log von steffi

von **Nikita** am 18.06.2005, 09:38

Von: Steffi12345
An: Nikita
Verfasst am: Sa Jun 18, 2005 8:36 am
Titel: Hilfe!
Hi Nikita,

ich bin super verzweifelt ich glaube, ich hab mir ein Virus eingefangen. (Downloader.Trojan)

Was soll ich machen???

Logfile of HijackThis v1.99.1
Scan saved at 09:09:30, on 18.06.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Dokumente und Einstellungen\Stefan Behrendt\foo.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SVCHOST.EXE
C:\Dokumente und Einstellungen\Stefan Behrendt\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksearchclick.com/index.php?aff=19
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe init32m.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programme\SideFind\sfbho.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FF226642-88FA-D603-D0EE-A00FD69A4E90} - C:\WINDOWS\System32\gzkvuxh.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [DTSTA.EXE] DTSTA.EXE START
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [KlipFolio] "C:\Programme\KlipFolio\KlipFolio.exe" /BOOT
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Ejddmtut] C:\Program Files\Hsln\Yttdm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [akaobib2] C:\WINDOWS\System32\akaobib2.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Ad5BaFQ] C:\WINDOWS\wpeqjj.exe
O4 - HKLM\..\Run: [cratkvqp] C:\WINDOWS\cratkvqp.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [sys2121] C:\WINDOWS\sys2121.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SVCHOST.EXE
O4 - HKLM\..\Run: [_Cat1] C:\WINDOWS\nmmst.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SECURITY.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Nels] C:\Programme\lnob\pape.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Oba] C:\WINDOWS\System32\r?gsvr32.exe
O4 - HKCU\..\Run: [sys2121] C:\WINDOWS\sys2121.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe
O4 - Global Startup: AOL 7.0 Tray-Symbol.lnk = C:\Programme\AOL 7.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll (file missing)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.bestcounter.biz
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 195.95.218.170
O15 - Trusted IP range: 195.95.218.170 (HKLM)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Music ... dge-c8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4. ... 002535.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-24.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://showcase.workplace.t-online.de/a ... msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTickets ... refid=2732
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/dialer/internazionale_ver11.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Filter: text/html - {49F09E1D-ECB2-4F34-A41E-A185BC9F7B07} - C:\Dokumente und Einstellungen\Stefan Behrendt\Lokale Einstellungen\Anwendungsdaten\microsoft\internet explorer\V0.28.dat
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O21 - SSODL: System - {9891C82C-D24B-486B-B61F-C3FA58D46C91} - vr_sys.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Programme\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe

von **Steffi12345** am 18.06.2005, 09:56

Ich arbeite mit Norton Antivirus - es wurden einige Trojaner gefunden welche nicht gelöscht werden konnten und ein Virus (Downloader.Trojan)

Ich habe nicht so viel Ahnung von solchen sachen...

Wer kann mir helfen

von **Nikita** am 18.06.2005, 10:09

der PC ist voellig verseucht...wirklich, das beste waere eine Neuinstallation von Windows, denn wir werden sehr sehr lange brauchen, um das alles sauber zu bekommen.

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksearchclick.com/index.php?aff=19
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe init32m.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programme\SideFind\sfbho.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll (file missing)
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Ejddmtut] C:\Program Files\Hsln\Yttdm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [akaobib2] C:\WINDOWS\System32\akaobib2.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Ad5BaFQ] C:\WINDOWS\wpeqjj.exe
O4 - HKLM\..\Run: [cratkvqp] C:\WINDOWS\cratkvqp.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [sys2121] C:\WINDOWS\sys2121.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SVCHOST.EXE
O4 - HKLM\..\Run: [_Cat1] C:\WINDOWS\nmmst.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Nels] C:\Programme\lnob\pape.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Oba] C:\WINDOWS\System32\r?gsvr32.exe
O4 - HKCU\..\Run: [sys2121] C:\WINDOWS\sys2121.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll (file missing)

O15 - Trusted Zone: *.bestcounter.biz
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 195.95.218.170
O15 - Trusted IP range: 195.95.218.170 (HKLM)

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Music ... dge-c8.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTickets ... refid=2732
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/dialer/internazionale_ver11.CAB
O18 - Filter: text/html - {49F09E1D-ECB2-4F34-A41E-A185BC9F7B07} - C:\Dokumente und Einstellungen\Stefan Behrendt\Lokale Einstellungen\Anwendungsdaten\microsoft\internet explorer\V0.28.dat
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O21 - SSODL: System - {9891C82C-D24B-486B-B61F-C3FA58D46C91} - vr_sys.dll (file missing)

PC neustarten

backdoor.haxdoor.d (O4 - Startup: winupdate54787850[1].exe )
http://bilder.informationsarchiv.net/Ni ... /HSFix.zip
1. Extract the folder to C:\
2. So now you have a folder C:\HSFIX
3. Boot to Safe mode
4. open the hsfix folder and Double click on hsfix.bat
5. You'll lose your desktop and taskbar. That's normal because This process kills explorer
6. Double click on hsfix.bat to run it again
7. reboot
8. Find this file :- C:\hslog.txt
9. Post its contents into your next reply
10. post a new hijackthis log

abarbeiten
http://nikita.eddys-domain.de/escan.html

von **Steffi12345** am 18.06.2005, 10:22

Ich habe aber einige Datein mit sehr wichtigen geschäftlichen Inhalten - Wie kann ich diese retten???

Bringt es was wenn ich diese Ordner auf eine externe Festplatte kopiere - und dann meinen Rechner platt mache???

von **Yourhighness** am 18.06.2005, 10:39

Hi, mache erst mal was Dir Nikita gesagt hat. Die Dateien kannst Du natürlich auf ner externen Festplatte speichern....aber mach erst mal die beschriebenen Schritte.

