmp
22.10.2005 07:54 32.768 ~DF7822.tmp
22.10.2005 06:43 32.768 ~DFA073.tmp
21.10.2005 22:55 168.448 7db006.mst
11.09.2005 03:58 58.368 30b1d.mst

Log 3:

Verzeichnis von C:\WINDOWS

03.11.2005 01:21 4.958.588 {00000002-00000000-00000009-00001102-00000004-20021102}.CDF
03.11.2005 01:21 159 wiadebug.log
03.11.2005 01:20 1.848.367 WindowsUpdate.log
03.11.2005 01:20 50 wiaservc.log
03.11.2005 01:20 2.048 bootstat.dat
03.11.2005 01:19 32.620 SchedLgU.Txt
02.11.2005 22:56 0 0.log
02.11.2005 21:33 385.475 setupapi.log
02.11.2005 20:15 1.680.482 ntbtlog.txt
02.11.2005 14:39 54.156 QTFont.qfn
02.11.2005 10:11 116 NeroDigital.ini
01.11.2005 21:10 103.148 wmsetup.log
01.11.2005 09:42 1.409 QTFont.for
30.10.2005 23:10 192 winamp.ini
24.10.2005 18:15 160.545 DirectX.log
24.10.2005 17:20 25.713 CSTBox.INI
22.10.2005 17:32 323.137 iis6.log
22.10.2005 17:32 101.104 comsetup.log
22.10.2005 17:32 59.490 ntdtcsetup.log
22.10.2005 17:32 125.848 tsoc.log
22.10.2005 17:32 14.003 tabletoc.log
22.10.2005 17:32 1.393 imsins.log
22.10.2005 17:32 14.907 ocmsn.log
22.10.2005 17:32 37.951 KB902400.log
22.10.2005 17:32 47.193 netfxocm.log
22.10.2005 17:32 18.912 MedCtrOC.log
22.10.2005 17:32 134.288 ocgen.log
22.10.2005 17:32 13.534 msgsocm.log
22.10.2005 17:32 265.024 FaxSetup.log
22.10.2005 17:32 87.720 msmqinst.log
22.10.2005 17:31 26.741 updspapi.log
22.10.2005 12:08 4.958.588 {00000002-00000000-00000009-00001102-00000004-20021102}.BAK
22.10.2005 11:30 2.106.905 setupapi.log.1.old
19.10.2005 21:21 1.393 imsins.BAK
19.10.2005 21:21 6.442 KB902400Uninst.log
18.10.2005 21:09 400 ODBC.INI
18.10.2005 21:09 734 win.ini
18.10.2005 16:03 733 CoD.INI
14.10.2005 03:36 24.272 ydi.log
13.10.2005 15:17 90 setup.log
13.10.2005 15:17 98 Ô
13.10.2005 15:17 136 SBWIN.INI
13.10.2005 12:27 180.096 setupact.log
13.10.2005 11:04 17.797 KB901017.log
13.10.2005 11:04 11.047 KB899589.log
13.10.2005 11:04 14.825 KB896688.log
13.10.2005 11:04 9.585 KB900725.log
12.10.2005 12:53 7.754 KB905414.log
12.10.2005 12:53 6.936 KB904706.log
12.10.2005 12:53 7.596 KB905749.log
11.10.2005 23:25 632 CoDUO.INI

Log 4:

Verzeichnis von C:\

03.11.2005 01:46 0 sys.txt
03.11.2005 01:45 9.749 system.txt
03.11.2005 01:44 8.876 systemtemp.txt
03.11.2005 01:36 113.991 system32.txt
03.11.2005 01:20 2.569.011.200 pagefile.sys
22.10.2005 10:33 209 boot.ini
05.10.2005 17:25 26 xml2.txt
04.10.2005 23:01 17.508 ptdebug.txt
01.10.2005 11:47 15 testlog.log
Dieser Beitrag wurde am 03.11.2005 um 01:51 Uhr von div4o editiert.
Seitenanfang Seitenende
03.11.2005, 01:52
Member
Avatar Gool

Beiträge: 4730
#4 Fixe im HijackThis (Häkchen setzen und "fix checked" klicken) folgende Einträge:

