selsame dll, verursacht Werbefenster !? |
||
---|---|---|
#0
| ||
02.11.2005, 21:16
...neu hier
Beiträge: 5 |
||
|
||
03.11.2005, 00:20
Member
Beiträge: 4730 |
#2
Bitte poste uns doch den ganzen HJT-Log. Und außerdem bitte ich Dich, vier Logs nach folgender Anweisung zu erstellen und daraus die Einträge der vergangenen drei Wochen (vor jedem Eintrag steht ein Datum) inklusiver der Pfadangabe am Anfang zu kopieren:
http://virus-protect.org/datfindbat.html Weiterhin bitte ich Dich, im abgesicherten Modus einen Scan mit eScanCheck durchzuführen und das Ergebnis zu posten: http://managor.de/escan.htm __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser Dieser Beitrag wurde am 03.11.2005 um 00:23 Uhr von Managor editiert.
|
|
|
||
03.11.2005, 01:32
...neu hier
Themenstarter Beiträge: 5 |
#3
Hier den HJT-Log:
Logfile of HijackThis v1.99.1 Scan saved at 01:32:04, on 03.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programme\Executive Software\Diskeeper\DkService.exe C:\Programme\F-Prot\fpavupdm.exe c:\progra~1\mcafee\mcafee antispyware\massrv.exe c:\programme\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Logi_MwX.Exe C:\Programme\Microsoft AntiSpyware\gcasServ.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Programme\McAfee.com\VSO\mcvsshld.exe C:\Programme\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\progra~1\mcafee\MCAFEE~3\masalert.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\studnet\studnet.exe C:\Programme\Overnet\overnet.exe C:\Programme\Azureus\Azureus.exe C:\Programme\Java\jre1.5.0_04\bin\javaw.exe C:\Programme\Opera\Opera.exe C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE E:\Archiv\Schutzsoftware\HijackThis 1.99\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Programme\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Programme\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~3\masalert.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programme\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O10 - Unknown file in Winsock LSP: c:\programme\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\programme\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\programme\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\programme\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\programme\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\programme\bps spyware & adware remover\apptoport.dll O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130618950406 O17 - HKLM\System\CCS\Services\Tcpip\..\{9CF520BC-FFEA-4779-AC8A-6209CCEFE6DD}: NameServer = 139.18.25.3 O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\k6pm0g71e6.dll (file missing) O20 - Winlogon Notify: Run_Disabled - C:\WINDOWS\system32\ir60l5jm1.dll O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\s888lilu18q8.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programme\Executive Software\Diskeeper\DkService.exe O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programme\F-Prot\fpavupdm.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programme\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ra4swapltii - Sonic Solutions - (no file) Log 1: Verzeichnis von C:\WINDOWS\system32 03.11.2005 01:22 104.576 Status.MPF 03.11.2005 01:20 39.291 nvapps.xml 03.11.2005 01:20 233.780 uersdpia.dll 03.11.2005 01:20 234.745 hr6u05j9e.dll 03.11.2005 01:19 1.080 settingsbkup.sfm 03.11.2005 01:19 1.080 settings.sfm 03.11.2005 01:19 11.564 DVCState-{00000002-00000000-00000009-00001102-00000004-20021102}.rfx 03.11.2005 01:19 30.528 BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-20021102}.rfx 03.11.2005 01:19 30.528 BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-20021102}.rfx 03.11.2005 01:19 30.888 BMXState-{00000002-00000000-00000009-00001102-00000004-20021102}.rfx 03.11.2005 01:19 30.888 BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-20021102}.rfx 02.11.2005 22:56 233.780 ir60l5jm1.dll 02.11.2005 20:19 383.390 perfh009.dat 02.11.2005 20:19 394.830 perfh007.dat 