MfG,

von **Steffi12345** am 18.06.2005, 10:52

Ja klar... Ich verstehe aber echt nicht viel davon...

Ich habe jetzt einen ScanCheck gemacht...

Hier das Protokoll:

--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Sat Jun 18 10:41:27 2005 => File C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SECURITY.DLL infected by "Trojan.Win32.WebSearch.i" Virus! Action Taken: No Action Taken.
2: Sat Jun 18 10:41:36 2005 => File C:\WINDOWS\System32\drwatson_.exe infected by "Trojan-Proxy.Win32.Mitglieder.do" Virus! Action Taken: No Action Taken.
3: Sat Jun 18 10:41:36 2005 => File C:\WINDOWS\System32\drwatson_32.exe infected by "Trojan-Proxy.Win32.Mitglieder.do" Virus! Action Taken: No Action Taken.
4: Sat Jun 18 10:41:36 2005 => File C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SVCHOST32.DLL infected by "Trojan.Win32.WebSearch.j" Virus! Action Taken: No Action Taken.
5: Sat Jun 18 10:41:37 2005 => File C:\WINDOWS\vr_sys.dll infected by "Trojan-PSW.Win32.LdPinch.os" Virus! Action Taken: No Action Taken.
6: Sat Jun 18 10:41:38 2005 => File C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SVCHOST.DLL infected by "Trojan.Win32.WebSearch.j" Virus! Action Taken: No Action Taken.
7: Sat Jun 18 10:41:41 2005 => File C:\WINDOWS\logon.exe infected by "Trojan-Downloader.Win32.VB.fi" Virus! Action Taken: No Action Taken.
8: Sat Jun 18 10:41:41 2005 => File C:\WINDOWS\sys2121.exe infected by "Backdoor.Win32.Small.fv" Virus! Action Taken: No Action Taken.
9: Sat Jun 18 10:41:45 2005 => File C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SVCHOST.EXE infected by "Trojan.Win32.WebSearch.j" Virus! Action Taken: No Action Taken.
10: Sat Jun 18 10:41:48 2005 => File C:\WINDOWS\System32\win32.exe infected by "Trojan.Win32.Crypt.c" Virus! Action Taken: No Action Taken.
11: Sat Jun 18 10:41:48 2005 => File C:\Programme\lnob\pape.exe infected by "Trojan-Downloader.Win32.PurityScan.u" Virus! Action Taken: No Action Taken.
12: Sat Jun 18 10:41:50 2005 => File C:\DOKUME~1\STEFAN~1\LOKALE~1\ANWEND~1\MICROS~1\INTERN~1\V028~1.DAT infected by "Trojan.Win32.Dialer.fy" Virus! Action Taken: No Action Taken.
13: Sat Jun 18 10:42:00 2005 => File C:\WINDOWS\vr_sys.dll infected by "Trojan-PSW.Win32.LdPinch.os" Virus! Action Taken: No Action Taken.
14: Sat Jun 18 10:42:08 2005 => File C:\WINDOWS\logon.exe infected by "Trojan-Downloader.Win32.VB.fi" Virus! Action Taken: No Action Taken.
15: Sat Jun 18 10:42:08 2005 => File C:\WINDOWS\sys2121.exe infected by "Backdoor.Win32.Small.fv" Virus! Action Taken: No Action Taken.
16: Sat Jun 18 10:42:08 2005 => File C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SVCHOST.EXE infected by "Trojan.Win32.WebSearch.j" Virus! Action Taken: No Action Taken.
17: Sat Jun 18 10:42:09 2005 => File C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SECURITY.EXE infected by "Trojan.Win32.WebSearch.j" Virus! Action Taken: No Action Taken.
18: Sat Jun 18 10:42:09 2005 => File C:\winstall.exe infected by "not-virus:Hoax.Win32.Renos.a" Virus! Action Taken: No Action Taken.
19: Sat Jun 18 10:42:09 2005 => File C:\Programme\lnob\pape.exe infected by "Trojan-Downloader.Win32.PurityScan.u" Virus! Action Taken: No Action Taken.
20: Sat Jun 18 10:42:09 2005 => File C:\WINDOWS\System32\win32.exe infected by "Trojan.Win32.Crypt.c" Virus! Action Taken: No Action Taken.
21: Sat Jun 18 10:42:09 2005 => File C:\WINDOWS\System32\drwatson32.exe infected by "Trojan-Proxy.Win32.Mitglieder.do" Virus! Action Taken: No Action Taken.
22: Sat Jun 18 10:46:46 2005 => C:\WINDOWS\SYSTEM32\VDMT16.SYS possibly infected and removed by background antivirus package!
23: Sat Jun 18 10:46:46 2005 => File C:\WINDOWS\SYSTEM32\VDMT16.SYS infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
24: Sat Jun 18 10:46:48 2005 => System found infected with BlazeFind Spyware/Adware ({15ad4789-cdb4-47e1-a9da-992ee8e6bad6})! Action taken: No Action Taken.
25: Sat Jun 18 10:46:48 2005 => System found infected with YourSiteBar Spyware/Adware ({42F2C9BA-614F-47C0-B3E3-ECFD34EED658})! Action taken: No Action Taken.
26: Sat Jun 18 10:46:49 2005 => System found infected with SexList Spyware/Adware (_{CFBFAE00-17A6-11D0-99CB-00C04FD64497})! Action taken: No Action Taken.
27: Sat Jun 18 10:46:49 2005 => System found infected with DyFuCA Spyware/Adware ({40b1d454-9ca4-43cc-86aa-cb175eac52fb})! Action taken: No Action Taken.
28: Sat Jun 18 10:46:49 2005 => System found infected with DyFuCA Spyware/Adware ({1c01d150-91a4-4de0-9bf8-a35d1bdf1001})! Action taken: No Action Taken.
29: Sat Jun 18 10:46:49 2005 => System found infected with DyFuCA Spyware/Adware ({00000010-6f7d-442c-93e3-4a4827c2e4c8})! Action taken: No Action Taken.
30: Sat Jun 18 10:46:49 2005 => System found infected with DyFuCA Spyware/Adware ({8f4e5661-f99e-4b3e-8d85-0ea71c0748e4})! Action taken: No Action Taken.
31: Sat Jun 18 10:46:49 2005 => System found infected with DyFuCA Spyware/Adware ({cea206e8-8057-4a04-ace9-ff0d69a92297})! Action taken: No Action Taken.
32: Sat Jun 18 10:46:49 2005 => System found infected with DyFuCA Spyware/Adware ({0be10b0d-b4db-4693-9b1f-9aead54d17dc})! Action taken: No Action Taken.
33: Sat Jun 18 10:46:49 2005 => System found infected with DyFuCA Spyware/Adware ({AA4939C3-DECA-4A48-A454-97CD587C0EF5})! Action taken: No Action Taken.
34: Sat Jun 18 10:46:49 2005 => System found infected with DyFuCA Spyware/Adware ({EEE4A2E5-9F56-432F-A6ED-F6F625B551E0})! Action taken: No Action Taken.
35: Sat Jun 18 10:46:49 2005 => System found infected with IstBAR Spyware/Adware ({0985c112-2562-46f2-8da6-92648ba4630f})! Action taken: No Action Taken.
36: Sat Jun 18 10:46:49 2005 => System found infected with IstBAR Spyware/Adware ({67907b3c-a6ef-4a01-99ad-3fcd5f526429})! Action taken: No Action Taken.
37: Sat Jun 18 10:46:49 2005 => System found infected with IstBAR Spyware/Adware ({86227d9c-0efe-4f8a-aa55-30386a3f5686})! Action taken: No Action Taken.
38: Sat Jun 18 10:46:49 2005 => System found infected with SideFind Spyware/Adware ({8cba1b49-8144-4721-a7b1-64c578c9eed7})! Action taken: No Action Taken.
39: Sat Jun 18 10:46:49 2005 => System found infected with SideFind Spyware/Adware ({58634367-d62b-4c2c-86be-5aac45cdb671})! Action taken: No Action Taken.
40: Sat Jun 18 10:46:49 2005 => System found infected with SideFind Spyware/Adware ({d0288a41-9855-4a9b-8316-babe243648da})! Action taken: No Action Taken.
41: Sat Jun 18 10:46:49 2005 => System found infected with SideFind Spyware/Adware ({339d8aff-0b42-4260-ad82-78ce605a9543})! Action taken: No Action Taken.
42: Sat Jun 18 10:46:49 2005 => System found infected with SideFind Spyware/Adware ({a36a5936-cfd9-4b41-86bd-319a1931887f})! Action taken: No Action Taken.
43: Sat Jun 18 10:46:49 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
44: Sat Jun 18 10:46:50 2005 => System found infected with SideFind Spyware/Adware ({a3fdd654-a057-4971-9844-4ed8e67dbbb8})! Action taken: No Action Taken.
45: Sat Jun 18 10:46:50 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
46: Sat Jun 18 10:46:50 2005 => System found infected with ClickSpring Spyware/Adware ({9eb320ce-be1d-4304-a081-4b4665414bef})! Action taken: No Action Taken.
47: Sat Jun 18 10:46:52 2005 => System found infected with Roings Spyware/Adware (objsafe.tlb)! Action taken: No Action Taken.
48: Sat Jun 18 10:49:31 2005 => System found infected with WindUpdate Spyware/Adware (ide21201.vxd)! Action taken: No Action Taken.
49: Sat Jun 18 10:49:32 2005 => System found infected with CWS.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
50: Sat Jun 18 10:49:32 2005 => System found infected with ISTsvc Spyware/Adware (shortcuts.txt)! Action taken: No Action Taken.