O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\k6pm0g71e6.dll (file missing)
O20 - Winlogon Notify: Run_Disabled - C:\WINDOWS\system32\ir60l5jm1.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\s888lilu18q8.dll (file missing)

Sonst sieht soweit alles in Ordnung aus. Bevor jetzt aber die richtige Reinigung startet, bitte noch den eScan-Log ;)

Nachtrag (kleine Gedankenstütze für mich)
Verzeichnis von C:\WINDOWS\system32

03.11.2005 01:20 233.780 uersdpia.dll
03.11.2005 01:20 234.745 hr6u05j9e.dll
02.11.2005 22:56 233.780 ir60l5jm1.dll
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Dieser Beitrag wurde am 03.11.2005 um 01:55 Uhr von Managor editiert.
Seitenanfang Seitenende
03.11.2005, 03:13
...neu hier

Themenstarter

Beiträge: 5
#5 und der eScan-Lod:


--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Thu Nov 03 02:01:24 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
2: Thu Nov 03 02:01:29 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\fwjslpba\common[1].js
3: Thu Nov 03 02:01:29 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
4: Thu Nov 03 02:01:29 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\fwjslpba\global[1].js
5: Thu Nov 03 02:01:29 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.
6: Thu Nov 03 02:01:29 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\o1qrg5i7\common[1].js
7: Thu Nov 03 02:01:29 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
8: Thu Nov 03 02:01:29 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\o1qrg5i7\show_ads[2].js
9: Thu Nov 03 02:01:29 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
10: Thu Nov 03 02:01:41 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Eigene Dateien\eigene ebooks\learning linux - collection of 12 ebooks\learning linux -collection of 12 ebooks-\linux unleashed, third edition\new.gif
11: Thu Nov 03 02:01:41 2005 => System found infected with ezula toptext Spyware/Adware (new.gif)! Action taken: No Action Taken.
12: Thu Nov 03 02:01:46 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\temp\temporary internet files\content.ie5\3750ae3d\show_ads[2].js
13: Thu Nov 03 02:01:46 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
14: Thu Nov 03 02:01:46 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\temporary internet files\content.ie5\6p29azcv\blank[1].htm
15: Thu Nov 03 02:01:46 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.
16: Thu Nov 03 02:01:46 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\temporary internet files\content.ie5\6p29azcv\global[1].js
17: Thu Nov 03 02:01:46 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.
18: Thu Nov 03 02:01:46 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\temporary internet files\content.ie5\6p29azcv\mm_menu[1].js
19: Thu Nov 03 02:01:46 2005 => System found infected with whenu.savenow Spyware/Adware (mm_menu[1].js)! Action taken: No Action Taken.
20: Thu Nov 03 02:01:47 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\temporary internet files\content.ie5\ivwfyb6p\show_ads[2].js
21: Thu Nov 03 02:01:47 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
22: Thu Nov 03 02:01:47 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\temporary internet files\content.ie5\sb0dwfyz\blank[1].htm
23: Thu Nov 03 02:01:47 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.
24: Thu Nov 03 02:01:47 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temporary Internet Files\content.ie5\6p29azcv\blank[1].htm
25: Thu Nov 03 02:01:47 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.
26: Thu Nov 03 02:01:47 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temporary Internet Files\content.ie5\6p29azcv\global[1].js
27: Thu Nov 03 02:01:47 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.
28: Thu Nov 03 02:01:47 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temporary Internet Files\content.ie5\6p29azcv\mm_menu[1].js
29: Thu Nov 03 02:01:47 2005 => System found infected with whenu.savenow Spyware/Adware (mm_menu[1].js)! Action taken: No Action Taken.
30: Thu Nov 03 02:01:48 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temporary Internet Files\content.ie5\ivwfyb6p\show_ads[2].js
31: Thu Nov 03 02:01:48 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
32: Thu Nov 03 02:01:48 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temporary Internet Files\content.ie5\sb0dwfyz\blank[1].htm
33: Thu Nov 03 02:01:48 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.
34: Thu Nov 03 02:01:50 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Eigene Dateien\eigene ebooks\learning linux - collection of 12 ebooks\learning linux -collection of 12 ebooks-\linux unleashed, third edition\new.gif
35: Thu Nov 03 02:01:50 2005 => System found infected with ezula toptext Spyware/Adware (new.gif)! Action taken: No Action Taken.
36: Thu Nov 03 02:04:49 2005 => File C:\DOKUME~1\peter\LOKALE~1\TEMPOR~1\Content.IE5\6P29AZCV\send_car_int[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken.
37: Thu Nov 03 02:13:57 2005 => File C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6P29AZCV\send_car_int[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken.
38: Thu Nov 03 02:32:04 2005 => File C:\Programme\QuickTime\QuickTimeWebHelper.qtx infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
39: Thu Nov 03 02:40:54 2005 => File C:\System Volume Information\_restore{0C285CA2-0306-46AD-A2CE-14BB5BCBF6E6}\RP361\A0103742.exe infected by "Trojan-Downloader.Win32.Adload.j" Virus! Action Taken: No Action Taken.
40: Thu Nov 03 02:49:15 2005 => File C:\WINDOWS\system32\QuickTime\QuickTimeWebHelper.qtx infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
41: Thu Nov 03 02:50:56 2005 => File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CGZWJQX4\send_car_int[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken.
42: Thu Nov 03 02:56:15 2005 => File E:\System Volume Information\_restore{0C285CA2-0306-46AD-A2CE-14BB5BCBF6E6}\RP344\A0099413.exe infected by "Trojan-Downloader.Win32.Adload.j" Virus! Action Taken: No Action Taken.