02.11.2005 20:19 53.744 perfc009.dat 02.11.2005 20:19 64.796 perfc007.dat 02.11.2005 20:19 906.616 PerfStringBackup.INI 02.11.2005 13:42 2.206 wpa.dbl 01.11.2005 00:03 3.799 jupdate-1.5.0_04-b05.log 23.10.2005 12:35 158 NVU001.nvu 19.10.2005 05:37 308.400 FNTCACHE.DAT 18.10.2005 10:08 349.760 mcinsctl.dll 14.10.2005 01:37 14 MPFServiceFailureCount.txt 13.10.2005 15:23 233.472 wrap_oal.dll 10.10.2005 21:51 180.224 NVUNINST.EXE 10.10.2005 21:51 180.224 nvunrm.exe 10.10.2005 21:51 180.224 nvudisp.exe 10.10.2005 20:49 34.304 nvcod.dll 10.10.2005 20:49 1.519.616 nwiz.exe 10.10.2005 20:49 167.936 nvwrszht.dll 10.10.2005 20:49 163.840 nvwrszhc.dll 10.10.2005 20:49 425.984 keystone.exe 10.10.2005 20:49 294.912 nvwrssv.dll 10.10.2005 20:49 303.104 nvwrssl.dll 10.10.2005 20:49 299.008 nvwrssk.dll 10.10.2005 20:49 315.392 nvwrsru.dll 10.10.2005 20:49 319.488 nvwrsptb.dll 10.10.2005 20:49 323.584 nvwrspt.dll 10.10.2005 20:49 294.912 nvwrspl.dll 10.10.2005 20:49 299.008 nvwrsno.dll 10.10.2005 20:49 319.488 nvwrsnl.dll 10.10.2005 20:49 196.608 nvwrsko.dll 10.10.2005 20:49 442.368 nvappbar.exe 10.10.2005 20:49 323.584 nvwrsit.dll 10.10.2005 20:49 315.392 nvwrshu.dll 10.10.2005 20:49 278.528 nvwrshe.dll 10.10.2005 20:49 327.680 nvwrsfr.dll 10.10.2005 20:49 303.104 nvwrsfi.dll 10.10.2005 20:49 327.680 nvwrsesm.dll 10.10.2005 20:49 335.872 nvwrses.dll 10.10.2005 20:49 286.720 nvwrseng.dll 10.10.2005 20:49 335.872 nvwrsel.dll 10.10.2005 20:49 311.296 nvwrsde.dll 10.10.2005 20:49 294.912 nvwrsda.dll 10.10.2005 20:49 286.720 nvwrscs.dll 10.10.2005 20:49 282.624 nvwrsar.dll 10.10.2005 20:49 1.019.904 nvwimg.dll 10.10.2005 20:49 1.662.976 nvwdmcpl.dll 10.10.2005 20:49 81.920 nvwddi.dll 10.10.2005 20:49 3.921.024 nv4_disp.dll 10.10.2005 20:49 212.992 nvwrsja.dll 10.10.2005 20:49 45.056 nvapi.dll 10.10.2005 20:49 303.104 nvwrstr.dll 10.10.2005 20:49 73.728 nvtuicpl.cpl 10.10.2005 20:49 131.139 nvsvc32.exe 10.10.2005 20:49 466.944 nvshell.dll 10.10.2005 20:49 118.784 nvrszht.dll 10.10.2005 20:49 217.088 nvrszhc.dll 10.10.2005 20:49 249.856 nvrstr.dll 10.10.2005 20:49 245.760 nvrssv.dll 10.10.2005 20:49 249.856 nvrssl.dll 10.10.2005 20:49 249.856 nvrssk.dll 10.10.2005 20:49 262.144 nvrsru.dll 10.10.2005 20:49 262.144 nvrsptb.dll 10.10.2005 20:49 266.240 nvrspt.dll 10.10.2005 20:49 249.856 nvrspl.dll 10.10.2005 20:49 249.856 nvrsno.dll 10.10.2005 20:49 266.240 nvrsnl.dll 10.10.2005 20:49 253.952 nvrsko.dll 10.10.2005 20:49 258.048 nvrsja.dll 10.10.2005 20:49 274.432 nvrsit.dll 10.10.2005 20:49 253.952 nvrshu.dll 10.10.2005 20:49 319.488 nvrshe.dll 10.10.2005 20:49 278.528 nvrsfr.dll 10.10.2005 20:49 241.664 nvrsfi.dll 10.10.2005 20:49 34.304 nvcodins.dll 10.10.2005 20:49 274.432 nvrses.dll 10.10.2005 20:49 241.664 nvrseng.dll 10.10.2005 20:49 274.432 nvrsel.dll 10.10.2005 20:49 270.336 nvrsde.dll 10.10.2005 20:49 245.760 nvrsda.dll 10.10.2005 20:49 241.664 nvrscs.dll 10.10.2005 20:49 319.488 nvrsar.dll 10.10.2005 20:49 5.378.048 nvoglnt.dll 10.10.2005 20:49 286.720 nvnt4cpl.dll 10.10.2005 20:49 86.016 nvmctray.dll 10.10.2005 20:49 45.056 nvmccsrs.dll 10.10.2005 20:49 229.376 nvmccs.dll 10.10.2005 20:49 1.466.368 nview.dll 10.10.2005 20:49 573.440 nvhwvid.dll 10.10.2005 20:49 1.339.392 nvdspsch.exe 10.10.2005 20:49 15.868 nvdisp.nvu 10.10.2005 20:49 7.286.784 nvcpl.dll 10.10.2005 20:49 147.456 nvcolor.exe 10.10.2005 20:49 266.240 nvrsesm.dll Log 2 : Verzeichnis von C:\DOKUME~1\peter\LOKALE~1\Temp 03.11.2005 01:22 16.384 ~DF92D7.tmp 03.11.2005 01:21 32.768 ~DF457F.tmp 03.11.2005 01:20 32.768 ~DFF297.tmp 03.11.2005 01:20 44.643 jusched.log 02.11.2005 22:56 32.768 ~DFBFFB.tmp 02.11.2005 22:56 32.768 ~DFA610.tmp 02.11.2005 22:16 32.768 ~DF8643.tmp 02.11.2005 22:16 32.768 ~DFC9A2.tmp 02.11.2005 20:48 16.384 ~DF1B8E.tmp 02.11.2005 20:29 16.384 ~DF9C7C.tmp 02.11.2005 20:28 32.768 ~DFBFA2.tmp 02.11.2005 20:28 32.768 ~DFC75B.tmp 02.11.2005 20:17 32.768 ~DF184.tmp 02.11.2005 20:17 32.768 ~DF60C7.tmp 02.11.2005 20:02 32.768 ~DF606D.tmp 02.11.2005 20:01 32.768 ~DF9004.tmp 02.11.2005 17:31 32.768 ~DF6388.tmp 02.11.2005 17:30 32.768 ~DFF9F8.tmp 02.11.2005 17:19 73.276 ~e5.0001 02.11.2005 16:02 10 clean.reg 02.11.2005 15:50 81.920 ~DFC31A.tmp 02.11.2005 13:45 16.384 ~DF1199.tmp 02.11.2005 13:43 32.768 ~DF428B.tmp 02.11.2005 13:43 32.768 ~DFA603.tmp 01.11.2005 21:10 717 control.xml 01.11.2005 19:49 10.623 TWAIN.LOG 01.11.2005 19:49 163.648 N670UA.shd 01.11.2005 19:48 3 Twain001.Mtx 01.11.2005 19:48 156 Twunk001.MTX 01.11.2005 19:42 59.964 Adobelm_Cleanup.0001 01.11.2005 00:06 16.384 ~DF669A.tmp 01.11.2005 00:05 32.768 ~DFBD43.tmp 01.11.2005 00:05 32.768 ~DFB005.tmp 01.11.2005 00:04 813 java_install_reg.log 01.11.2005 00:03 23.544 java_install.log 01.11.2005 00:02 462 MSI3cc6a.LOG 01.11.2005 00:00 16.384 ~DF9C95.tmp 31.10.2005 23:59 32.768 ~DF330D.tmp 31.10.2005 23:59 32.768 ~DFA477.tmp 31.10.2005 09:50 32.768 ~DF3B88.tmp 31.10.2005 09:50 32.768 ~DF45F0.tmp 30.10.2005 13:46 283 wahtmltmp00.htm 30.10.2005 09:51 32.768 ~DF873A.tmp 30.10.2005 09:51 32.768 ~DF56D6.tmp 30.10.2005 00:57 16.384 ~DF3AE1.tmp 29.10.2005 23:47 32.768 ~DF262F.tmp 29.10.2005 23:47 32.768 ~DF5C9B.tmp 29.10.2005 21:47 32.768 ~DFF467.tmp 29.10.2005 20:05 32.768 ~DFBB11.tmp 29.10.2005 12:06 45.056 SWFXXLRT.DLL 29.10.2005 09:05 32.768 ~DFF8EA.tmp 29.10.2005 00:56 221.184 Cli247.tmp 28.10.2005 23:45 221.184 Cli235.tmp 28.10.2005 23:10 221.184 Cli223.tmp 28.10.2005 18:46 221.184 Cli1DC.tmp 28.10.2005 18:45 121.064 set259.tmp 28.10.2005 18:36 221.184 Cli16A.tmp 28.10.2005 08:58 32.768 ~DF3EE2.tmp 27.10.2005 21:23 32.768 ~DF7ABB.tmp 27.10.2005 21:23 32.768 ~DF8F3F.tmp 27.10.2005 21:23 32.768 ~DFE280.tmp 27.10.2005 19:49 221.184 Cli130.tmp 27.10.2005 19:49 221.184 Cli11F.tmp 27.10.2005 16:49 32.768 ~DFD6C.tmp 27.10.2005 15:14 221.184 Cli32A.tmp 27.10.2005 10:13 221.184 CliE6.tmp 27.10.2005 08:34 32.768 ~DF7D5D.tmp 27.10.2005 01:43 47 9522D6BE.TMP 26.10.2005 23:31 32.768 ~DF4E42.tmp 26.10.2005 23:31 32.768 ~DFE4D7.tmp 26.10.2005 23:30 32.768 ~DF5FE5.tmp 26.10.2005 23:30 32.768 ~DF4E6F.tmp 26.10.2005 21:45 221.184 Cli1AD.tmp 26.10.2005 18:32 221.184 Cli104.tmp 26.10.2005 11:42 221.184 Cli90.tmp 26.10.2005 09:07 32.768 ~DF63BB.tmp 25.10.2005 21:36 221.184 Cli22C.tmp 25.10.2005 21:31 221.184 Cli21A.tmp 25.10.2005 16:49 32.768 ~DF143E.tmp 25.10.2005 16:48 32.768 ~DFBD0A.tmp 25.10.2005 16:48 32.768 ~DF8529.tmp 25.10.2005 16:48 32.768 ~DF5F7C.tmp 24.10.2005 18:38 221.184 CliDC.tmp 24.10.2005 17:15 0 Twunk002.MTX 24.10.2005 15:20 32.768 ~DFD5CA.tmp 24.10.2005 13:50 16.384 ~DFAD23.tmp 24.10.2005 08:28 32.768 ~DF3B22.tmp 23.10.2005 22:25 43 dictBA49_sub_tmp.bgl 23.10.2005 22:25 43 dict2C97_sub_tmp.bgl 23.10.2005 22:25 42 dictF0D_sub_tmp.bgl 23.10.2005 22:19 23 dictBD54_sub_tmp.bgl 23.10.2005 12:37 32.768 ~DF3098.tmp 23.10.2005 12:33 32.768 ~DF30A.tmp 23.10.2005 12:19 32.768 ~DF43C2.tmp 23.10.2005 12:13 32.768 ~DF3D9B.tmp 23.10.2005 12:02 32.768 ~DF83DB.tmp 23.10.2005 11:59 32.768 ~DFC5C8.tmp 23.10.2005 11:57 54.784 24916.mst 23.10.2005 11:55 32.768 ~DFAE76.tmp 23.10.2005 11:48 32.768 ~DF58F4.tmp 23.10.2005 11:32 32.768 ~DFFF65.tmp 23.10.2005 11:28 4.533 plf3.tmp 23.10.2005 11:26 32.768 ~DF834E.tmp 23.10.2005 11:22 32.768 ~DFE23C.tmp 23.10.2005 11:19 32.768 ~DFF4B3.tmp 23.10.2005 11:13 32.768 ~DF680E.tmp 23.10.2005 11:10 3.461.440 SonyEricssonPCSuite.log 23.10.2005 11:09 55.808 62e1d8.mst 23.10.2005 11:09 32.768 ~DFD03A.tmp 23.10.2005 11:09 558 MSI212a1.LOG 23.10.2005 11:09 9.955 ~14F.tmp 23.10.2005 11:09 558 MSI212a0.LOG 23.10.2005 11:05 9.955 ~140.tmp 23.10.2005 09:22 32.768 ~DFC9E3.tmp 23.10.2005 00:54 32.768 ~DFCA70.tmp 23.10.2005 00:47 16.384 ~DF2414.tmp 23.10.2005 00:46 32.768 ~DFD1E0.tmp 23.10.2005 00:39 32.768 ~DFE97A.tmp 23.10.2005 00:34 88 misins.ini 22.10.2005 18:29 168.448 59768.mst 22.10.2005 18:19 32.768 ~DF211C.tmp 22.10.2005 18:03 32.768 ~DF80B7.tmp 22.10.2005 17:40 32.768 ~DF742.tmp 22.10.2005 17:35 32.768 ~DFB7DE.tmp 22.10.2005 17:30 2.286 IMT8F.xml 22.10.2005 17:03 16.384 ~DFAAE1.tmp 22.10.2005 14:54 32.768 ~DF8121.tmp 