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Sat Jun 18 10:41:36 2005 => File C:\WINDOWS\System32\gukru11l.dll tagged as "not-a-virus:AdWare.Sahat.ad". Action Taken: No Action Taken.
2: Sat Jun 18 10:41:40 2005 => File C:\WINDOWS\cratkvqp.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken.
3: Sat Jun 18 10:41:48 2005 => File C:\WINDOWS\System32\akaobib2.exe tagged as "not-a-virus:AdWare.Sahat.aa". Action Taken: No Action Taken.
4: Sat Jun 18 10:41:48 2005 => File C:\temp\salm.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken.
5: Sat Jun 18 10:41:48 2005 => File c:\temp\salmhook.dll tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken.
6: Sat Jun 18 10:42:08 2005 => File c:\temp\salm.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken.
7: Sat Jun 18 10:42:08 2005 => File C:\WINDOWS\System32\akaobib2.exe tagged as "not-a-virus:AdWare.Sahat.aa". Action Taken: No Action Taken.
8: Sat Jun 18 10:42:08 2005 => File C:\WINDOWS\cratkvqp.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Sat Jun 18 10:42:00 2005 => ERROR!!! Invalid Entry {86227D9C-0EFE-4f8a-AA55-30386A3F5686} = C:\PROGRA~1\YOURSI~1\ysb.dll (in key SOFTWARE\Microsoft\Internet Explorer\Toolbar). No Action Taken.
2: Sat Jun 18 10:42:00 2005 => ERROR!!! Invalid Entry = C:\WINDOWS\nem220.dll (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}). No Action Taken.
3: Sat Jun 18 10:42:00 2005 => ERROR!!! Invalid Entry = C:\WINDOWS\wsem303.dll (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}). No Action Taken.
4: Sat Jun 18 10:42:00 2005 => ERROR!!! Invalid Entry = C:\WINDOWS\drexinit.dll (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A0269420-A638-4509-889C-8FC3CC85DA7E}). No Action Taken.
5: Sat Jun 18 10:42:00 2005 => ERROR!!! Invalid Entry = C:\Programme\SideFind\sfbho.dll (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}). No Action Taken.
6: Sat Jun 18 10:42:00 2005 => ERROR!!! Invalid Entry = C:\WINDOWS\System32\gzkvuxh.dll (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FF226642-88FA-D603-D0EE-A00FD69A4E90}). No Action Taken.
7: Sat Jun 18 10:42:05 2005 => ERROR!!! Invalid Entry {65756541-C65C-11CD-0000-4B656E696100} = C:\Programme\Panda Software\Panda Antivirus Titanium\ShellTit.DLL (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
8: Sat Jun 18 10:42:08 2005 => ERROR!!! Invalid Entry APVXDWIN = "C:\Programme\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
9: Sat Jun 18 10:42:08 2005 => ERROR!!! Invalid Entry KlipFolio = "C:\Programme\KlipFolio\KlipFolio.exe" /BOOT (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
10: Sat Jun 18 10:42:08 2005 => ERROR!!! Invalid Entry Media Pass = C:\Program Files\Media Pass\MediaPassK.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
11: Sat Jun 18 10:42:08 2005 => ERROR!!! Invalid Entry Internet Optimizer = "C:\Program Files\Internet Optimizer\optimize.exe" (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
12: Sat Jun 18 10:42:08 2005 => ERROR!!! Invalid Entry Ejddmtut = C:\Program Files\Hsln\Yttdm.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
13: Sat Jun 18 10:42:08 2005 => ERROR!!! Invalid Entry IST Service = C:\Programme\ISTsvc\istsvc.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
14: Sat Jun 18 10:42:08 2005 => ERROR!!! Invalid Entry Ad5BaFQ = C:\WINDOWS\wpeqjj.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
15: Sat Jun 18 10:42:08 2005 => ERROR!!! Invalid Entry PayTime = C:\WINDOWS\System32\paytime.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
16: Sat Jun 18 10:42:08 2005 => ERROR!!! Invalid Entry _Cat1 = C:\WINDOWS\nmmst.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
17: Sat Jun 18 10:42:09 2005 => ERROR!!! Invalid Entry PayTime = C:\WINDOWS\System32\paytime.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
18: Sat Jun 18 10:42:09 2005 => ERROR!!! Invalid Entry System = C:\WINDOWS\svchost.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
19: Sat Jun 18 10:42:09 2005 => Result: ERROR!!! File C:\WINDOWS\System32\r?gsvr32.exe: Scanning Failure!!!
20: Sat Jun 18 10:42:09 2005 => ERROR!!! ScanFile Fails...
21: Sat Jun 18 10:46:40 2005 => ERROR!!! Invalid Entry System32\DRIVERS\pavdrv51.sys in SYSTEM\CurrentControlSet\Services\PAVDRV...
22: Sat Jun 18 10:46:40 2005 => ERROR!!! Invalid Entry C:\Programme\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe in SYSTEM\CurrentControlSet\Services\PAVSRV...
23: Sat Jun 18 10:46:46 2005 => Result: ERROR!!! File C:\WINDOWS\SYSTEM32\VDMT16.SYS: Scanning Failure!!!
24: Sat Jun 18 10:46:48 2005 => ERROR!!! Invalid Entry \??\C:\WINDOWS\System32\winlow.sys in SYSTEM\CurrentControlSet\Services\winlow...
25: Sat Jun 18 10:49:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\internazionale_ver11.ocx". Action Taken: No Action Taken.
26: Sat Jun 18 10:49:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.
27: Sat Jun 18 10:49:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\YSBactivex.dll". Action Taken: No Action Taken.
28: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\Bark.wav". Action Taken: No Action Taken.
29: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\Bird.wav". Action Taken: No Action Taken.
30: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\Birds.wav". Action Taken: No Action Taken.
31: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\Cat.wav". Action Taken: No Action Taken.
32: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\Chickens.wav". Action Taken: No Action Taken.
33: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\Cow.wav". Action Taken: No Action Taken.
34: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\Coyote.wav". Action Taken: No Action Taken.
35: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\Cricket.wav". Action Taken: No Action Taken.
36: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\Crickets.wav". Action Taken: No Action Taken.
37: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\Crows.wav". Action Taken: No Action Taken.
38: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\DogGrowl.wav". Action Taken: No Action Taken.
39: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\Duck.wav". Action Taken: No Action Taken.
40: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\Flies.wav". Action Taken: No Action Taken.
41: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\Fly.wav". Action Taken: No Action Taken.
42: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\Horse.wav". Action Taken: No Action Taken.
43: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\Rooster.wav". Action Taken: No Action Taken.
44: Sat Jun 18 10:49:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Animals\Seagulls.wav". Action Taken: No Action Taken.
45: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Background\ColdWind.wav". Action Taken: No Action Taken.
46: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Background\Gears.wav". Action Taken: No Action Taken.
47: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Background\Gulls.wav". Action Taken: No Action Taken.
48: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Background\MachineHum.wav". Action Taken: No Action Taken.
49: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Background\Rain.wav". Action Taken: No Action Taken.
50: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Background\SeaWaves.wav". Action Taken: No Action Taken.
51: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Background\WindHowl.wav". Action Taken: No Action Taken.
52: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Bells\Bells.wav". Action Taken: No Action Taken.
53: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Bells\BikeBell.wav". Action Taken: No Action Taken.
54: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Bells\ChurchBell.wav". Action Taken: No Action Taken.
55: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Bells\DoorBell.wav". Action Taken: No Action Taken.
56: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Bells\TrainBell.wav". Action Taken: No Action Taken.
57: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Cartoons\Bedspring.wav". Action Taken: No Action Taken.
58: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Cartoons\BoinkHi.wav". Action Taken: No Action Taken.
59: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Cartoons\BoinkLo.wav". Action Taken: No Action Taken.
60: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Cartoons\BongCrash.wav". Action Taken: No Action Taken.
61: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Cartoons\Bonk.wav". Action Taken: No Action Taken.
62: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Cartoons\BurglarAlarm.wav". Action Taken: No Action Taken.
63: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Cartoons\Crash.wav". Action Taken: No Action Taken.
64: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Cartoons\PoundStake.wav". Action Taken: No Action Taken.
65: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Cartoons\SlideDown.wav". Action Taken: No Action Taken.
66: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Cartoons\SlideSlow.wav". Action Taken: No Action Taken.
67: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Cartoons\SlideUp.wav". Action Taken: No Action Taken.
68: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Cartoons\Spitball.wav". Action Taken: No Action Taken.
69: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Cartoons\Stretch.wav". Action Taken: No Action Taken.
70: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Cartoons\Whop.wav". Action Taken: No Action Taken.
71: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Cartoons\WindDown.wav". Action Taken: No Action Taken.
72: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Crowds\AngryMob.wav". Action Taken: No Action Taken.
73: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Crowds\Applause.wav". Action Taken: No Action Taken.
74: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Crowds\Clapping.wav". Action Taken: No Action Taken.
75: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Crowds\CrowdLaugh.wav". Action Taken: No Action Taken.
76: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Crowds\GroupSnore.wav". Action Taken: No Action Taken.
77: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Crowds\MallNoise.wav". Action Taken: No Action Taken.
78: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Electronic\ClockTick.wav". Action Taken: No Action Taken.
79: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Electronic\DentistDrill.wav". Action Taken: No Action Taken.
80: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Electronic\DieselHum.wav". Action Taken: No Action Taken.
81: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Electronic\Electricity.wav". Action Taken: No Action Taken.
82: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Electronic\ElectricMotor.wav". Action Taken: No Action Taken.
83: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Electronic\Grinder.wav". Action Taken: No Action Taken.
84: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Electronic\MotorHum.wav". Action Taken: No Action Taken.
85: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Electronic\OldPhone.wav". Action Taken: No Action Taken.
86: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Electronic\RadioTuner.wav". Action Taken: No Action Taken.
87: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Electronic\Stopwatch.wav". Action Taken: No Action Taken.
88: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Electronic\TouchTones.wav". Action Taken: No Action Taken.
89: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Gunshots\AtomicBomb.wav". Action Taken: No Action Taken.
90: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Gunshots\Bomb.wav". Action Taken: No Action Taken.
91: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Gunshots\BombDrop.wav". Action Taken: No Action Taken.
92: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Gunshots\Gunshots.wav". Action Taken: No Action Taken.
93: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Gunshots\MachineGun.wav". Action Taken: No Action Taken.
94: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Humans\BabyCrying.wav". Action Taken: No Action Taken.
95: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Humans\Burp.wav". Action Taken: No Action Taken.
96: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Humans\Eating.wav". Action Taken: No Action Taken.
97: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Humans\Footsteps.wav". Action Taken: No Action Taken.
98: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Humans\Groan.wav". Action Taken: No Action Taken.
99: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Humans\Kiss.wav". Action Taken: No Action Taken.
100: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Humans\Laughing.wav". Action Taken: No Action Taken.
101: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Humans\SexyWhistle.wav". Action Taken: No Action Taken.
102: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Humans\Sipping.wav". Action Taken: No Action Taken.
103: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Humans\Snicker.wav". Action Taken: No Action Taken.
104: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Humans\Snoring.wav". Action Taken: No Action Taken.
105: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Humans\Toothbrushing.wav". Action Taken: No Action Taken.
106: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Humans\Whistle.wav". Action Taken: No Action Taken.
107: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Instruments\Cowbell.wav". Action Taken: No Action Taken.
108: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Instruments\Cymbal.wav". Action Taken: No Action Taken.
109: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Instruments\Cymbals.wav". Action Taken: No Action Taken.
110: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Instruments\Drum.wav". Action Taken: No Action Taken.
111: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Instruments\Scales.wav". Action Taken: No Action Taken.
112: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Instruments\Timbales.wav". Action Taken: No Action Taken.
113: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Instruments\TimbalesSlow.wav". Action Taken: No Action Taken.
114: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\BallBouncing.wav". Action Taken: No Action Taken.
115: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Bubbling.wav". Action Taken: No Action Taken.
116: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\ChargeSwipe.wav". Action Taken: No Action Taken.
117: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Crashes.wav". Action Taken: No Action Taken.
118: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Crumple.wav". Action Taken: No Action Taken.
119: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Dialtone.wav". Action Taken: No Action Taken.
120: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\DoorBuzzer.wav". Action Taken: No Action Taken.
121: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\FileCabinet.wav". Action Taken: No Action Taken.
122: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Fire.wav". Action Taken: No Action Taken.
123: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\GlassBreak.wav". Action Taken: No Action Taken.
124: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\GlassRub.wav". Action Taken: No Action Taken.
125: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\GlassSmash.wav". Action Taken: No Action Taken.
126: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\GolfSwing.wav". Action Taken: No Action Taken.
127: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Jackhammer.wav". Action Taken: No Action Taken.
128: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Knock.wav". Action Taken: No Action Taken.
129: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Knocking.wav". Action Taken: No Action Taken.
130: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Mystery.wav". Action Taken: No Action Taken.
131: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Pullchain.wav". Action Taken: No Action Taken.
132: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Ratchet.wav". Action Taken: No Action Taken.
133: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Ripping.wav". Action Taken: No Action Taken.
134: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Ripping2.wav". Action Taken: No Action Taken.
135: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Rips.wav". Action Taken: No Action Taken.
136: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Stamper.wav". Action Taken: No Action Taken.
137: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Telephone.wav". Action Taken: No Action Taken.
138: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Thud.wav". Action Taken: No Action Taken.
139: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Tone.wav". Action Taken: No Action Taken.
140: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\Typing.wav". Action Taken: No Action Taken.
141: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Miscellaneous\WingFlap.wav". Action Taken: No Action Taken.
142: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Squeaks\CarDoor.wav". Action Taken: No Action Taken.
143: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Squeaks\CreakySwing.wav". Action Taken: No Action Taken.
144: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Squeaks\DoorClose.wav". Action Taken: No Action Taken.
145: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Squeaks\DoorSlam.wav". Action Taken: No Action Taken.
146: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Squeaks\DoorSqueak.wav". Action Taken: No Action Taken.
147: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Squeaks\JailDoor.wav". Action Taken: No Action Taken.
148: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Squeaks\Latch.wav". Action Taken: No Action Taken.
149: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Squeaks\SqueakyCrank.wav". Action Taken: No Action Taken.
150: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Squeaks\SqueakyHinge.wav". Action Taken: No Action Taken.
151: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\Airplane.wav". Action Taken: No Action Taken.
152: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\Backfire.wav". Action Taken: No Action Taken.
153: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\Biplane.wav". Action Taken: No Action Taken.
154: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\Carburetor.wav". Action Taken: No Action Taken.
155: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\CarCough.wav". Action Taken: No Action Taken.
156: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\CarHorn.wav". Action Taken: No Action Taken.
157: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\CarHorns.wav". Action Taken: No Action Taken.
158: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\CarIdle.wav". Action Taken: No Action Taken.
159: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\CarPassBy.wav". Action Taken: No Action Taken.
160: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\CarShift.wav". Action Taken: No Action Taken.
161: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\CarStart.wav". Action Taken: No Action Taken.
162: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\EngineStall.wav". Action Taken: No Action Taken.
163: Sat Jun 18 10:49:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\GearGrind.wav". Action Taken: No Action Taken.
164: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\Helicopter.wav". Action Taken: No Action Taken.
165: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\Highway.wav". Action Taken: No Action Taken.
166: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\Motorcycle.wav". Action Taken: No Action Taken.
167: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\PlaneFlyBy.wav". Action Taken: No Action Taken.
168: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\RaceSqueal.wav". Action Taken: No Action Taken.
169: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\RevGoKart.wav". Action Taken: No Action Taken.
170: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\RevMotorcycle.wav". Action Taken: No Action Taken.
171: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\Skid.wav". Action Taken: No Action Taken.
172: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\TireSqueal.wav". Action Taken: No Action Taken.
173: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\TireSqueals.wav". Action Taken: No Action Taken.
174: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\Traffic.wav". Action Taken: No Action Taken.
175: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\Train.wav". Action Taken: No Action Taken.
176: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\TrainCars.wav". Action Taken: No Action Taken.
177: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\TrainHorn.wav". Action Taken: No Action Taken.
178: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Vehicles\TrainStop.wav". Action Taken: No Action Taken.
179: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Water\Splash.wav". Action Taken: No Action Taken.
180: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Water\SteamValve.wav". Action Taken: No Action Taken.
181: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Water\WaterDrip.wav". Action Taken: No Action Taken.
182: Sat Jun 18 10:49:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Pinnacle\Studio 8\Sound Effects\Water\WaterFlow.wav". Action Taken: No Action Taken.
183: Sat Jun 18 10:49:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\MSXML3A.DLL". Action Taken: No Action Taken.
184: Sat Jun 18 10:49:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\YSBactivex.dll". Action Taken: No Action Taken.
185: Sat Jun 18 10:49:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\internazionale_ver11.ocx". Action Taken: No Action Taken.
186: Sat Jun 18 10:49:39 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.
187: Sat Jun 18 10:49:39 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\Default.rul". Action Taken: No Action Taken.
188: Sat Jun 18 10:49:40 2005 => Entry "HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}" refers to invalid object "C:\WINDOWS\nem220.dll". Action Taken: No Action Taken.
189: Sat Jun 18 10:49:46 2005 => Entry "HKCR\CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7}" refers to invalid object "C:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX". Action Taken: No Action Taken.
190: Sat Jun 18 10:49:46 2005 => Entry "HKCR\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\YSBactivex.dll". Action Taken: No Action Taken.
191: Sat Jun 18 10:49:48 2005 => Entry "HKCR\CLSID\{65756541-C65C-11CD-0000-4B656E696100}" refers to invalid object "C:\Programme\Panda Software\Panda Antivirus Titanium\ShellTit.DLL". Action Taken: No Action Taken.

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SECURITY.DLL => Trojan.Win32.WebSearch.i
2: C:\WINDOWS\System32\drwatson_.exe => Trojan-Proxy.Win32.Mitglieder.do
3: C:\WINDOWS\System32\drwatson_32.exe => Trojan-Proxy.Win32.Mitglieder.do
4: C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SVCHOST32.DLL => Trojan.Win32.WebSearch.j
5: C:\WINDOWS\vr_sys.dll => Trojan-PSW.Win32.LdPinch.os
6: C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SVCHOST.DLL => Trojan.Win32.WebSearch.j
7: C:\WINDOWS\logon.exe => Trojan-Downloader.Win32.VB.fi
8: C:\WINDOWS\sys2121.exe => Backdoor.Win32.Small.fv
9: C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SVCHOST.EXE => Trojan.Win32.WebSearch.j
10: C:\WINDOWS\System32\win32.exe => Trojan.Win32.Crypt.c
11: C:\Programme\lnob\pape.exe => Trojan-Downloader.Win32.PurityScan.u
12: C:\DOKUME~1\STEFAN~1\LOKALE~1\ANWEND~1\MICROS~1\INTERN~1\V028~1.DAT => Trojan.Win32.Dialer.fy
13: C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SECURITY.EXE => Trojan.Win32.WebSearch.j
14: C:\winstall.exe => not-virus:Hoax.Win32.Renos.a
15: C:\WINDOWS\System32\drwatson32.exe => Trojan-Proxy.Win32.Mitglieder.do
16: C:\WINDOWS\SYSTEM32\VDMT16.SYS => BkCln.Unknown

von **Nikita** am 18.06.2005, 11:04

backdoor.haxdoor.d
http://bilder.informationsarchiv.net/Ni ... /HSFix.zip
1. Extract the folder to C:\
2. So now you have a folder C:\HSFIX
3. Boot to Safe mode
4. open the hsfix folder and Double click on hsfix.bat
5. You'll lose your desktop and taskbar. That's normal because This process kills explorer
6. Double click on hsfix.bat to run it again
7. reboot
8. Find this file :- C:\hslog.txt
9. Post its contents into your next reply
10. post a new hijackthis log

und mache onlinescasn (3 oder 4 )
http://nikita.eddys-domain.de/onlinescan.html

und poste alles+ das neue Log vom HijackTHis

heute abend schau ich mir dann den Hackdoor-virus noch mal an, denn da muessen wir in die Registry
Jetzt kann ich mich aber nicht drum kuemmern.

System32\DRIVERS\pavdrv51.sys

von **Steffi12345** am 18.06.2005, 11:56

Ich kann mir die Killbox leider nicht runterladen - komme immer auf andere Seiten... Ist echt zum heulen...

Geht es nicht einfacher???

Mir ist wichtig bestimmte Ordner zu retten - diese würde ich auf eine externe Festplatte ziehen - dann die Festplatte in meinem Laptop komplett löschen - Neuinstalieren und dann die wenigen wichtigen Daten von der externen Platte wieder rüberziehen

Ich habe nur Angst, dass ich mir die externe Platte auch verseuche - wie kann ich das verhindern???

von **Yourhighness** am 18.06.2005, 13:01

Hallo!
Bei mir funktioniert der Link einwandfrei....Sonst:
http://www.bleepingcomputer.com/files/spyware/KillBox.zip

MfG,

von **Nikita** am 18.06.2005, 15:45

http://bilder.informationsarchiv.net/Ni ... illBox.zip

von **Steffi12345** am 18.06.2005, 16:24

Ich konnte jetzt die Killbox durchführen - habe jede einzelne datei, wie angegben gelöscht - nach Neustart sah alles schon viel besser aus

Hier das Logfile bezüglich Backdoor - bin nicht sicher, ob ich das richtig gemacht habe.

Horseserver Removal Tool v1.05
by Atri
-
-
1. Registry Fix Started
-
Registry fix complete
-
2. Deleted Services
-
-
3. Finding files Located on system
-
w32tm.exe
-
4. Deleting files that were found.
-
-
5. Checking for and Removing Winupdate
-
-
-

Ich mache jetzt wieder Scancheck und poste gleich das ergebnis

Vielen dank für eure Hilfe - wir werden die Viren töten :wink:

von **Steffi12345** am 18.06.2005, 16:50

Im Moment scanne ich mit Hausecall... Hoffe das ist ok.

Einige Probleme sind behoben... Ich würde gern deine angegebenen Datein noch mit der Killbox löschen... Aber leider bekomme ich die gerade nicht laufen (Fehlermeldung) - Auch neu herunterladen hat bisher nicht geholfen

Durch die ersten Maßnahmen mit der Killbox hat es einige Programme komplett zerlegt - z.B. ICQ

Ich lass ich erstmal scannen - dann starte ich neu - dann mal gucken

Das Protokoll poste ist - sobald er fertig ist

von **Nikita** am 18.06.2005, 17:03

Nikita hat geschrieben:loesche mit der Killbox:
http://nikita.eddys-domain.de/killbox.html

C:\WINDOWS\Downloaded Program Files\YSBactivex.dll
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx
C:\WINDOWS\Downloaded Program Files\internazionale_ver11.ocx
C:\WINDOWS\nem220.dll
C:\WINDOWS\waol.exe
C:\WINDOWS\System32\drwatson_.exe
C:\WINDOWS\System32\drwatson32.exe
C:\WINDOWS\System32\drwatson_32.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Temp\optimize.EXE
C:\Temp\optimize312[1].EXE
C:\Program Files\Internet Optimizer\actalert.exe
c:\windows\downloaded program files\mediaaccx.dll
C:\Program Files\Media Pass\MediaPassK.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\Program Files\Media Pass\MediaPassC.dll
C:\Program Files\Media Pass\Info.txt
C:\WINDOWS\temp\USB.exe
C:\WINDOWS\temp\oddworldz.exe
C:\WINDOWS\temp\istinstall.exe
C:\WINDOWS\wsem303.dll
C:\WINDOWS\drexinit.dll

C:\Programme\SideFind\sfbho.dll
C:\Programme\SideFind\sfbho13.dll
C:\Programme\SideFind\sidefind.dll
C:\Programme\SideFind\update\sidefind.exe

C:\WINDOWS\System32\gzkvuxh.dll
C:\Programme\SideFind\ysb.dll
C:\Program Files\Internet Optimizer\optimize.exe

C:\Windows\salm.exe
C:\Windows\salmbundle.exe
C:\Windows\salmhook.dll
C:\Windows\system32\180.dll
C:\Temp\salm.log
C:\Temp\salmau.dat
C:\Temp\salmhook.dll
C:\Temp\salm_gdf.dat
C:\Temp\salm_kyf.dat
C:\temp\salm.exe

c:\Program Files\Hsln\Yttdm.exe
C:\WINDOWS\System32\akaobib2.exe
C:\Programme\ISTsvc\istsvc.exe
C:\WINDOWS\wpeqjj.exe
C:\WINDOWS\cratkvqp.exe
C:\WINDOWS\logon.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\sys2121.exe
C:\WINDOWS\nmmst.exe
C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SVCHOST32.DLL
C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SVCHOST.EXE
C:\WINDOWS\System32\Services\{357F114F-4555-46D3-8673-81B82A9F0343}\SECURITY.DLL
C:\winstall.exe
C:\Programme\lnob\pape.exe
C:\Program Files\Hsln\Yttdm.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\r?gsvr32.exe
C:\WINDOWS\System32\win32.exe

C:\WINDOWS\SYSTEM32\drct16.dll
C:\WINDOWS\SYSTEM32\cz.dll
C:\WINDOWS\SYSTEM32\drct16.dll
C:\WINDOWS\SYSTEM32\hz.sys
C:\WINDOWS\SYSTEM32\vdmt16.sys
C:\WINDOWS\SYSTEM32\winlow.sys
C:\WINDOWS\SYSTEM32\wz.sys

C:\WINDOWS\vr_sys.dll
C:\DOKUME~1\STEFAN~1\LOKALE~1\ANWEND~1\MICROS~1\INTERN~1\V028~1.DAT

nun starte den PC neu,

loeschen:
c:\Program Files\Hsln
C:\Programme\lnob
C:\Programme\ISTsvc
C:\Programme\SideFind
C:\Program Files\Internet Optimizer
C:\Program Files\Media Pass

CCleaner--> loesche alle *temp-Datein
http://nikita.eddys-domain.de/IE.html

-------------------------------

Troj/Haxdoor-CN ist ein Backdoor-Trojaner, der unbefugten Fernzugriff auf ein infiziertes System ermöglicht.

Troj/Haxdoor-CN legt folgende Komponenten im Windows-Systemordner ab:

cz.dll
drct16.dll
hz.sys
vdmt16.sys
winlow.sys
wz.sys

Diese Komponenten werden als Troj/Haxdoor-CN erkannt.

Troj/Haxdoor-CN versucht, sich zu verbergen, um die Erkennung und Entfernung seiner Dateien, Registrierungseinträge und Dienste zu verhindern sowie zu gewährleisten, dass sie wiederhergestellt werden können, falls sie entfernt wurden.
Troj/Haxdoor-CN kann WINLOW.SYS als Dienst "winlow" mit dem Anzeigenamen "SCNDmem" registrieren. Der Trojaner kann VDMT16.SYS als Treiber "vdmt16" mit dem Anzeigenamen "VIRTwin" registrieren.
Troj/Haxdoor-CN kann folgende Registrierungseinträge erzeugen, damit er beim Start aktiviert wird:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drct16
DllName
drct16.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drct16
Startup
MeMessager

•Download Registry Search Tool :
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
Doppelklick:regsrch.vbs

reinkopieren:

winlow

SCNDmem

vdmt16

memlow

Press 'OK'
warten, bis die Suche beendet ist. (Ergebnis bitte posten)

von **Steffi12345** am 18.06.2005, 17:40

Hier das Ergebnis vom Housecall Scan...

TROJ_DLOADER.IR (17x)

TROJ_WEBSEARCH.F (2x)

TROJ_WEBSEARCH.H (4x)

TROJ_PSWPINCH.A (1x)

Konnte ich leider nicht säubern - weil ich kein Ticketcode habe...

Ich versuche jetzt die Killbox wieder zum laufen zu kriegen - um die obigen Datein zu löschen

von **Steffi12345** am 18.06.2005, 18:00

Ich kann keine Programme mehr öffnen... Stets die gleiche Fehlermeldung:

... konte nicht gefunden werden. Stellen sie sicher, dass sie den Namen korrekt eingegeben haben und wiederholen sie den Vorgang. Klicken sie auf "Start" und anschließend auf "Suchen", um eine Datei zu suchen.

Dadurch kann ich nicht mehr mit der Killbox arbeiten.

hijackthis geht auch nicht mehr.

Scancheck auch nicht.

Ich bin verzweifelt - was soll ich machen???

c:\Program Files\Hsln
C:\Programme\lnob
C:\Programme\ISTsvc
C:\Programme\SideFind
C:\Program Files\Internet Optimizer
C:\Program Files\Media Pass

Die habe ich manuell gelöscht... Ich hoffe, das war ok.

Mittlerweile kann ich garkein Programm mehr öffnen - immer die gleiche Fehlermeldung (siehe oben) - außer Outlook und Mozilla, das läuft noch

Im Moment ist es schlimmer als mit Virus - was habe ich bloß gemacht???

log von steffi

log von steffi

Wer ist online?