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Thu Nov 03 02:00:57 2005 => File C:\WINDOWS\system32\CV_OAL.DLL tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
2: Thu Nov 03 02:02:30 2005 => File C:\WINDOWS\system32\CV_OAL.DLL tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
3: Thu Nov 03 02:02:43 2005 => File C:\WINDOWS\system32\hr6u05j9e.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
4: Thu Nov 03 02:40:54 2005 => File C:\System Volume Information\_restore{0C285CA2-0306-46AD-A2CE-14BB5BCBF6E6}\RP361\A0103751.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
5: Thu Nov 03 02:40:54 2005 => File C:\System Volume Information\_restore{0C285CA2-0306-46AD-A2CE-14BB5BCBF6E6}\RP361\A0103760.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
6: Thu Nov 03 02:40:55 2005 => File C:\System Volume Information\_restore{0C285CA2-0306-46AD-A2CE-14BB5BCBF6E6}\RP361\A0103774.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
7: Thu Nov 03 02:46:12 2005 => File C:\WINDOWS\system32\CV_OAL.DLL tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
8: Thu Nov 03 02:48:10 2005 => File C:\WINDOWS\system32\hr6u05j9e.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Thu Nov 03 02:01:05 2005 => ERROR!!! Invalid Entry {C919B8C1-E639-443E-AC08-19311CF20FA1} = C:\WINDOWS\system32\guard.tmp (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
2: Thu Nov 03 02:01:14 2005 => ERROR!!! Invalid Entry \??\C:\huadio.tmp in SYSTEM\CurrentControlSet\Services\autorun...
3: Thu Nov 03 02:01:58 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Sony Ericsson\Mobile\OCS\ObexAuthenticationServiceDll.dll". Action Taken: No Action Taken.
4: Thu Nov 03 02:01:58 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Sony Ericsson\Mobile\OCS\ObexAuthenticationServiceDllLg.dll". Action Taken: No Action Taken.
5: Thu Nov 03 02:01:59 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ET4Tray.exe" refers to invalid object "C:\Programme\Gigabyte\Gigabyte Windows Utility Manager\ET4\ET4Tray.exe". Action Taken: No Action Taken.
6: Thu Nov 03 02:01:59 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\Programme\Gigabyte\Enable S3 for USB Device\yourapp.Exe". Action Taken: No Action Taken.
7: Thu Nov 03 02:02:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Adobe Bridge\". Action Taken: No Action Taken.
8: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\bin\". Action Taken: No Action Taken.
9: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\". Action Taken: No Action Taken.
10: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\resource\". Action Taken: No Action Taken.
11: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\Grey\Resource\". Action Taken: No Action Taken.
12: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\Grey\". Action Taken: No Action Taken.
13: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\". Action Taken: No Action Taken.
14: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\Grey\Friends\". Action Taken: No Action Taken.
15: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\Grey\Public\". Action Taken: No Action Taken.
16: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\Grey\steam\games\". Action Taken: No Action Taken.
17: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\Grey\steam\". Action Taken: No Action Taken.
18: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\Grey\servers\". Action Taken: No Action Taken.
19: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\Grey\steam\cached\". Action Taken: No Action Taken.
20: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\SteamApps\". Action Taken: No Action Taken.
21: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\Public\". Action Taken: No Action Taken.
22: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\peter\Startmenü\Programme\Valve\Steam\". Action Taken: No Action Taken.
23: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\peter\Startmenü\Programme\Valve\". Action Taken: No Action Taken.
24: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".001". Action Taken: No Action Taken.
25: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1". Action Taken: No Action Taken.
26: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1]-". Action Taken: No Action Taken.
27: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".adb". Action Taken: No Action Taken.
28: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".adr". Action Taken: No Action Taken.
29: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".b". Action Taken: No Action Taken.
30: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bak". Action Taken: No Action Taken.
31: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bfi". Action Taken: No Action Taken.
32: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BIK". Action Taken: No Action Taken.
33: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cbf". Action Taken: No Action Taken.
34: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ccd". Action Taken: No Action Taken.
35: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".class". Action Taken: No Action Taken.
36: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".con". Action Taken: No Action Taken.
37: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".F6". Action Taken: No Action Taken.
38: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".F9". Action Taken: No Action Taken.
39: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".HL_". Action Taken: No Action Taken.
40: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".idx". Action Taken: No Action Taken.