22.10.2005 14:25 168.448 9a5fd6.mst 22.10.2005 14:25 168.448 803481.mst 22.10.2005 11:53 32.768 ~DFE2C.tmp 22.10.2005 11:31 16.384 ~DFD622.tmp 22.10.2005 11:31 0 sqlite_8Ufknhg3XSF7Z4N 22.10.2005 11:31 0 sqlite_HIm2RARpNkXeFPw 22.10.2005 11:30 0 sqlite_GnYkYS1dyQNkbe2 22.10.2005 11:30 0 sqlite_0YIiXqIAxxobbTC 22.10.2005 11:22 32.768 ~DFC9FA.tmp 22.10.2005 11:20 32.768 ~DFB6.tmp 22.10.2005 11:19 32.768 ~DF8710.tmp 22.10.2005 11:18 32.768 ~DFD62A.tmp 22.10.2005 11:17 32.768 ~DFD70D.tmp 22.10.2005 11:10 32.768 ~DFD71D.tmp 22.10.2005 10:57 32.768 ~DF6BCD.tmp 22.10.2005 10:35 32.768 ~DF8F15.tmp 22.10.2005 08:43 32.768 ~DF7495.tmp 22.10.2005 08:29 32.768 ~DF54D0.tmp 22.10.2005 08:00 32.768 ~DFC3E2.tmp 22.10.2005 07:54 32.768 ~DF7822.tmp 22.10.2005 06:43 32.768 ~DFA073.tmp 21.10.2005 22:55 168.448 7db006.mst 11.09.2005 03:58 58.368 30b1d.mst Log 3: Verzeichnis von C:\WINDOWS 03.11.2005 01:21 4.958.588 {00000002-00000000-00000009-00001102-00000004-20021102}.CDF 03.11.2005 01:21 159 wiadebug.log 03.11.2005 01:20 1.848.367 WindowsUpdate.log 03.11.2005 01:20 50 wiaservc.log 03.11.2005 01:20 2.048 bootstat.dat 03.11.2005 01:19 32.620 SchedLgU.Txt 02.11.2005 22:56 0 0.log 02.11.2005 21:33 385.475 setupapi.log 02.11.2005 20:15 1.680.482 ntbtlog.txt 02.11.2005 14:39 54.156 QTFont.qfn 02.11.2005 10:11 116 NeroDigital.ini 01.11.2005 21:10 103.148 wmsetup.log 01.11.2005 09:42 1.409 QTFont.for 30.10.2005 23:10 192 winamp.ini 24.10.2005 18:15 160.545 DirectX.log 24.10.2005 17:20 25.713 CSTBox.INI 22.10.2005 17:32 323.137 iis6.log 22.10.2005 17:32 101.104 comsetup.log 22.10.2005 17:32 59.490 ntdtcsetup.log 22.10.2005 17:32 125.848 tsoc.log 22.10.2005 17:32 14.003 tabletoc.log 22.10.2005 17:32 1.393 imsins.log 22.10.2005 17:32 14.907 ocmsn.log 22.10.2005 17:32 37.951 KB902400.log 22.10.2005 17:32 47.193 netfxocm.log 22.10.2005 17:32 18.912 MedCtrOC.log 22.10.2005 17:32 134.288 ocgen.log 22.10.2005 17:32 13.534 msgsocm.log 22.10.2005 17:32 265.024 FaxSetup.log 22.10.2005 17:32 87.720 msmqinst.log 22.10.2005 17:31 26.741 updspapi.log 22.10.2005 12:08 4.958.588 {00000002-00000000-00000009-00001102-00000004-20021102}.BAK 22.10.2005 11:30 2.106.905 setupapi.log.1.old 19.10.2005 21:21 1.393 imsins.BAK 19.10.2005 21:21 6.442 KB902400Uninst.log 18.10.2005 21:09 400 ODBC.INI 18.10.2005 21:09 734 win.ini 18.10.2005 16:03 733 CoD.INI 14.10.2005 03:36 24.272 ydi.log 13.10.2005 15:17 90 setup.log 13.10.2005 15:17 98 Ô 13.10.2005 15:17 136 SBWIN.INI 13.10.2005 12:27 180.096 setupact.log 13.10.2005 11:04 17.797 KB901017.log 13.10.2005 11:04 11.047 KB899589.log 13.10.2005 11:04 14.825 KB896688.log 13.10.2005 11:04 9.585 KB900725.log 12.10.2005 12:53 7.754 KB905414.log 12.10.2005 12:53 6.936 KB904706.log 12.10.2005 12:53 7.596 KB905749.log 11.10.2005 23:25 632 CoDUO.INI Log 4: Verzeichnis von C:\ 03.11.2005 01:46 0 sys.txt 03.11.2005 01:45 9.749 system.txt 03.11.2005 01:44 8.876 systemtemp.txt 03.11.2005 01:36 113.991 system32.txt 03.11.2005 01:20 2.569.011.200 pagefile.sys 22.10.2005 10:33 209 boot.ini 05.10.2005 17:25 26 xml2.txt 04.10.2005 23:01 17.508 ptdebug.txt 01.10.2005 11:47 15 testlog.log Dieser Beitrag wurde am 03.11.2005 um 01:51 Uhr von div4o editiert.
|
|
|
||
03.11.2005, 01:52
Member
Beiträge: 4730 |
#4
Fixe im HijackThis (Häkchen setzen und "fix checked" klicken) folgende Einträge:
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\k6pm0g71e6.dll (file missing) O20 - Winlogon Notify: Run_Disabled - C:\WINDOWS\system32\ir60l5jm1.dll O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\s888lilu18q8.dll (file missing) Sonst sieht soweit alles in Ordnung aus. Bevor jetzt aber die richtige Reinigung startet, bitte noch den eScan-Log Nachtrag (kleine Gedankenstütze für mich) Verzeichnis von C:\WINDOWS\system32 03.11.2005 01:20 233.780 uersdpia.dll 03.11.2005 01:20 234.745 hr6u05j9e.dll 02.11.2005 22:56 233.780 ir60l5jm1.dll __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser Dieser Beitrag wurde am 03.11.2005 um 01:55 Uhr von Managor editiert.
