Wie kriege ich WinFixer entferntThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
28.12.2005, 16:31
...neu hier
Beiträge: 9 |
||
|
||
28.12.2005, 17:04
Ehrenmitglied
Beiträge: 29434 |
#17
Glen
Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein: %systemdrive% cd C:\WINDOWS\Tasks attrib -r -s -h A7832F809170AA3C.job del A7832F809170AA3C.job - Speichern als: remjob.bat - abspeichern unter : Dateityp: alle Dateien - speichere auf dem Desktop - Locate remjob.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich kurz ist normal scanne mit Panda und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.12.2005, 18:53
...neu hier
Beiträge: 9 |
#18
Ich bin so weit und habe Email , Country usw. eingegeben und bekomme wenn ich auf "Check now" gehe folgendes:
-------------------------------------------------------------------------- asinst.cab unbekannter Herausgeber Diese Datei wurde geblockt, da sie über keine gültige digitale Signatur, die den Herausgeber verifziert. -------------------------------------------------------------------------- , gibt es noch ne 2. Möglichkeit? oder wie kann ich sie erlauben ? wird von Windows geblockt, nicht von meiner Firewall! MFG Glen |
|
|
||
28.12.2005, 19:18
Ehrenmitglied
Beiträge: 29434 |
#19
Glen
versuche es mit escan und poste das log http://virus-protect.org/escan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.12.2005, 20:41
...neu hier
Beiträge: 9 |
#20
so langsam verzweifel ich das oben genannte Programm geht nicht laut der Anleitung, bekomme immer wieder ne Fehlermeldung!
---------------------------------------------------------------- ESCCheck C:\escheck\mwav.exe End -of-central-directory not found usw. ---------------------------------------------------------------- löst Format C: mein Problem wenn ja mache ich das! |
|
|
||
28.12.2005, 20:45
Ehrenmitglied
Beiträge: 29434 |
#21
Glen
nein, du musst nicht formatieren...... -------------------------------------------------------------- http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.12.2005, 23:05
...neu hier
Beiträge: 9 |
#22
also hier mein Log:
-------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Wed Dec 28 20:23:06 2005 => System found infected with minibug Adware ({2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c})! Action taken: No Action Taken. 2: Wed Dec 28 20:23:06 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. 3: Wed Dec 28 20:23:37 2005 => Offending file found: C:\Dokumente und Einstellungen\Steffen Hees\Eigene Dateien\fifa 2005\user\config.dat 4: Wed Dec 28 20:23:37 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. 5: Wed Dec 28 20:23:38 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtek\gtupdate\aupdate\channels\channels.ini 6: Wed Dec 28 20:23:38 2005 => System found infected with clipgenie Spyware/Adware (channels.ini)! Action taken: No Action Taken. 7: Wed Dec 28 20:23:38 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken. 8: Wed Dec 28 20:23:38 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken. 9: Wed Dec 28 20:50:24 2005 => System found infected with minibug Adware ({2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c})! Action taken: No Action Taken. 10: Wed Dec 28 20:50:24 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. 11: Wed Dec 28 20:50:29 2005 => Offending file found: C:\Dokumente und Einstellungen\Steffen Hees\Eigene Dateien\fifa 2005\user\config.dat 12: Wed Dec 28 20:50:29 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. 13: Wed Dec 28 20:50:30 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtek\gtupdate\aupdate\channels\channels.ini 14: Wed Dec 28 20:50:30 2005 => System found infected with clipgenie Spyware/Adware (channels.ini)! Action taken: No Action Taken. 15: Wed Dec 28 20:50:31 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken. 16: Wed Dec 28 20:50:31 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken. -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Wed Dec 28 20:22:44 2005 => File C:\Programme\OCRANA-IRC\OCRANA-IRC.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken. 2: Wed Dec 28 20:24:36 2005 => File C:\WINDOWS\system32\pbdev2.dll tagged as "not-a-virus:AdWare.Win32.PowerSearch.c". Action Taken: No Action Taken. 3: Wed Dec 28 20:51:43 2005 => File C:\WINDOWS\system32\pbdev2.dll tagged as "not-a-virus:AdWare.Win32.PowerSearch.c". Action Taken: No Action Taken. 4: Wed Dec 28 21:32:07 2005 => File C:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP118\A0057981.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken. 5: Wed Dec 28 21:32:08 2005 => File C:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP118\A0057982.