41: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".img". Action Taken: No Action Taken.
42: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IND". Action Taken: No Action Taken.
43: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LGE". Action Taken: No Action Taken.
44: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lng". Action Taken: No Action Taken.
45: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".met". Action Taken: No Action Taken.
46: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mix". Action Taken: No Action Taken.
47: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mpga". Action Taken: No Action Taken.
48: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".part". Action Taken: No Action Taken.
49: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PlayList". Action Taken: No Action Taken.
50: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pyd". Action Taken: No Action Taken.
51: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sdp". Action Taken: No Action Taken.
52: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".set". Action Taken: No Action Taken.
53: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".spec". Action Taken: No Action Taken.
54: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ssm". Action Taken: No Action Taken.
55: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tdf". Action Taken: No Action Taken.
56: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tla". Action Taken: No Action Taken.
57: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.
58: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tv_". Action Taken: No Action Taken.
59: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".vfp". Action Taken: No Action Taken.
60: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xpt". Action Taken: No Action Taken.
61: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
62: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Bet on Soldier Single Player Demo_is1". Action Taken: No Action Taken.
63: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BitSpirit_is1". Action Taken: No Action Taken.
64: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BoSSaver_is1". Action Taken: No Action Taken.
65: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DungeonSiege2". Action Taken: No Action Taken.
66: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Earth 2160". Action Taken: No Action Taken.
67: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "EasyTune5". Action Taken: No Action Taken.
68: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}". Action Taken: No Action Taken.
69: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{C83F2952-4678-4F00-AB05-776658A8D0AE}". Action Taken: No Action Taken.
70: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{FB9CDF41-F0B9-4F31-9230-7DF0D6637270}". Action Taken: No Action Taken.
71: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.0.6)". Action Taken: No Action Taken.
72: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NiBiRu_is1". Action Taken: No Action Taken.
73: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "PC Wizard 2005_is1". Action Taken: No Action Taken.
74: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuickTime". Action Taken: No Action Taken.
75: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Return to Castle Wolfenstein". Action Taken: No Action Taken.
76: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Rune". Action Taken: No Action Taken.
77: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "UnrealTournament". Action Taken: No Action Taken.
78: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WinZip". Action Taken: No Action Taken.
79: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Wolfenstein - Enemy Territory". Action Taken: No Action Taken.
80: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{04CB9967-A8BB-468C-ABA6-CE87328712BE}". Action Taken: No Action Taken.
81: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{054400C0-64A6-4248-A026-9745C1E9E159}". Action Taken: No Action Taken.
82: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{124E82AF-314C-49D7-853A-5D0C77AC44A9}". Action Taken: No Action Taken.
83: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2B653229-9854-4989-B780-D978F5F13EAB}". Action Taken: No Action Taken.
84: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3248F0A8-6813-11D6-A77B-00B0D0150010}". Action Taken: No Action Taken.
85: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4540F576-8F15-416C-8F53-03B8E8C3941C}". Action Taken: No Action Taken.
86: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{520B1077-6B1F-4B9B-B7BC-8CD2F04982C3}". Action Taken: No Action Taken.
87: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1031-7B44-A70000000000}". Action Taken: No Action Taken.
88: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B836CE46-F408-4DD4-9F65-0CE6937CF470}". Action Taken: No Action Taken.
89: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B938B1B3-5F74-459A-8004-EE0BA84919A9}". Action Taken: No Action Taken.
90: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{BA10AC78-E687-4523-8B93-540428FC256F}". Action Taken: No Action Taken.
91: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D45EC259-4A19-4656-B588-C2C360DD18EA}". Action Taken: No Action Taken.
92: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EE5BC0BB-9EDA-423C-8276-48857B735D68}". Action Taken: No Action Taken.
93: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}". Action Taken: No Action Taken.