|
|
|
||
03.11.2005, 03:13
...neu hier
Themenstarter Beiträge: 5 |
#5
und der eScan-Lod:
-------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Thu Nov 03 02:01:24 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. 2: Thu Nov 03 02:01:29 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\fwjslpba\common[1].js 3: Thu Nov 03 02:01:29 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 4: Thu Nov 03 02:01:29 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\fwjslpba\global[1].js 5: Thu Nov 03 02:01:29 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken. 6: Thu Nov 03 02:01:29 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\o1qrg5i7\common[1].js 7: Thu Nov 03 02:01:29 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 8: Thu Nov 03 02:01:29 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\o1qrg5i7\show_ads[2].js 9: Thu Nov 03 02:01:29 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. 10: Thu Nov 03 02:01:41 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Eigene Dateien\eigene ebooks\learning linux - collection of 12 ebooks\learning linux -collection of 12 ebooks-\linux unleashed, third edition\new.gif 11: Thu Nov 03 02:01:41 2005 => System found infected with ezula toptext Spyware/Adware (new.gif)! Action taken: No Action Taken. 12: Thu Nov 03 02:01:46 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\temp\temporary internet files\content.ie5\3750ae3d\show_ads[2].js 13: Thu Nov 03 02:01:46 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. 14: Thu Nov 03 02:01:46 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\temporary internet files\content.ie5\6p29azcv\blank[1].htm 15: Thu Nov 03 02:01:46 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. 16: Thu Nov 03 02:01:46 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\temporary internet files\content.ie5\6p29azcv\global[1].js 17: Thu Nov 03 02:01:46 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken. 18: Thu Nov 03 02:01:46 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\temporary internet files\content.ie5\6p29azcv\mm_menu[1].js 19: Thu Nov 03 02:01:46 2005 => System found infected with whenu.savenow Spyware/Adware (mm_menu[1].js)! Action taken: No Action Taken. 20: Thu Nov 03 02:01:47 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\temporary internet files\content.ie5\ivwfyb6p\show_ads[2].js 21: Thu Nov 03 02:01:47 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. 22: Thu Nov 03 02:01:47 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\temporary internet files\content.ie5\sb0dwfyz\blank[1].htm 23: Thu Nov 03 02:01:47 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. 24: Thu Nov 03 02:01:47 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temporary Internet Files\content.ie5\6p29azcv\blank[1].htm 25: Thu Nov 03 02:01:47 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. 26: Thu Nov 03 02:01:47 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temporary Internet Files\content.ie5\6p29azcv\global[1].js 27: Thu Nov 03 02:01:47 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken. 28: Thu Nov 03 02:01:47 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temporary Internet Files\content.ie5\6p29azcv\mm_menu[1].js 29: Thu Nov 03 02:01:47 2005 => System found infected with whenu.savenow Spyware/Adware (mm_menu[1].js)! Action taken: No Action Taken. 30: Thu Nov 03 02:01:48 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temporary Internet Files\content.ie5\ivwfyb6p\show_ads[2].js 31: Thu Nov 03 02:01:48 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. 32: Thu Nov 03 02:01:48 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temporary Internet Files\content.ie5\sb0dwfyz\blank[1].htm 33: Thu Nov 03 02:01:48 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. 34: Thu Nov 03 02:01:50 2005 => Offending file found: C:\Dokumente und Einstellungen\peter\Eigene Dateien\eigene ebooks\learning linux - collection of 12 ebooks\learning linux -collection of 12 ebooks-\linux unleashed, third edition\new.gif 35: Thu Nov 03 02:01:50 2005 => System found infected with ezula toptext Spyware/Adware (new.gif)! Action taken: No Action Taken. 36: Thu Nov 03 02:04:49 2005 => File C:\DOKUME~1\peter\LOKALE~1\TEMPOR~1\Content.IE5\6P29AZCV\send_car_int[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken. 37: Thu Nov 03 02:13:57 2005 => File C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6P29AZCV\send_car_int[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken. 38: Thu Nov 03 02:32:04 2005 => File C:\Programme\QuickTime\QuickTimeWebHelper.qtx infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken. 39: Thu Nov 03 02:40:54 2005 => File C:\System Volume Information\_restore{0C285CA2-0306-46AD-A2CE-14BB5BCBF6E6}\RP361\A0103742.exe infected by "Trojan-Downloader.Win32.Adload.j" Virus! Action Taken: No Action Taken. 40: Thu Nov 03 02:49:15 2005 => File C:\WINDOWS\system32\QuickTime\QuickTimeWebHelper.qtx infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken. 41: Thu Nov 03 02:50:56 2005 => File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CGZWJQX4\send_car_int[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken. 42: Thu Nov 03 02:56:15 2005 => File E:\System Volume Information\_restore{0C285CA2-0306-46AD-A2CE-14BB5BCBF6E6}\RP344\A0099413.exe infected by "Trojan-Downloader.Win32.Adload.j" Virus! Action Taken: No Action Taken. -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Thu Nov 03 02:00:57 2005 => File C:\WINDOWS\system32\CV_OAL.DLL tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken. 2: Thu Nov 03 02:02:30 2005 => File C:\WINDOWS\system32\CV_OAL.DLL tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken. 3: Thu Nov 03 02:02:43 2005 => File C:\WINDOWS\system32\hr6u05j9e.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken. 4: Thu Nov 03 02:40:54 2005 => File C:\System Volume Information\_restore{0C285CA2-0306-46AD-A2CE-14BB5BCBF6E6}\RP361\A0103751.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken. 5: Thu Nov 03 02:40:54 2005 => File C:\System Volume Information\_restore{0C285CA2-0306-46AD-A2CE-14BB5BCBF6E6}\RP361\A0103760.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken. 6: Thu Nov 03 02:40:55 2005 => File C:\System Volume Information\_restore{0C285CA2-0306-46AD-A2CE-14BB5BCBF6E6}\RP361\A0103774.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken. 7: Thu Nov 03 02:46:12 2005 => File C:\WINDOWS\system32\CV_OAL.DLL tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken. 8: Thu Nov 03 02:48:10 2005 => File C:\WINDOWS\system32\hr6u05j9e.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Thu Nov 03 02:01:05 2005 => ERROR!!! Invalid Entry {C919B8C1-E639-443E-AC08-19311CF20FA1} = C:\WINDOWS\system32\guard.tmp (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken. 2: Thu Nov 03 02:01:14 2005 => ERROR!!! Invalid Entry \??\C:\huadio.tmp in SYSTEM\CurrentControlSet\Services\autorun... 3: Thu Nov 03 02:01:58 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Sony Ericsson\Mobile\OCS\ObexAuthenticationServiceDll.dll". Action Taken: No Action Taken. 4: Thu Nov 03 02:01:58 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Sony Ericsson\Mobile\OCS\ObexAuthenticationServiceDllLg.dll". Action Taken: No Action Taken. 5: Thu Nov 03 02:01:59 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ET4Tray.exe" refers to invalid object "C:\Programme\Gigabyte\Gigabyte Windows Utility Manager\ET4\ET4Tray.exe". Action Taken: No Action Taken. 6: Thu Nov 03 02:01:59 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\Programme\Gigabyte\Enable S3 for USB Device\yourapp.Exe". Action Taken: No Action Taken. 7: Thu Nov 03 02:02:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Adobe Bridge\". Action Taken: No Action Taken. 8: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\bin\". Action Taken: No Action Taken. 9: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\". Action Taken: No Action Taken. 10: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\resource\". Action Taken: No Action Taken. 11: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\Grey\Resource\". Action Taken: No Action Taken. 12: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\Grey\". Action Taken: No Action Taken. 13: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\". Action Taken: No Action Taken. 14: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\Grey\Friends\". Action Taken: No Action Taken. 15: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\Grey\Public\". Action Taken: No Action Taken. 16: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\Grey\steam\games\". Action Taken: No Action Taken. 17: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\Grey\steam\". Action Taken: No Action Taken. 18: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\Grey\servers\". Action Taken: No Action Taken. 19: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\skins\Grey\steam\cached\". Action Taken: No Action Taken. 20: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\SteamApps\". Action Taken: No Action Taken. 21: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\games\Steam\Public\". Action Taken: No Action Taken. 22: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\peter\Startmenü\Programme\Valve\Steam\". Action Taken: No Action Taken. 23: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\peter\Startmenü\Programme\Valve\". Action Taken: No Action Taken. 24: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".001". Action Taken: No Action Taken. 25: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1". Action Taken: No Action Taken. 26: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1]-". Action Taken: No Action Taken. 27: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".adb". Action Taken: No Action Taken. 28: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".adr". Action Taken: No Action Taken. 29: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".b". Action Taken: No Action Taken. 30: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bak". Action Taken: No Action Taken. 31: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bfi". Action Taken: No Action Taken. 32: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BIK". Action Taken: No Action Taken. 33: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cbf". Action Taken: No Action Taken. 34: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ccd". Action Taken: No Action Taken. 35: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".class". Action Taken: No Action Taken. 36: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".con". Action Taken: No Action Taken. 37: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".F6". Action Taken: No Action Taken. 38: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".F9". Action Taken: No Action Taken. 39: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".HL_". Action Taken: No Action Taken. 40: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".idx". Action Taken: No Action Taken. 41: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".img". Action Taken: No Action Taken. 42: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IND". Action Taken: No Action Taken. 43: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LGE". Action Taken: No Action Taken. 44: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lng". Action Taken: No Action Taken. 45: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".met". Action Taken: No Action Taken. 46: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mix". Action Taken: No Action Taken. 47: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mpga". Action Taken: No Action Taken. 48: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".part". Action Taken: No Action Taken. 49: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PlayList". Action Taken: No Action Taken. 50: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pyd". Action Taken: No Action Taken. 51: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sdp". Action Taken: No Action Taken. 52: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".set". Action Taken: No Action Taken. 53: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".spec". Action Taken: No Action Taken. 54: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ssm". Action Taken: No Action Taken. 55: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tdf". Action Taken: No Action Taken. 56: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tla". Action Taken: No Action Taken. 57: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken. 58: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tv_". Action Taken: No Action Taken. 59: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".vfp". Action Taken: No Action Taken. 60: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xpt". Action Taken: No Action Taken. 61: Thu Nov 03 02:02:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken. 62: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Bet on Soldier Single Player Demo_is1". Action Taken: No Action Taken. 63: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BitSpirit_is1". Action Taken: No Action Taken. 64: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BoSSaver_is1". Action Taken: No Action Taken. 65: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DungeonSiege2". Action Taken: No Action Taken. 66: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Earth 2160". Action Taken: No Action Taken. 67: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "EasyTune5". Action Taken: No Action Taken. 68: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}". Action Taken: No Action Taken. 69: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{C83F2952-4678-4F00-AB05-776658A8D0AE}". Action Taken: No Action Taken. 70: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{FB9CDF41-F0B9-4F31-9230-7DF0D6637270}". Action Taken: No Action Taken. 71: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.0.6)". Action Taken: No Action Taken. 72: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NiBiRu_is1". Action Taken: No Action Taken. 73: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "PC Wizard 2005_is1". Action Taken: No Action Taken. 74: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuickTime". Action Taken: No Action Taken. 75: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Return to Castle Wolfenstein". Action Taken: No Action Taken. 76: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Rune". Action Taken: No Action Taken. 77: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "UnrealTournament". Action Taken: No Action Taken. 78: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WinZip". Action Taken: No Action Taken. 79: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Wolfenstein - Enemy Territory". Action Taken: No Action Taken. 80: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{04CB9967-A8BB-468C-ABA6-CE87328712BE}". Action Taken: No Action Taken. 81: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{054400C0-64A6-4248-A026-9745C1E9E159}". Action Taken: No Action Taken. 82: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{124E82AF-314C-49D7-853A-5D0C77AC44A9}". Action Taken: No Action Taken. 83: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2B653229-9854-4989-B780-D978F5F13EAB}". Action Taken: No Action Taken. 84: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3248F0A8-6813-11D6-A77B-00B0D0150010}". Action Taken: No Action Taken. 85: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4540F576-8F15-416C-8F53-03B8E8C3941C}". Action Taken: No Action Taken. 86: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{520B1077-6B1F-4B9B-B7BC-8CD2F04982C3}". Action Taken: No Action Taken. 87: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1031-7B44-A70000000000}". Action Taken: No Action Taken. 88: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B836CE46-F408-4DD4-9F65-0CE6937CF470}". Action Taken: No Action Taken. 89: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B938B1B3-5F74-459A-8004-EE0BA84919A9}". Action Taken: No Action Taken. 90: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{BA10AC78-E687-4523-8B93-540428FC256F}". Action Taken: No Action Taken. 91: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D45EC259-4A19-4656-B588-C2C360DD18EA}". Action Taken: No Action Taken. 92: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EE5BC0BB-9EDA-423C-8276-48857B735D68}". Action Taken: No Action Taken. 93: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}". Action Taken: No Action Taken. 94: Thu Nov 03 02:02:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F69FD33C-8815-46BF-9134-A643DE68F3C0}". Action Taken: No Action Taken. 95: Thu Nov 03 02:02:03 2005 => Entry "HKCR\CLSID\{17C59FCD-152C-40C7-8ABA-E5F9A57F3448}" refers to invalid object "C:\WINDOWS\DOWNLO~1\CTSUEng.ocx". Action Taken: No Action Taken. 96: Thu Nov 03 02:02:05 2005 => Entry "HKCR\CLSID\{867F4127-204C-436F-B77F-1F58FEA496E7}" refers to invalid object "start ACDSee7.exe /StiDevice:%1 /StiEvent:%2". Action Taken: No Action Taken. 97: Thu Nov 03 02:02:06 2005 => Entry "HKCR\CLSID\{C6DEEE86-2EB6-4C9F-ABF9-C3C042F1E498}" refers to invalid object "C:\WINDOWS\DOWNLO~1\CTPID.ocx". Action Taken: No Action Taken. 98: Thu Nov 03 02:02:06 2005 => Entry "HKCR\CLSID\{C919B8C1-E639-443E-AC08-19311CF20FA1}" refers to invalid object "C:\WINDOWS\system32\guard.tmp". Action Taken: No Action Taken. 99: Thu Nov 03 02:02:07 2005 => Entry "HKCR\TypeLib\{1AEDDE72-EF8A-4826-9DCE-F112736A7D46}" refers to invalid object "C:\WINDOWS\DOWNLO~1\CTPID.ocx". Action Taken: No Action Taken. 100: Thu Nov 03 02:02:07 2005 => Entry "HKCR\TypeLib\{E2301FEA-9B55-4647-9B25-93AD0F93ACE7}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CTSUEng.ocx". Action Taken: No Action Taken. 101: Thu Nov 03 02:02:08 2005 => Entry "HKCR\.pdd" refers to invalid object "Photoshop.PDDFile.8". Action Taken: No Action Taken. 102: Thu Nov 03 02:02:08 2005 => Entry "HKCR\ACDSee 7.ResultSet.3" refers to invalid object "{8B86BBC9-034B-476E-0E6F-80471E92CC53}". Action Taken: No Action Taken. 103: Thu Nov 03 02:02:08 2005 => Entry "HKCR\adbanner.CddbFullName.1" refers to invalid object "{4CF69CB9-19FC-3602-1E3E-914BEFFBAD33}". Action Taken: No Action Taken. 104: Thu Nov 03 02:02:09 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. 105: Thu Nov 03 02:02:09 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. 106: Thu Nov 03 02:02:09 2005 => Entry "HKCR\eD2KDownloadManager.object" refers to invalid object "{320154BB-D666-48F6-990E-172B32954620}". Action Taken: No Action Taken. 107: Thu Nov 03 02:02:09 2005 => Entry "HKCR\eD2KDownloadManager.object.1" refers to invalid object "{320154BB-D666-48F6-990E-172B32954620}". Action Taken: No Action Taken. 108: Thu Nov 03 02:02:10 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. 109: Thu Nov 03 02:02:10 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. 110: Thu Nov 03 02:02:10 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. 111: Thu Nov 03 02:02:11 2005 => Entry "HKCR\OnDiscTitle.ShortCut.3" refers to invalid object "{491D6C2F-2C8D-A567-E3CE-C029F9C64079}". Action Taken: No Action Taken. 112: Thu Nov 03 02:02:11 2005 => Entry "HKCR\PDFShellServer.PDFShellInfo" refers to invalid object "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}". Action Taken: No Action Taken. 113: Thu Nov 03 02:02:11 2005 => Entry "HKCR\PDFShellServer.PDFShellInfo.1" refers to invalid object "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}". Action Taken: No Action Taken. 114: Thu Nov 03 02:02:11 2005 => Entry "HKCR\RxSBDViewEx.SBDGroupCtrl" refers to invalid object "{7495CF57-E208-4DF0-A8C5-9E17ECC51490}". Action Taken: No Action Taken. 115: Thu Nov 03 02:02:11 2005 => Entry "HKCR\RxSBDViewEx.SBDGroupCtrl.1" refers to invalid object "{7495CF57-E208-4DF0-A8C5-9E17ECC51490}". Action Taken: No Action Taken. 116: Thu Nov 03 02:02:12 2005 => Entry "HKCR\steam\shell\open\command" refers to invalid object ""C:\games\Steam\Steam.exe" "%1"". Action Taken: No Action Taken. 117: Thu Nov 03 02:02:12 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken. 118: Thu Nov 03 02:02:12 2005 => Entry "HKCR\Valve.Source\shell\open\command" refers to invalid object ""c:\games\steam\steamapps\div4o\half-life 2 lostcoast\hl2.exe" "%1"". Action Taken: No Action Taken. 119: Thu Nov 03 02:04:08 2005 => Result: ERROR!!! File C:\DOKUME~1\peter\LOKALE~1\Temp\mqch6.tmp\MSC\shared\agentcfg.cab is Not Scanned 120: Thu Nov 03 02:04:08 2005 => Result: ERROR!!! File C:\DOKUME~1\peter\LOKALE~1\Temp\mqch6.tmp\MSC\shared\agentins.cab is Not Scanned 121: Thu Nov 03 02:04:21 2005 => Result: ERROR!!! File C:\DOKUME~1\peter\LOKALE~1\Temp\SHREDDER.tmp\shared\shredcfg.cab is Not Scanned 122: Thu Nov 03 02:04:22 2005 => Result: ERROR!!! File C:\DOKUME~1\peter\LOKALE~1\Temp\SHR_6_0_ENUS.tmp\shared\shredcfg.cab is Not Scanned 123: Thu Nov 03 02:06:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\peter\Anwendungsdaten\Microsoft\Office\Zuletzt verwendet\??????? ???? ?? ????????.doc.LNK: Scanning Failure!!! 124: Thu Nov 03 02:06:56 2005 => ERROR!!! ScanFile fails for C:\Dokumente und Einstellungen\peter\Anwendungsdaten\Microsoft\Office\Zuletzt verwendet\??????? ???? ?? ????????.doc.LNK 125: Thu Nov 03 02:13:32 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temp\mqch6.tmp\MSC\shared\agentcfg.cab is Not Scanned 126: Thu Nov 03 02:13:33 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temp\mqch6.tmp\MSC\shared\agentins.cab is Not Scanned 127: Thu Nov 03 02:13:41 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temp\SHREDDER.tmp\shared\shredcfg.cab is Not Scanned 128: Thu Nov 03 02:13:42 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temp\SHR_6_0_ENUS.tmp\shared\shredcfg.cab is Not Scanned 129: Thu Nov 03 02:44:35 2005 => Result: ERROR!!! File C:\WINDOWS\Installer\5a9a9.msi is Not Scanned 130: Thu Nov 03 02:50:46 2005 => Result: ERROR!!! File C:\WINDOWS\Temp\mcuA2.tmp\agentins.cab is Not Scanned 131: Thu Nov 03 02:50:47 2005 => Result: ERROR!!! File C:\WINDOWS\Temp\mcuA2.tmp\shared\agentcfg.cab is Not Scanned 132: Thu Nov 03 02:50:50 2005 => Result: ERROR!!! File C:\WINDOWS\Temp\mcuA2.tmp\vsoins.cab is Not Scanned -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: C:\DOKUME~1\peter\LOKALE~1\TEMPOR~1\Content.IE5\6P29AZCV\send_car_int[1].htm => Exploit.HTML.CodeBaseExec 2: C:\Dokumente und Einstellungen\peter\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6P29AZCV\send_car_int[1].htm => Exploit.HTML.CodeBaseExec 3: C:\Programme\QuickTime\QuickTimeWebHelper.qtx => Trojan.Win32.Pakes 4: C:\System Volume Information\_restore{0C285CA2-0306-46AD-A2CE-14BB5BCBF6E6}\RP361\A0103742.exe => Trojan-Downloader.Win32.Adload.j 5: C:\WINDOWS\system32\QuickTime\QuickTimeWebHelper.qtx => Trojan.Win32.Pakes 6: C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CGZWJQX4\send_car_int[1].htm => Exploit.HTML.CodeBaseExec 7: E:\System Volume Information\_restore{0C285CA2-0306-46AD-A2CE-14BB5BCBF6E6}\RP344\A0099413.exe => Trojan-Downloader.Win32.Adload.j -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Thu Nov 03 02:57:21 2005 => Total Objects Scanned: 138722 Thu Nov 03 02:57:21 2005 => Total Virus(es) Found: 44 Thu Nov 03 02:57:21 2005 => Total Errors: 131 Thu Nov 03 02:57:22 2005 => Virus Database Date: 2005/11/03 Thu Nov 03 02:57:22 2005 => Virus Database Count: 157871 Thu Nov 03 03:01:11 2005 => Total Objects Scanned: 138722 Thu Nov 03 03:01:11 2005 => Total Virus(es) Found: 44 Thu Nov 03 03:01:11 2005 => Total Errors: 131 Weitere Beobachtungen: Seit 20:00 steht für das McAfee Anti-Spyware ein Update zu Verfügung. Nachdem man diesen aufgespielt hat, erkennt das Programm die dlls eindeutig als das Look2Me-Adware. Nach dem Scan habe ich diese entfernt und musste den Rechner neustarten. Ergebnis NIX, das verdammte Ding war und ist immer noch da. Interessant ist auch, dass es INTELIGENT ist. Solange keine aktive Internet- Verbindung aufgebaut worden ist, passiert nicht. Aber sobald das Internet wieder aktiv ist, springt der IE wie ein braver Hund, der sich über seinen Herrn freut, auf. Zu bemerken ist auch das alle Browser betroffen sind, wobei bei Opera und Firefox die Fenster in das Untermenü geöffnet werden. Ganz anders bei IE…..braveees Hündchen !!!! Also wie schaffe ich da verdammte Ding von meinem Rechner weg????? P.S. Wegen HJT, wenn ich auf Fix klicke, tut sich nix...!!!!Keine Meldung, die Einträge stehen noch da...einfach...nix... Dieser Beitrag wurde am 03.11.2005 um 03:37 Uhr von div4o editiert.
|
|
|
||
07.11.2005, 12:38
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo@
LSPfix.exe http://www.spychecker.com/program/lspfix.html hake an: "I know what Im doing"--Remove und loesche die apptoport.dll (eventuell musst du die dll von links nach rechts bringen) CCleaner http://www.ccleaner.com/ccdownload.asp lösche alle temp-Dateien http://virus-protect.org/l2mfix.html arbeite option1 und 2 ab und poste die Logs, dann sollte der Look2Me geloescht sein falls nicht, erledigt das der Spysweeper (trial) http://virus-protect.org/spysweeper.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Hier das HJT-Log:
http://rapidshare.de/files/7104904/hijackthis.log.html
In dem log ist es mir folgende dll-Datei aufgefallen:
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\hrno0553e.dll
Nach Neustart ändert die DLL ihren Namen und Notify (Telephony/MCD usw.). Ich kann die Datei nicht loschen. Hab's mit AmoK DelayDel v1.2 versucht leider ohne Erfolg. Nach Neustart taucht sie wieder auf aber unter einem neuen Namen? Was tun??? McAfee, Ad-Aware SE Professional und Spyware & Adware Remover finden nix bzw. erkennen die Datei nicht als Gefahr!!!
Bitte Hilfe!!!