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken. 6: Wed Dec 28 21:35:49 2005 => File C:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP97\A0033682.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken. 7: Wed Dec 28 21:45:16 2005 => File C:\WINDOWS\system32\pbdev2.dll tagged as "not-a-virus:AdWare.Win32.PowerSearch.c". Action Taken: No Action Taken. 8: Wed Dec 28 22:22:15 2005 => File C:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP118\A0057981.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken. 9: Wed Dec 28 22:22:16 2005 => File C:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP118\A0057982.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken. 10: Wed Dec 28 22:25:40 2005 => File C:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP97\A0033682.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken. 11: Wed Dec 28 22:33:49 2005 => File C:\WINDOWS\system32\pbdev2.dll tagged as "not-a-virus:AdWare.Win32.PowerSearch.c". Action Taken: No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Wed Dec 28 20:22:47 2005 => ERROR!!! Invalid Entry {B327765E-D724-4347-8B16-78AE18552FC3} = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken. 2: Wed Dec 28 20:22:47 2005 => ERROR!!! Invalid Entry {7F1CF152-04F8-453A-B34C-E609530A9DC8} = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken. 3: Wed Dec 28 20:22:47 2005 => ERROR!!! Invalid Entry SCRNSAVE.EXE = C:\WINDOWS\system32\Playbo~1.scr (in key Control Panel\Desktop). No Action Taken. 4: Wed Dec 28 20:23:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe". Action Taken: No Action Taken. 5: Wed Dec 28 20:23:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken. 6: Wed Dec 28 20:23:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\MFC71.dll". Action Taken: No Action Taken. 7: Wed Dec 28 20:23:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\msvcp71.dll". Action Taken: No Action Taken. 8: Wed Dec 28 20:23:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken. 9: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\system32\cmmgr32.exe". Action Taken: No Action Taken. 10: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HDRegApp.exe" refers to invalid object "c:\Apps\HDRegApp.exe". Action Taken: No Action Taken. 11: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken. 12: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\RegCloneDVD2.exe" refers to invalid object "C:\Programme\Elaborate Bytes\CloneDVD2\RegCloneDVD2.exe". Action Taken: No Action Taken. 13: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe" refers to invalid object "C:\Programme\AntiVirenKit InternetSecurity\YourApp.exe". Action Taken: No Action Taken. 14: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PrintMe Internet Printing\". Action Taken: No Action Taken. 15: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Common Client\". Action Taken: No Action Taken. 16: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton Internet Security\". Action Taken: No Action Taken. 17: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\OFFICE\". Action Taken: No Action Taken. 18: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\bin\". Action Taken: No Action Taken. 19: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\". Action Taken: No Action Taken. 20: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\". Action Taken: No Action Taken. 21: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\resource\". Action Taken: No Action Taken. 22: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\skins\Grey\". Action Taken: No Action Taken. 23: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\skins\". Action Taken: No Action Taken. 24: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\skins\Grey\steam\". Action Taken: No Action Taken. 25: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\skins\Grey\steam\cached\". Action Taken: No Action Taken. 26: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\SteamApps\". Action Taken: No Action Taken. 27: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\Public\". Action Taken: No Action Taken. 28: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".avd". Action Taken: No Action Taken. 29: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".exe_0-". Action Taken: No Action Taken. 30: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kotzt". Action Taken: No Action Taken. 31: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rar_0-". Action Taken: No Action Taken. 32: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rjt". Action Taken: No Action Taken. 33: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".torrent". Action Taken: No Action Taken. 34: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tpr". Action Taken: No Action Taken. 35: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".zip_0-". Action Taken: No Action Taken. 36: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken. 37: Wed Dec 28 20:23:42 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Nero - Burning Rom!UninstallKey". Action Taken: No Action Taken. 38: Wed Dec 28 20:23:42 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NetPumper_is1". Action Taken: No Action Taken. 39: Wed Dec 28 20:23:42 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B7EF883B-6320-4B13-00BB-B1B379303DA2}". Action Taken: No Action Taken. 40: Wed Dec 28 20:23:42 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{E4E3E62E-16D7-425E-009C-DCB5E64F5955}". Action Taken: No Action Taken. 41: Wed Dec 28 20:23:44 2005 => Entry "HKCR\CLSID\{3747A802-6E00-4b4e-B9FE-A97DC8F69427}" refers to invalid object "C:\Programme\EA SPORTS\NHL 2005\browserengine.dll". Action Taken: No Action Taken. 42: Wed Dec 28 20:23:44 2005 => Entry "HKCR\CLSID\{56336BCA-3D8A-11d6-A00B-0050DA18DE71}" refers to invalid object "C:\DOKUME~1\STEFFE~1\LOKALE~1\Temp\InfoWindow.dll". Action Taken: No Action Taken. 43: Wed Dec 28 20:23:45 2005 => Entry "HKCR\CLSID\{6B149EFD-F522-4021-B784-E49567D2672F}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken. 44: Wed Dec 28 20:23:45 2005 => Entry "HKCR\CLSID\{77A8B956-4FDC-4217-8E4D-AC7620F7AFCF}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken. 45: Wed Dec 28 20:23:45 2005 => Entry "HKCR\CLSID\{7D4D6379-F301-4311-BEBA-E26EB0561882}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken. 46: Wed Dec 28 20:23:45 2005 => Entry "HKCR\CLSID\{7F1CF152-04F8-453A-B34C-E609530A9DC8}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken. 47: Wed Dec 28 20:23:45 2005 => Entry "HKCR\CLSID\{84921D1D-9D55-478F-2F9D-115AF4E3DC34}" refers to invalid object "C:\Programme\Real\RealPlayer\CDDBRealControl.dll". Action Taken: No Action Taken. 48: Wed Dec 28 20:23:46 2005 => Entry "HKCR\CLSID\{B327765E-D724-4347-8B16-78AE18552FC3}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken. 49: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{00CEDBF1-864D-11D3-908D-00C0F03B3EDC}" refers to invalid object "C:\Programme\Real\RealPlayer\ierjplug.dll". Action Taken: No Action Taken. 50: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{405DE7B2-E7DD-11D2-92C5-00C0F01F77C1}" refers to invalid object "C:\Programme\Real\RealPlayer\rpau3260.dll". Action Taken: No Action Taken. 51: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{47F59201-8783-11D2-8343-00A0C945A819}" refers to invalid object "C:\Programme\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll". Action Taken: No Action Taken. 52: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{67D26A59-1E17-4F8D-8445-42B7DCCF589D}" refers to invalid object "C:\Programme\EA SPORTS\NHL 2005\browserengine.dll". Action Taken: No Action Taken. 53: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{7AF322C5-AB43-11D4-A00B-0050DA18DE71}" refers to invalid object "C:\DOKUME~1\STEFFE~1\LOKALE~1\Temp\InfoWindow.dll". Action Taken: No Action Taken. 54: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{8042010C-0400-41A1-B344-85F0D08F4F41}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken. 55: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{A67004E0-8362-42F9-B186-88706C346DD9}" refers to invalid object "C:\Programme\Real\RealPlayer\rpplugins\ierpplug.dll". Action Taken: No Action Taken. 56: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{B7EF1304-D97F-4D69-B678-2EF6AD6C2D3A}" refers to invalid object "C:\Programme\EA SPORTS\NHL 2005\nhl2005.exe". Action Taken: No Action Taken. 57: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}" refers to invalid object "C:\Programme\NetPumper\NetPumperNNProxy.dll". Action Taken: No Action Taken. 58: Wed Dec 28 20:23:48 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. 59: Wed Dec 28 20:23:48 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. 60: Wed Dec 28 20:23:48 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\system32\CMMGR32.EXE "%1"". Action Taken: No Action Taken. 61: Wed Dec 28 20:23:49 2005 => Entry "HKCR\magnet\shell\open\command" refers to invalid object ""C:\Programme\LimeWire\LimeWire.exe" "%L"". Action Taken: No Action Taken. 62: Wed Dec 28 20:23:49 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. 63: Wed Dec 28 20:23:49 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. 64: Wed Dec 28 20:23:49 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. 65: Wed Dec 28 20:23:49 2005 => Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken. 66: Wed Dec 28 20:23:49 2005 => Entry "HKCR\NeroAACType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken. 67: Wed Dec 28 20:23:49 2005 => Entry "HKCR\NeroCopyType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken. 68: Wed Dec 28 20:23:49 2005 => Entry "HKCR\NeroCueSheetType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken. 69: Wed Dec 28 20:23:49 2005 => Entry "HKCR\NeroErrorType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken. 70: Wed Dec 28 20:23:49 2005 => Entry "HKCR\NeroHDBackupType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken. 71: Wed Dec 28 20:23:50 2005 => Entry "HKCR\NMUIEngine.NMUIResourceLoaderHarddisk" refers to invalid object "{03DC5606-EA66-4f02-AB52-2065524B03821}". Action Taken: No Action Taken. 72: Wed Dec 28 20:23:50 2005 => Entry "HKCR\steam\shell\open\command" refers to invalid object ""C:\Programme\Valve\Steam\Steam.exe" "%1"". Action Taken: No Action Taken. 73: Wed Dec 28 20:23:50 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken. 74: Wed Dec 28 20:23:50 2005 => Entry "HKCR\Valve.Source\shell\open\command" refers to invalid object ""c:\programme\valve\steam\steamapps\fiddich911\counter-strike source\hl2.exe" "%1"". Action Taken: No Action Taken. 75: Wed Dec 28 20:49:51 2005 => ERROR!!! Invalid Entry {B327765E-D724-4347-8B16-78AE18552FC3} = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken. 76: Wed Dec 28 20:49:51 2005 => ERROR!!! Invalid Entry {7F1CF152-04F8-453A-B34C-E609530A9DC8} = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken. 77: Wed Dec 28 20:49:51 2005 => ERROR!!! Invalid Entry SCRNSAVE.EXE = C:\WINDOWS\system32\Playbo~1.scr (in key Control Panel\Desktop). No Action Taken. 78: Wed Dec 28 20:50:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe". Action Taken: No Action Taken. 79: Wed Dec 28 20:50:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken. 80: Wed Dec 28 20:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\MFC71.dll". Action Taken: No Action Taken. 81: Wed Dec 28 20:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\msvcp71.dll". Action Taken: No Action Taken. 82: Wed Dec 28 20:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken. 83: Wed Dec 28 20:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\system32\cmmgr32.exe". Action Taken: No Action Taken. 84: Wed Dec 28 20:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HDRegApp.exe" refers to invalid object "c:\Apps\HDRegApp.exe". Action Taken: No Action Taken. 85: Wed Dec 28 20:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken. 86: Wed Dec 28 20:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\RegCloneDVD2.exe" refers to invalid object "C:\Programme\Elaborate Bytes\CloneDVD2\RegCloneDVD2.exe". Action Taken: No Action Taken. 87: Wed Dec 28 20:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe" refers to invalid object "C:\Programme\AntiVirenKit InternetSecurity\YourApp.exe". Action Taken: No Action Taken. 88: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PrintMe Internet Printing\". Action Taken: No Action Taken. 89: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Common Client\". Action Taken: No Action Taken. 90: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton Internet Security\". Action Taken: No Action Taken. 91: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\OFFICE\". Action Taken: No Action Taken. 92: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\bin\". Action Taken: No Action Taken. 93: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\". Action Taken: No Action Taken. 94: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\". Action Taken: No Action Taken. 95: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\resource\". Action Taken: No Action Taken. 96: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\skins\Grey\". Action Taken: No Action Taken. 97: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\skins\". Action Taken: No Action Taken. 98: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\skins\Grey\steam\". Action Taken: No Action Taken. 99: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\skins\Grey\steam\cached\". Action Taken: No Action Taken. 100: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\SteamApps\". Action Taken: No Action Taken. 101: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\Public\". Action Taken: No Action Taken. 102: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".avd". Action Taken: No Action Taken. 103: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".exe_0-". Action Taken: No Action Taken. 104: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kotzt". Action Taken: No Action Taken. 105: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rar_0-". Action Taken: No Action Taken. 106: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rjt". Action Taken: No Action Taken. 107: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".torrent". Action Taken: No Action Taken. 108: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tpr". Action Taken: No Action Taken. 109: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".zip_0-". Action Taken: No Action Taken. 110: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken. 111: Wed Dec 28 20:50:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Nero - Burning Rom!UninstallKey". Action Taken: No Action Taken. 112: Wed Dec 28 20:50:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NetPumper_is1". Action Taken: No Action Taken. 113: Wed Dec 28 20:50:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B7EF883B-6320-4B13-00BB-B1B379303DA2}". Action Taken: No Action Taken. 114: Wed Dec 28 20:50:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{E4E3E62E-16D7-425E-009C-DCB5E64F5955}". Action Taken: No Action Taken. 115: Wed Dec 28 20:50:37 2005 => Entry "HKCR\CLSID\{3747A802-6E00-4b4e-B9FE-A97DC8F69427}" refers to invalid object "C:\Programme\EA SPORTS\NHL 2005\browserengine.dll". Action Taken: No Action Taken. 116: Wed Dec 28 20:50:38 2005 => Entry "HKCR\CLSID\{56336BCA-3D8A-11d6-A00B-0050DA18DE71}" refers to invalid object "C:\DOKUME~1\STEFFE~1\LOKALE~1\Temp\InfoWindow.dll". Action Taken: No Action Taken. 117: Wed Dec 28 20:50:38 2005 => Entry "HKCR\CLSID\{6B149EFD-F522-4021-B784-E49567D2672F}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken. 118: Wed Dec 28 20:50:39 2005 => Entry "HKCR\CLSID\{77A8B956-4FDC-4217-8E4D-AC7620F7AFCF}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken. 119: Wed Dec 28 20:50:39 2005 => Entry "HKCR\CLSID\{7D4D6379-F301-4311-BEBA-E26EB0561882}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken. 120: Wed Dec 28 20:50:39 2005 => Entry "HKCR\CLSID\{7F1CF152-04F8-453A-B34C-E609530A9DC8}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken. 121: Wed Dec 28 20:50:39 2005 => Entry "HKCR\CLSID\{84921D1D-9D55-478F-2F9D-115AF4E3DC34}" refers to invalid object "C:\Programme\Real\RealPlayer\CDDBRealControl.dll". Action Taken: No Action Taken. 122: Wed Dec 28 20:50:41 2005 => Entry "HKCR\CLSID\{B327765E-D724-4347-8B16-78AE18552FC3}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken. 123: Wed Dec 28 20:50:43 2005 => Entry "HKCR\TypeLib\{00CEDBF1-864D-11D3-908D-00C0F03B3EDC}" refers to invalid object "C:\Programme\Real\RealPlayer\ierjplug.dll". Action Taken: No Action Taken. 124: Wed Dec 28 20:50:44 2005 => Entry "HKCR\TypeLib\{405DE7B2-E7DD-11D2-92C5-00C0F01F77C1}" refers to invalid object "C:\Programme\Real\RealPlayer\rpau3260.dll". Action Taken: No Action Taken. 125: Wed Dec 28 20:50:44 2005 => Entry "HKCR\TypeLib\{47F59201-8783-11D2-8343-00A0C945A819}" refers to invalid object "C:\Programme\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll". Action Taken: No Action Taken. 126: Wed Dec 28 20:50:44 2005 => Entry "HKCR\TypeLib\{67D26A59-1E17-4F8D-8445-42B7DCCF589D}" refers to invalid object "C:\Programme\EA SPORTS\NHL 2005\browserengine.dll". Action Taken: No Action Taken. 127: Wed Dec 28 20:50:44 2005 => Entry "HKCR\TypeLib\{7AF322C5-AB43-11D4-A00B-0050DA18DE71}" refers to invalid object "C:\DOKUME~1\STEFFE~1\LOKALE~1\Temp\InfoWindow.dll". Action Taken: No Action Taken. 128: Wed Dec 28 20:50:44 2005 => Entry "HKCR\TypeLib\{8042010C-0400-41A1-B344-85F0D08F4F41}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken. 129: Wed Dec 28 20:50:44 2005 => Entry "HKCR\TypeLib\{A67004E0-8362-42F9-B186-88706C346DD9}" refers to invalid object "C:\Programme\Real\RealPlayer\rpplugins\ierpplug.dll". Action Taken: No Action Taken. 130: Wed Dec 28 20:50:44 2005 => Entry "HKCR\TypeLib\{B7EF1304-D97F-4D69-B678-2EF6AD6C2D3A}" refers to invalid object "C:\Programme\EA SPORTS\NHL 2005\nhl2005.exe". Action Taken: No Action Taken. 131: Wed Dec 28 20:50:44 2005 => Entry "HKCR\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}" refers to invalid object "C:\Programme\NetPumper\NetPumperNNProxy.dll". Action Taken: No Action Taken. 132: Wed Dec 28 20:50:45 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. 133: Wed Dec 28 20:50:45 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. 134: Wed Dec 28 20:50:45 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\system32\CMMGR32.EXE "%1"". Action Taken: No Action Taken. 135: Wed Dec 28 20:50:46 2005 => Entry "HKCR\magnet\shell\open\command" refers to invalid object ""C:\Programme\LimeWire\LimeWire.exe" "%L"". Action Taken: No Action Taken. 136: Wed Dec 28 20:50:46 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. 137: Wed Dec 28 20:50:46 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. 138: Wed Dec 28 20:50:46 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. 139: Wed Dec 28 20:50:48 2005 => Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken. 140: Wed Dec 28 20:50:49 2005 => Entry "HKCR\NeroAACType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken. 141: Wed Dec 28 20:50:49 2005 => Entry "HKCR\NeroCopyType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken. 142: Wed Dec 28 20:50:49 2005 => Entry "HKCR\NeroCueSheetType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken. 143: Wed Dec 28 20:50:49 2005 => Entry "HKCR\NeroErrorType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken. 144: Wed Dec 28 20:50:49 2005 => Entry "HKCR\NeroHDBackupType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken. 145: Wed Dec 28 20:50:49 2005 => Entry "HKCR\NMUIEngine.NMUIResourceLoaderHarddisk" refers to invalid object "{03DC5606-EA66-4f02-AB52-2065524B03821}". Action Taken: No Action Taken. 146: Wed Dec 28 20:50:50 2005 => Entry "HKCR\steam\shell\open\command" refers to invalid object ""C:\Programme\Valve\Steam\Steam.exe" "%1"". Action Taken: No Action Taken. 147: Wed Dec 28 20:50:50 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken. 148: Wed Dec 28 20:50:50 2005 => Entry "HKCR\Valve.Source\shell\open\command" refers to invalid object ""c:\programme\valve\steam\steamapps\fiddich911\counter-strike source\hl2.exe" "%1"". Action Taken: No Action Taken. 149: Wed Dec 28 21:01:04 2005 => Result: ERROR!!! File C:\DRIVERS\MCDBF\SOURCE1\OTHER.EXE is Not Scanned 150: Wed Dec 28 21:55:15 2005 => Result: ERROR!!! File C:\DRIVERS\MCDBF\SOURCE1\OTHER.EXE is Not Scanned -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: C:\Programme\OCRANA-IRC\OCRANA-IRC.exe => tagged:Client-IRC.Win32.mIRC.603. 2: C:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP97\A0033682.exe => tagged:Client-IRC.Win32.mIRC.616. -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Wed Dec 28 20:24:54 2005 => Total Objects Scanned: 26697 Wed Dec 28 20:24:54 2005 => Total Virus(es) Found: 14 Wed Dec 28 20:24:54 2005 => Total Errors: 74 Wed Dec 28 20:24:54 2005 => Virus Database Date: 12/26/2005 Wed Dec 28 20:24:54 2005 => Virus Database Count: 167489 Wed Dec 28 20:27:27 2005 => Virus Database Date: 12/26/2005 Wed Dec 28 20:27:27 2005 => Virus Database Count: 167489 Wed Dec 28 20:43:45 2005 => Virus Database Date: 12/26/2005 Wed Dec 28 20:43:45 2005 => Virus Database Count: 167489 Wed Dec 28 20:48:18 2005 => Virus Database Date: 12/26/2005 Wed Dec 28 20:48:18 2005 => Virus Database Count: 167489 Wed Dec 28 22:34:39 2005 => Total Objects Scanned: 220225 Wed Dec 28 22:34:39 2005 => Total Virus(es) Found: 20 Wed Dec 28 22:34:39 2005 => Total Errors: 76 Wed Dec 28 22:34:39 2005 => Virus Database Date: 12/26/2005 Wed Dec 28 22:34:39 2005 => Virus Database Count: 167489 ----------------------------------------------------------------------- Die Datei: System Volume Information konnte nicht gelöscht werden nach nem Neustart! die Datei: Ocrana IRC würde ich gerne weiter nutzen, aber wenn sie auch gelöscht werden muss dann lösche ich sie MFG Glen |
|
|
||
28.12.2005, 23:09
Ehrenmitglied
Beiträge: 29434 |
#23
Glen
loesche: C:\WINDOWS\system32\pbdev2.dll C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtek deaktiviere die systemwiederherstellung (dann aktiviere sie wieder) http://virus-protect.org/systemwiederherstellung.html Counterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.12.2005, 16:55
...neu hier
Beiträge: 9 |
#24
mein Log:
Spyware Scan Details Start Date: 29.12.2005 16:04:05 End Date: 29.12.2005 16:45:24 Total Time: 41 mins 19 secs Detected spyware AntiLeech Plugin Adware more information... Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software. Status: Ignored Infected files detected c:\programme\anti-leech\alie_1.0.2.2\al2np.dll c:\programme\anti-leech\alie_1.0.2.2\alhlp.exe c:\programme\anti-leech\alie_1.0.2.2\alie.dll c:\programme\anti-leech\alie_1.0.2.2\alie.inf c:\programme\anti-leech\alie_1.0.2.2\iesetup2.exe c:\programme\anti-leech\alnn\al2np.dll c:\programme\anti-leech\alnn\alhlp.exe c:\programme\anti-leech\alnn\npalnn.dll c:\programme\anti-leech\alnn\setup2.exe Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1 Anti-Leech Plug-in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE Anti-Leech Plug-in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 C:\PROGRA~1\ANTI-L~1\ALIE_1~1.2\alie.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\ProgID AntiLeech.ALIE.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\TypeLib {056738E1-E15C-11D6-B876-0050BF5D85C7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\VersionIndependentProgID AntiLeech.ALIE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} Anti-Leech Plug-in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE DisplayName Anti-Leech Plugin for Internet Explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE UninstallString C:\Programme\Anti-Leech\ALIE_1.0.2.2\iesetup2.exe uninstall NetPumper Adware Bundler more information... Details: Bundles with a number of adware components such as cydoor, Save!, ClockSync, and WhenU Toolbar. Status: Ignored Infected files detected c:\dokumente und einstellungen\steffen hees\anwendungsdaten\netpumper\steffen_20hees.ini c:\programme\netpumper\zm\np_0001_1.exe Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro\Firstrun state 2 HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro state 2 HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro pkid HQP HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro alid HQP HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro iid {3598A1AB-A5CE-4F0C-9C02-F77A021BC54C} HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo w+OxpNEdkWvQp+TemoMWOXuDZ7Jq8A2ohoS-IEfhhH6VyS7E4NoCMBLneZfvlLGanYv9bgrLKue Ea3y5XQt9Ob3Ln7f-fhu4j0ony8eRCXoFwrS9d6PiGR4JqU8EoEdslj3Dwcju40stxe+LtRMCtOp QpWKMJtVNYVo5wQ-UvWqxXhDKvCK+2Vfe5l08mn15E4nQaa-C4UQc HKEY_CURRENT_USER\Software\NetPumper HKEY_CURRENT_USER\Software\NetPumper\Steffen Hees Field1 1068374275 HKEY_CURRENT_USER\Software\NetPumper\Steffen Hees Field2 1175449753 HKEY_CURRENT_USER\Software\NetPumper\Steffen Hees Field3 1000036424 HKEY_CURRENT_USER\Software\NetPumper\Steffen Hees Field4 1080637372 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib Version 1.2 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib Version 1.2 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage Weatherbug Low Risk Adware more information... Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon. Status: Ignored Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} MiniBugTransporterX Class HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} MiniBugTransporterX Class IEPlugin Spyware more information... Details: IEPlugin is an IE Browser Helper Object that monitors site addresses, content entered into forms, and even local filenames browsed, and pops up advertisements when it sees a targeted keyword. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\remove eZula.TopText Adware more information... Details: eZula TopText is a browser hijacker that will alter all pages viewed in Internet Explorer by adding extra links to words and phrases targeted by advertisers. These links are unauthorized by the users of the sites being viewed and not part of the orig Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\remove ATDMT.com Cookie more information... Status: Ignored Infected cookies detected c:\dokumente und einstellungen\steffen hees\cookies\steffen hees@atdmt[1].txt DoubleClick Cookie more information... Details: DoubleClick is a popular ad serving network that uses spyware cookies, to target advertising. Status: Ignored Infected cookies detected c:\dokumente und einstellungen\steffen hees\cookies\steffen hees@doubleclick[1].txt TribalFusion.com Cookie more information... Status: Ignored Infected cookies detected c:\dokumente und einstellungen\steffen hees\cookies\steffen hees@tribalfusion[1].txt |
|
|
||
29.12.2005, 17:55
Ehrenmitglied
Beiträge: 29434 |
#25
Glen
der netpumper hat dir den ganzen Schlamassel verursacht...lade ihn also nie wieder scanne noch mal und stelle ein:*Remove , und lasse alles loeschen solange dort steht --> Status: Ignored wird es keine Fortschritte bei der Reinigung geben __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.12.2005, 12:20
...neu hier
Beiträge: 7 |
#26
Hallo Leute,
habe auch dieses lästige winfixer eingefangen. Bitte helft mir ihn zu entfernen. Hier die Logfile Logfile of HijackThis v1.99.1 Scan saved at 12:19:03, on 30.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Dit.exe C:\WINDOWS\system32\RunDll32.exe C:\Programme\avmwlanstick\wlangui.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\D-Tools\daemon.exe C:\Programme\SurfAccuracy\SAcc.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\DitExp.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\avmwlanstick\WlanNetService.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Gevso.HPPAV\Desktop\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-de8.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-de8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-de8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-de8.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de8.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Agent] C:\Programme\CyberLink\PowerVCRII\Agent.exe O4 - HKLM\..\Run: [Remote_Agent] C:\Programme\CyberLink\PowerVCRII\RemoteAgent.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://de7.hpwis.com O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.loudcash.com/UCITest/Cabs/4484.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {3AEECF42-EFE4-4AC8-AE9E-83C031EC09AB} (GamyunNetToolbar) - http://server.gamyun.net/cert/GamyunIeToolbar.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://data.flatcast.com/NpFv415.dll O16 - DPF: {F49DA492-7B88-463F-B389-CA9A02F6DA76} (Seagate SeaTools German Online) - http://www.seagate.com/support/disc/asp/tools/de/bin/npseatools.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe mfg kinglui |
|
|
||
30.12.2005, 12:44
...neu hier
Beiträge: 1 |
#27
Hallo.
Ich habe auch das Winfixerproblem. wär echt nett, wenn ihr mir helfen könntet. Danke. Hier das Logfile: Logfile of HijackThis v1.99.1 Scan saved at 12:08:17, on 30.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\WINDOWS\system32\slserv.exe C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Nero\Nero 7\InCD\InCD.exe C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe C:\Programme\108Mbps Wireless LAN Adapter\WLANPRO.exe C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\Programme\Winamp\winamp.exe C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\PokerStars\PokerStars.exe C:\Programme\Miranda IM\miranda32.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Dokumente und Einstellungen\Johann\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.compuserve.de O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Reg.lnk = ? O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - T-Online International AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe |
|
|
||
30.12.2005, 13:07
Ehrenmitglied
Beiträge: 29434 |
#28
kinglui
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.loudcash.com/UCITest/Cabs/4484.cab O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {3AEECF42-EFE4-4AC8-AE9E-83C031EC09AB} (GamyunNetToolbar) - http://server.gamyun.net/cert/GamyunIeToolbar.cab O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file) PC neustarten loesche: GamyunNetToolbar c:\eied_s7.cab c:\ex.cab C:\Programme\SurfAccuracy stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Counterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.12.2005, 13:10
Ehrenmitglied
Beiträge: 29434 |
#29
MeisterEder
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Counterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.12.2005, 13:45
...neu hier
Beiträge: 4 |
#30
Logfile of HijackThis v1.99.1
Scan saved at 13:40:10, on 30.12.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ctfmon.exe C:\Dokumente und Einstellungen\Völp\Lokale Einstellungen\Temp\Temporäres Verzeichnis 5 für hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/ O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\System32\mljji.dll O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Sygate Personall Firewall] Sygate32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O20 - Winlogon Notify: mljji - C:\WINDOWS\System32\mljji.dll O23 - Service: Enables Java Support (Java) - Unknown owner - C:\WINDOWS\System32\winjava.exe (file missing) O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe das ist meine logdatei von hijack... kann mir jemand weiterhelfen?? besten dank im vorraus |
|
|
||
Datentr„ger in Laufwerk C: ist HDD
Volumeseriennummer: F009-33CC
Verzeichnis von C:\WINDOWS\tasks
26.12.2005 19:17 <DIR> .
26.12.2005 19:17 <DIR> ..
28.12.2005 14:00 282 A7832F809170AA3C.job
04.08.2004 13:00 65 desktop.ini
29.07.2005 19:29 258 Registrierungserinnerung 3.job
28.12.2005 16:25 6 SA.DAT
4 Datei(en) 611 Bytes
Verzeichnis von C:\Dokumente und Einstellungen\Steffen Hees\Desktop