94: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F69FD33C-8815-46BF-9134-A643DE68F3C0}". Action Taken: No Action Taken.
95: Thu Nov 03 02:02:03 2005 => Entry "HKCR\CLSID\{17C59FCD-152C-40C7-8ABA-E5F9A57F3448}" refers to invalid object "C:\WINDOWS\DOWNLO~1\CTSUEng.ocx". Action Taken: No Action Taken.
96: Thu Nov 03 02:02:05 2005 => Entry "HKCR\CLSID\{867F4127-204C-436F-B77F-1F58FEA496E7}" refers to invalid object "start ACDSee7.exe /StiDevice:%1 /StiEvent:%2". Action Taken: No Action Taken.
97: Thu Nov 03 02:02:06 2005 => Entry "HKCR\CLSID\{C6DEEE86-2EB6-4C9F-ABF9-C3C042F1E498}" refers to invalid object "C:\WINDOWS\DOWNLO~1\CTPID.ocx". Action Taken: No Action Taken.
98: Thu Nov 03 02:02:06 2005 => Entry "HKCR\CLSID\{C919B8C1-E639-443E-AC08-19311CF20FA1}" refers to invalid object "C:\WINDOWS\system32\guard.tmp". Action Taken: No Action Taken.
99: Thu Nov 03 02:02:07 2005 => Entry "HKCR\TypeLib\{1AEDDE72-EF8A-4826-9DCE-F112736A7D46}" refers to invalid object "C:\WINDOWS\DOWNLO~1\CTPID.ocx". Action Taken: No Action Taken.
100: Thu Nov 03 02:02:07 2005 => Entry "HKCR\TypeLib\{E2301FEA-9B55-4647-9B25-93AD0F93ACE7}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CTSUEng.ocx". Action Taken: No Action Taken.
101: Thu Nov 03 02:02:08 2005 => Entry "HKCR\.pdd" refers to invalid object "Photoshop.PDDFile.8". Action Taken: No Action Taken.
102: Thu Nov 03 02:02:08 2005 => Entry "HKCR\ACDSee 7.ResultSet.3" refers to invalid object "{8B86BBC9-034B-476E-0E6F-80471E92CC53}". Action Taken: No Action Taken.
103: Thu Nov 03 02:02:08 2005 => Entry "HKCR\adbanner.CddbFullName.1" refers to invalid object "{4CF69CB9-19FC-3602-1E3E-914BEFFBAD33}". Action Taken: No Action Taken.
104: Thu Nov 03 02:02:09 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
105: Thu Nov 03 02:02:09 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
106: Thu Nov 03 02:02:09 2005 => Entry "HKCR\eD2KDownloadManager.object" refers to invalid object "{320154BB-D666-48F6-990E-172B32954620}". Action Taken: No Action Taken.
107: Thu Nov 03 02:02:09 2005 => Entry "HKCR\eD2KDownloadManager.object.1" refers to invalid object "{320154BB-D666-48F6-990E-172B32954620}". Action Taken: No Action Taken.
108: Thu Nov 03 02:02:10 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
109: Thu Nov 03 02:02:10 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
110: Thu Nov 03 02:02:10 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
111: Thu Nov 03 02:02:11 2005 => Entry "HKCR\OnDiscTitle.ShortCut.3" refers to invalid object "{491D6C2F-2C8D-A567-E3CE-C029F9C64079}". Action Taken: No Action Taken.
112: Thu Nov 03 02:02:11 2005 => Entry "HKCR\PDFShellServer.PDFShellInfo" refers to invalid object "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}". Action Taken: No Action Taken.
113: Thu Nov 03 02:02:11 2005 => Entry "HKCR\PDFShellServer.PDFShellInfo.1" refers to invalid object "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}". Action Taken: No Action Taken.
114: Thu Nov 03 02:02:11 2005 => Entry "HKCR\RxSBDViewEx.SBDGroupCtrl" refers to invalid object "{7495CF57-E208-4DF0-A8C5-9E17ECC51490}". Action Taken: No Action Taken.
115: Thu Nov 03 02:02:11 2005 => Entry "HKCR\RxSBDViewEx.SBDGroupCtrl.1" refers to invalid object "{7495CF57-E208-4DF0-A8C5-9E17ECC51490}". Action Taken: No Action Taken.
116: Thu Nov 03 02:02:12 2005 => Entry "HKCR\steam\shell\open\command" refers to invalid object ""C:\games\Steam\Steam.exe" "%1"". Action Taken: No Action Taken.
117: Thu Nov 03 02:02:12 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
118: Thu Nov 03 02:02:12 2005 => Entry "HKCR\Valve.Source\shell\open\command" refers to invalid object ""c:\games\steam\steamapps\div4o\half-life 2 lostcoast\hl2.exe" "%1"". Action Taken: No Action Taken.
119: Thu Nov 03 02:04:08 2005 => Result: ERROR!!! File C:\DOKUME~1\peter\LOKALE~1\Temp\mqch6.tmp\MSC\shared\agentcfg.cab is Not Scanned
120: Thu Nov 03 02:04:08 2005 => Result: ERROR!!! File C:\DOKUME~1\peter\LOKALE~1\Temp\mqch6.tmp\MSC\shared\agentins.cab is Not Scanned
121: Thu Nov 03 02:04:21 2005 => Result: ERROR!!! File C:\DOKUME~1\peter\LOKALE~1\Temp\SHREDDER.tmp\shared\shredcfg.cab is Not Scanned
122: Thu Nov 03 02:04:22 2005 => Result: ERROR!!! File C:\DOKUME~1\peter\LOKALE~1\Temp\SHR_6_0_ENUS.tmp\shared\shredcfg.cab is Not Scanned
123: Thu Nov 03 02:06:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\peter\Anwendungsdaten\Microsoft\Office\Zuletzt verwendet\??????? ???? ?? ????????.doc.LNK: Scanning Failure!!!
124: Thu Nov 03 02:06:56 2005 => ERROR!!! ScanFile fails for C:\Dokumente und Einstellungen\peter\Anwendungsdaten\Microsoft\Office\Zuletzt verwendet\??????? ???? ?? ????????.doc.LNK
125: Thu Nov 03 02:13:32 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temp\mqch6.tmp\MSC\shared\agentcfg.cab is Not Scanned
126: Thu Nov 03 02:13:33 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temp\mqch6.tmp\MSC\shared\agentins.cab is Not Scanned
127: Thu Nov 03 02:13:41 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temp\SHREDDER.tmp\shared\shredcfg.cab is Not Scanned
128: Thu Nov 03 02:13:42 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temp\SHR_6_0_ENUS.tmp\shared\shredcfg.cab is Not Scanned
129: Thu Nov 03 02:44:35 2005 => Result: ERROR!!! File C:\WINDOWS\Installer\5a9a9.msi is Not Scanned
130: Thu Nov 03 02:50:46 2005 => Result: ERROR!!! File C:\WINDOWS\Temp\mcuA2.tmp\agentins.cab is Not Scanned
131: Thu Nov 03 02:50:47 2005 => Result: ERROR!!! File C:\WINDOWS\Temp\mcuA2.tmp\shared\agentcfg.cab is Not Scanned
132: Thu Nov 03 02:50:50 2005 => Result: ERROR!!! File C:\WINDOWS\Temp\mcuA2.tmp\vsoins.cab is Not Scanned

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\DOKUME~1\peter\LOKALE~1\TEMPOR~1\Content.IE5\6P29AZCV\send_car_int[1].htm => Exploit.HTML.CodeBaseExec
2: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6P29AZCV\send_car_int[1].htm => Exploit.HTML.CodeBaseExec
3: C:\Programme\QuickTime\QuickTimeWebHelper.qtx => Trojan.Win32.Pakes
4: C:\System Volume Information\_restore{0C285CA2-0306-46AD-A2CE-14BB5BCBF6E6}\RP361\A0103742.exe => Trojan-Downloader.Win32.Adload.j
5: C:\WINDOWS\system32\QuickTime\QuickTimeWebHelper.qtx => Trojan.Win32.Pakes
6: C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CGZWJQX4\send_car_int[1].htm => Exploit.HTML.CodeBaseExec
7: E:\System Volume Information\_restore{0C285CA2-0306-46AD-A2CE-14BB5BCBF6E6}\RP344\A0099413.exe => Trojan-Downloader.Win32.Adload.j

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Thu Nov 03 02:57:21 2005 => Total Objects Scanned: 138722
Thu Nov 03 02:57:21 2005 => Total Virus(es) Found: 44
Thu Nov 03 02:57:21 2005 => Total Errors: 131
Thu Nov 03 02:57:22 2005 => Virus Database Date: 2005/11/03
Thu Nov 03 02:57:22 2005 => Virus Database Count: 157871
Thu Nov 03 03:01:11 2005 => Total Objects Scanned: 138722
Thu Nov 03 03:01:11 2005 => Total Virus(es) Found: 44
Thu Nov 03 03:01:11 2005 => Total Errors: 131


Weitere Beobachtungen: Seit 20:00 steht für das McAfee Anti-Spyware ein Update zu Verfügung. Nachdem man diesen aufgespielt hat, erkennt das Programm die dlls eindeutig als das Look2Me-Adware. Nach dem Scan habe ich diese entfernt und musste den Rechner neustarten. Ergebnis NIX, das verdammte Ding war und ist immer noch da. Interessant ist auch, dass es INTELIGENT ist. Solange keine aktive Internet- Verbindung aufgebaut worden ist, passiert nicht. Aber sobald das Internet wieder aktiv ist, springt der IE wie ein braver Hund, der sich über seinen Herrn freut, auf. Zu bemerken ist auch das alle Browser betroffen sind, wobei bei Opera und Firefox die Fenster in das Untermenü geöffnet werden. Ganz anders bei IE…..braveees Hündchen !!!!

Also wie schaffe ich da verdammte Ding von meinem Rechner weg?????


P.S. Wegen HJT, wenn ich auf Fix klicke, tut sich nix...!!!!Keine Meldung, die Einträge stehen noch da...einfach...nix...
Dieser Beitrag wurde am 03.11.2005 um 03:37 Uhr von div4o editiert.
Seitenanfang Seitenende
07.11.2005, 12:38
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Hallo@

LSPfix.exe
http://www.spychecker.com/program/lspfix.html

hake an: "I know what Im doing"--Remove
und loesche die apptoport.dll
(eventuell musst du die dll von links nach rechts bringen)

CCleaner
http://www.ccleaner.com/ccdownload.asp
lösche alle temp-Dateien

http://virus-protect.org/l2mfix.html
arbeite option1 und 2 ab und poste die Logs, dann sollte der Look2Me geloescht sein

falls nicht, erledigt das der Spysweeper (trial)
http://virus-protect.org/spysweeper.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: