istsvc.exe (Spyware) kann nicht gelöscht werden

von **Acez** am 20.06.2005, 16:44

Hallo, seit einiger Zeit erscheinen etwa alle 2 Stunden Werbefenster im Internet Explorer. Ich benutze immer Opera, aber die Werbefenster kommen im IE, sollte ich Opera mal nicht geöffnet haben startet er es, sobald Werbefenster erscheinen, ich habe hier einen Screenshot:

http://home.arcor.de/manuelfink/Werbefenster,%20IE.JPG

Bisher habe ich nur mit AdAware versucht die Spyware zu finden. Es werden 32 Dateien entdeckt:

http://home.arcor.de/manuelfink/Adaware.JPG

Allerdings gehen sie nicht zu löschen, ich habe bereits versucht die Datei istsvc aus den Prozessen, sowie aus dem Autostart zu löschen, aber es hat nicht geholfen, auch von hand löschen geht natürlich nicht.

Wie kann ich die Spyware am besten loswerden und hängt mein "Werbeproblem" mit der istsvc.exe zusammen?

Gruß und danke im Vorraus, Acez

von **Nikita** am 20.06.2005, 16:53

Hallo@

silentrunners
http://nikita.eddys-domain.de/silentrunner.html

http://www.silentrunners.org/sr_download.html
gehe auf:
Zitat:
Click here to download a zip file.
hier die Erklaerung:
http://www.silentrunners.org/sr_scriptuse.html
klicke: output file is in text format. --> Doppelklick und es oeffnet sich der Editor-->
und poste alles, was angezeigt wird.

HijackThis
http://nikita.eddys-domain.de/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
-->None of the above,
just start the program --> Save--> Savelog -->es öffnet sich der
Editor -->
oder:
Do a system scan and save a logfile --> Save--> Savelog -->es öffnet sich der
Editor -->
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins
Forum mit rechtem Mausklick "einfügen"

von **Acez** am 20.06.2005, 17:54

Danke für die Antwort, hier die Logfiles:

Silent runnees:

"Silent Runners.vbs", revision 38.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Versato" = "C:\Programme\MediaKey\MagicRun.exe" [null data]
"MyWebSearch Email Plugin" = "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" ["MyWebSearch.com"]
"SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"ATICCC" = ""C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data]
"ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Advanced Tools Check" = "C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"MyWebSearch Email Plugin" = "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" ["MyWebSearch.com"]
"mspwr" = "C:\WINDOWS\system32\PuXpMan.exe" [null data]
"PwrUpTweakMe" = "C:\WINDOWS\system32\PUXPTWKS.EXE /TWEAK" [null data]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]
"0gDmqNKby" = "C:\WINDOWS\ynbgb.exe" [null data]
"Á³# L"h'þ9Óœð3rÅWC:\Programme\ISTsvc\istsvc.exe" = "C:\WINDOWS\ynbgb.exe" [null data]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]
"IST Service" = "C:\Programme\ISTsvc\istsvc.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"AAW" = ""C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"" ["Lavasoft Sweden"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00A6FAF1-072E-44cf-8957-5838F569A31D}\(Default) = "MyWebSearch Search Assistant BHO"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL" ["MyWebSearch.com"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{07B18EA1-A523-4961-B6BB-170DE4475CCA}\(Default) = "mwsBar BHO"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL" ["MyWebSearch.com"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{D0FAC080-AE1A-11ce-8016-CE90976DC901}" = "Picture Publisher Schnellansicht"
-> {CLSID}\InProcServer32\(Default) = "ppiv20.dll" [null data]
"{906b0e6e-61ce-11d3-8ee2-0060080a7242}" = "QuickSFV Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\QuickSFV\QSFVShll.dll" ["Mercedes"]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "Internetverknüpfung" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "shdocvw.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Manuel\Eigene Dateien\Ace Bilder\Flamingpunch Hintergrund\Feuer.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

Startup items in "Manuel" & "All Users" startup folders:
--------------------------------------------------------

C:\Dokumente und Einstellungen\Manuel\Startmenü\Programme\Autostart
"GMX Clicktionary 2.8" -> shortcut to: "C:\Programme\Clicktionary\Cleverlearn Clicktionary.exe" ["Cleverlearn, Inc."]
"MyWebSearch Email Plugin" -> shortcut to: "C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE" ["MyWebSearch.com"]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Gamma Loader" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Microsoft Office OneNote 2003 Schnellstart" -> shortcut to: "C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE /tsr" [MS]
"MyWebSearch Email Plugin" -> shortcut to: "C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE" ["MyWebSearch.com"]

Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Meinen Computer prüfen" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Programme\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

Explorer Bars

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\ = "My Web Search Quick View"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

Missing lines (compared with English-language version):
"{00A6FAF6-072E-44cf-8957-5838F569A31D}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL" ["MyWebSearch.com"]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Norton AntiVirus Auto-Protect-Dienst, navapsvc, ""C:\Programme\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, "C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE" ["Symantec Corporation"]
SAVScan, SAVScan, ""C:\Programme\Norton AntiVirus\SAVScan.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 17:52:47, on 20.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\PuXpMan.exe
C:\WINDOWS\ynbgb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Clicktionary\Cleverlearn Clicktionary.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\MediaKey\OSD.EXE
C:\Programme\MediaKey\Versato.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Programme\ISTsvc\istsvc.exe
C:\Programme\Winamp\Winamp.exe
C:\Programme\Opera\opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Manuel\Eigene Dateien\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan.exe
O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PUXPTWKS.EXE /TWEAK
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [0gDmqNKby] C:\WINDOWS\ynbgb.exe
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\ynbgb.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Versato] C:\Programme\MediaKey\MagicRun.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: GMX Clicktionary 2.8.lnk = C:\Programme\Clicktionary\Cleverlearn Clicktionary.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xdm119YYDE
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O12 - Plugin for .001: C:\Programme\Opera\PLUGINS\NPNetPumper_Application.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.8-2.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 6327773772
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

von **Nikita** am 20.06.2005, 18:15

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan.exe
O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PUXPTWKS.EXE /TWEAK
O4 - HKLM\..\Run: [0gDmqNKby] C:\WINDOWS\ynbgb.exe
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\ynbgb.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [Versato] C:\Programme\MediaKey\MagicRun.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xdm119YYDE
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O12 - Plugin for .001: C:\Programme\Opera\PLUGINS\NPNetPumper_Application.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.8-2.cab

PC neustarten

•KillBox
http://bilder.informationsarchiv.net/Ni ... illBox.zip
Anleitung: (bebildert)
http://nikita.eddys-domain.de/killbox.html

•Delete File on Reboot <--anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\ynbgb.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Programme\ISTsvc\istsvc.exe

PC neustarten

CCleaner--> loesche alle *temp-Datein
http://nikita.eddys-domain.de/IE.html

•Ad-aware SE Personal
http://nikita.eddys-domain.de/antispywaretools.html
Laden--> Updaten-->Konfigurieren
http://nikita.eddys-domain.de/adaware.html
#VOR jedem Scanvorgang das Programm Updaten!
waehrend des Scanvorganges müssen ALLE sonstige
Anwendungen beendet werden und alle Browserfenster müssen
geschlossen sein!
scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann

arbeite das bitte ab:
http://nikita.eddys-domain.de/escan.html

von **Acez** am 20.06.2005, 20:22

Puh... bin durch, also erstmal das

Adaware Logfile:

Ad-Aware SE Build 1.06r1
Logfile Created on:Montag, 20. Juni 2005 19:11:06
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R50 13.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):3 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R50 13.06.2005
Internal build : 58
File location : C:\Programme\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 481146 Bytes
Total size : 1456012 Bytes
Signature data size : 1427935 Bytes
Reference data size : 27565 Bytes
Signatures total : 40456
CSI Fingerprints total : 904
CSI data size : 31134 Bytes
Target categories : 15
Target families : 692

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:56 %
Total physical memory:1048048 kb
Available physical memory:586012 kb
Total page file size:2518836 kb
Available on page file:2168404 kb
Total virtual memory:2097024 kb
Available virtual memory:2023032 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

20.06.2005 19:11:06 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 388
ThreadCreationTime : 20.06.2005 17:00:58
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 448
ThreadCreationTime : 20.06.2005 17:01:00
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 484
ThreadCreationTime : 20.06.2005 17:01:04
BasePriority : High

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 528
ThreadCreationTime : 20.06.2005 17:01:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 540
ThreadCreationTime : 20.06.2005 17:01:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : C:\WINDOWS\system32\Ati2evxx.exe
ProcessID : 684
ThreadCreationTime : 20.06.2005 17:01:05
BasePriority : Normal
FileVersion : 6.14.10.4107
ProductVersion : 6.14.10.4107.03
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 704
ThreadCreationTime : 20.06.2005 17:01:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 788
ThreadCreationTime : 20.06.2005 17:01:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 828
ThreadCreationTime : 20.06.2005 17:01:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 876
ThreadCreationTime : 20.06.2005 17:01:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 948
ThreadCreationTime : 20.06.2005 17:01:06
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [ccsetmgr.exe]
ModuleName : C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
Command Line : "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"
ProcessID : 1080
ThreadCreationTime : 20.06.2005 17:01:06
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:13 [ccevtmgr.exe]
ModuleName : C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1104
ThreadCreationTime : 20.06.2005 17:01:06
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:14 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1124
ThreadCreationTime : 20.06.2005 17:01:06
BasePriority : Normal
FileVersion : 6.14.10.4107
ProductVersion : 6.14.10.4107.03
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:15 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1200
ThreadCreationTime : 20.06.2005 17:01:07
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:16 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1372
ThreadCreationTime : 20.06.2005 17:01:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:17 [navapsvc.exe]
ModuleName : C:\Programme\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Programme\Norton AntiVirus\navapsvc.exe"
ProcessID : 1508
ThreadCreationTime : 20.06.2005 17:01:08
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:18 [nprotect.exe]
ModuleName : C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
Command Line : "C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE"
ProcessID : 1544
ThreadCreationTime : 20.06.2005 17:01:08
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright (C) 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:19 [savscan.exe]
ModuleName : C:\Programme\Norton AntiVirus\SAVScan.exe
Command Line : "C:\Programme\Norton AntiVirus\SAVScan.exe"
ProcessID : 1596
ThreadCreationTime : 20.06.2005 17:01:08
BasePriority : Normal

ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright (c) 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:20 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k imgsvc
ProcessID : 1724
ThreadCreationTime : 20.06.2005 17:01:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1840
ThreadCreationTime : 20.06.2005 17:01:09
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:22 [symwsc.exe]
ModuleName : C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 1928
ThreadCreationTime : 20.06.2005 17:01:10
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:23 [soundman.exe]
ModuleName : C:\WINDOWS\SOUNDMAN.EXE
Command Line : "C:\WINDOWS\SOUNDMAN.EXE"
ProcessID : 648
ThreadCreationTime : 20.06.2005 17:01:12
BasePriority : Normal
FileVersion : 5.1.0.30
ProductVersion : 5.1.0.29
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:24 [cli.exe]
ModuleName : C:\Programme\ATI Technologies\ATI.ACE\cli.exe
Command Line : "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
ProcessID : 740
ThreadCreationTime : 20.06.2005 17:01:13
BasePriority : Normal

#:25 [ccapp.exe]
ModuleName : C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
Command Line : "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
ProcessID : 588
ThreadCreationTime : 20.06.2005 17:01:13
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:26 [jusched.exe]
ModuleName : C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Programme\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 860
ThreadCreationTime : 20.06.2005 17:01:13
BasePriority : Normal

#:27 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 1044
ThreadCreationTime : 20.06.2005 17:01:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:28 [em_exec.exe]
ModuleName : C:\Programme\Logitech\MouseWare\system\em_exec.exe
Command Line : "C:\Programme\Logitech\MouseWare\system\em_exec.exe"
ProcessID : 1424
ThreadCreationTime : 20.06.2005 17:01:14
BasePriority : Normal
FileVersion : 9.80.019
ProductVersion : 9.80.019
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : (C) 1987-2004 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:29 [cleverlearn clicktionary.exe]
ModuleName : C:\Programme\Clicktionary\Cleverlearn Clicktionary.exe
Command Line : "C:\Programme\Clicktionary\Cleverlearn Clicktionary.exe"
ProcessID : 1452
ThreadCreationTime : 20.06.2005 17:01:14
BasePriority : Normal
FileVersion : 2, 8, 0, 0
ProductVersion : 2, 8, 0, 0
ProductName : Cleverlearn, Inc. Clicktionary
CompanyName : Cleverlearn, Inc.
FileDescription : Cleverlearn, Inc. Clicktionary
InternalName : popup
LegalCopyright : Copyright® 1998-2002 Cleverlearn, Inc.
OriginalFilename : Cleverlearn Clicktionary.exe

#:30 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2152
ThreadCreationTime : 20.06.2005 17:01:17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:31 [ad-aware.exe]
ModuleName : C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2412
ThreadCreationTime : 20.06.2005 17:01:50
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:32 [winamp.exe]
ModuleName : C:\Programme\Winamp\Winamp.exe
Command Line : "C:\Programme\Winamp\Winamp.exe" -Embedding
ProcessID : 3092
ThreadCreationTime : 20.06.2005 17:02:15
BasePriority : Normal
FileVersion : 5.07
ProductVersion : 5.07
ProductName : Winamp
CompanyName : Nullsoft
FileDescription : Winamp
InternalName : WINAMP
LegalCopyright : Copyright © 1997-2004, Nullsoft, Inc.
LegalTrademarks : Nullsoft and Winamp are trademarks of Nullsoft, Inc.
OriginalFilename : Winamp.exe
Comments : Visit http://www.winamp.com/ for updates.

#:33 [icqlite.exe]
ModuleName : C:\Programme\ICQLite\ICQLite.exe
Command Line : "C:\Programme\ICQLite\ICQLite.exe"
ProcessID : 3836
ThreadCreationTime : 20.06.2005 17:04:34
BasePriority : Normal
FileVersion : 20, 32, 2315, 0
ProductVersion : 20, 32, 2315, 0
ProductName : ICQLite
CompanyName : ICQ Ltd.
FileDescription : ICQLite
InternalName : ICQ Lite
LegalCopyright : Copyright (C) 2002
OriginalFilename : ICQLite.exe

#:34 [opera.exe]
ModuleName : C:\Programme\Opera\opera.exe
Command Line : "C:\Programme\Opera\opera.exe"
ProcessID : 2584
ThreadCreationTime : 20.06.2005 17:08:59
BasePriority : Normal
FileVersion : 3870
ProductVersion : 7.54
ProductName : Opera Internet Browser
CompanyName : Opera Software
FileDescription : Opera Internet Browser
InternalName : Opera
LegalCopyright : Copyright © Opera Software 1995-2004
OriginalFilename : Opera.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Manuel\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1957994488-1659004503-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : manuel@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:manuel@2o7.net/
Expires : 19.06.2010 19:04:48
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 4

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
3 entries scanned.
New critical objects:0
Objects found so far: 4

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

19:16:32 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:26.46
Objects scanned:146033
Objects identified:1
Objects ignored:0
New critical objects:1

eScan hab ich eine Stunde laufen lassen (70000 Dateien) und als ich das logfile hier reinkopieren wollte, war es so lang, dass es 5 sek. zum kopieren gedauert hat und beim Absenden hat sich der BRowser aufgehängt =) Also hab ich leider keins

von **Nikita** am 20.06.2005, 21:30

deaktiviere mal die Systemwiederherstellung, dann kannst du noch mal mit escan scannen und es wird weniger Eintraege geben

http://nikita.eddys-domain.de/Systemwie ... llung.html

von **Acez** am 20.06.2005, 21:47

Glaub ich hab was falsches kopiert... hab jetzt Datei ==> Escanlog öffnen gemacht und dann rechtsklick ins weiße ==> Auswertung kopieren, also hier die/Das bisherige log

--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Mon Jun 20 19:31:37 2005 => System found infected with FunWeb Spyware/Adware ({CFF4CE82-3AA2-451F-9B77-7165605FB835})! Action taken: No Action Taken.
2: Mon Jun 20 19:31:37 2005 => System found infected with FunWeb Spyware/Adware ({C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7})! Action taken: No Action Taken.
3: Mon Jun 20 19:31:37 2005 => System found infected with FunWeb Spyware/Adware ({B813095C-81C0-4E40-AA14-67520372B987})! Action taken: No Action Taken.
4: Mon Jun 20 19:31:37 2005 => System found infected with FunWeb Spyware/Adware ({147A976F-EEE1-4377-8EA7-4716E4CDD239})! Action taken: No Action Taken.
5: Mon Jun 20 19:31:37 2005 => System found infected with FunWeb Spyware/Adware ({0F8ECF4F-3646-4C3A-8881-8E138FFCAF70})! Action taken: No Action Taken.
6: Mon Jun 20 19:31:37 2005 => System found infected with FunWeb Spyware/Adware ({00A6FAF6-072E-44cf-8957-5838F569A31D})! Action taken: No Action Taken.
7: Mon Jun 20 19:31:37 2005 => System found infected with MyWebSearch Spyware/Adware ({ADB01E81-3C79-4272-A0F1-7B2BE7A782DC})! Action taken: No Action Taken.
8: Mon Jun 20 19:31:37 2005 => System found infected with MyWebSearch Spyware/Adware ({9FF05104-B030-46FC-94B8-81276E4E27DF})! Action taken: No Action Taken.
9: Mon Jun 20 19:31:37 2005 => System found infected with MyWebSearch Spyware/Adware ({938AA51A-996C-4884-98CE-80DD16A5C9DA})! Action taken: No Action Taken.
10: Mon Jun 20 19:31:37 2005 => System found infected with MyWebSearch Spyware/Adware ({7473D292-B7BB-4f24-AE82-7E2CE94BB6A9})! Action taken: No Action Taken.
11: Mon Jun 20 19:31:37 2005 => System found infected with MyWebSearch Spyware/Adware ({F42228FB-E84E-479E-B922-FBBD096E792C})! Action taken: No Action Taken.
12: Mon Jun 20 19:31:37 2005 => System found infected with MyWebSearch Spyware/Adware ({7473D290-B7BB-4F24-AE82-7E2CE94BB6A9})! Action taken: No Action Taken.
13: Mon Jun 20 19:31:37 2005 => System found infected with MyWebSearch Spyware/Adware ({29D67D3C-509A-4544-903F-C8C1B8236554})! Action taken: No Action Taken.
14: Mon Jun 20 19:31:37 2005 => System found infected with BearShare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
15: Mon Jun 20 19:31:38 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
16: Mon Jun 20 19:31:38 2005 => System found infected with MyWebSearch Spyware/Adware ({07B18EAA-A523-4961-B6BB-170DE4475CCA})! Action taken: No Action Taken.
17: Mon Jun 20 19:31:38 2005 => System found infected with MyWebSearch Spyware/Adware ({07B18EAC-A523-4961-B6BB-170DE4475CCA})! Action taken: No Action Taken.
18: Mon Jun 20 19:31:38 2005 => System found infected with MyWebSearch Spyware/Adware ({63D0ED2B-B45B-4458-8B3B-60C69BBBD83C})! Action taken: No Action Taken.
19: Mon Jun 20 19:31:38 2005 => System found infected with MyWebSearch Spyware/Adware ({63D0ED2D-B45B-4458-8B3B-60C69BBBD83C})! Action taken: No Action Taken.
20: Mon Jun 20 19:31:38 2005 => System found infected with MyWebSearch Spyware/Adware ({07B18EA0-A523-4961-B6BB-170DE4475CCA})! Action taken: No Action Taken.
21: Mon Jun 20 19:31:38 2005 => System found infected with MyWebSearch Spyware/Adware ({8E6F1830-9607-4440-8530-13BE7C4B1D14})! Action taken: No Action Taken.
22: Mon Jun 20 19:31:38 2005 => System found infected with MyWebSearch Spyware/Adware ({E47CAEE0-DEEA-464A-9326-3F2801535A4D})! Action taken: No Action Taken.
23: Mon Jun 20 20:05:59 2005 => File C:\RECYCLER\NPROTECT\00526151.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus! Action Taken: No Action Taken.
24: Mon Jun 20 20:08:57 2005 => File C:\System Volume Information\_restore{3A17C901-FE76-4014-8506-1D253C92CBED}\RP116\A0047335.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Mon Jun 20 19:38:38 2005 => File C:\WINDOWS\system32\f3PSSavr.scr tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
2: Mon Jun 20 19:41:42 2005 => File C:\Dokumente und Einstellungen\Manuel\Eigene Dateien\Hijackthis\backups\backup-20050620-183025-627.dll tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.e". Action Taken: No Action Taken.
3: Mon Jun 20 19:41:42 2005 => File C:\Dokumente und Einstellungen\Manuel\Eigene Dateien\Hijackthis\backups\backup-20050620-183025-743.dll tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
4: Mon Jun 20 19:53:14 2005 => File C:\Programme\Counterstrike\hltv.exe tagged as not-a-virus:Server-Proxy.Win32.Hltv. No Action Taken.
5: Mon Jun 20 19:55:33 2005 => File C:\Programme\Gamers.IRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken.
6: Mon Jun 20 20:01:54 2005 => File C:\Programme\MyWebSearch\bar\1.bin\F3CJPEG.DLL tagged as "not-a-virus:AdWare.FunWeb.d". Action Taken: No Action Taken.
7: Mon Jun 20 20:01:54 2005 => File C:\Programme\MyWebSearch\bar\1.bin\F3HISTSW.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
8: Mon Jun 20 20:01:54 2005 => File C:\Programme\MyWebSearch\bar\1.bin\F3HTMLMU.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
9: Mon Jun 20 20:01:54 2005 => File C:\Programme\MyWebSearch\bar\1.bin\F3POPSWT.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
10: Mon Jun 20 20:01:54 2005 => File C:\Programme\MyWebSearch\bar\1.bin\F3PSSAVR.SCR tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
11: Mon Jun 20 20:01:54 2005 => File C:\Programme\MyWebSearch\bar\1.bin\F3REPROX.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.e". Action Taken: No Action Taken.
12: Mon Jun 20 20:01:54 2005 => File C:\Programme\MyWebSearch\bar\1.bin\F3RESTUB.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
13: Mon Jun 20 20:01:54 2005 => File C:\Programme\MyWebSearch\bar\1.bin\F3SCHMON.EXE tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
14: Mon Jun 20 20:01:54 2005 => File C:\Programme\MyWebSearch\bar\1.bin\F3SCRCTR.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.j". Action Taken: No Action Taken.
15: Mon Jun 20 20:01:54 2005 => File C:\Programme\MyWebSearch\bar\1.bin\F3WPHOOK.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
16: Mon Jun 20 20:01:54 2005 => File C:\Programme\MyWebSearch\bar\1.bin\M3OUTLCN.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
17: Mon Jun 20 20:01:54 2005 => File C:\Programme\MyWebSearch\bar\1.bin\M3SKIN.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
18: Mon Jun 20 20:01:55 2005 => File C:\Programme\MyWebSearch\bar\1.bin\MWSOEPLG.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.e". Action Taken: No Action Taken.
19: Mon Jun 20 20:01:55 2005 => File C:\Programme\MyWebSearch\bar\1.bin\MWSOESTB.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Mon Jun 20 19:31:29 2005 => ERROR!!! Invalid Entry \??\D:\INSTALL\GMSIPCI.SYS in SYSTEM\CurrentControlSet\Services\GMSIPCI...
2: Mon Jun 20 19:31:29 2005 => ERROR!!! Invalid Entry \??\C:\DOKUME~1\Manuel\LOKALE~1\Temp\gtermddo.sys in SYSTEM\CurrentControlSet\Services\gtermddo...
3: Mon Jun 20 19:31:31 2005 => ERROR!!! Invalid Entry \??\D:\NTACCESS.sys in SYSTEM\CurrentControlSet\Services\NTACCESS...
4: Mon Jun 20 19:31:34 2005 => ERROR!!! Invalid Entry \??\D:\NTGLM7X.sys in SYSTEM\CurrentControlSet\Services\SetupNTGLM7X...
5: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ahead\NeroDigital\settings.xml". Action Taken: No Action Taken.
6: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken.
7: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-cht.nls". Action Taken: No Action Taken.
8: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken.
9: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken.
10: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken.
11: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken.
12: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-kor.nls". Action Taken: No Action Taken.
13: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken.
14: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken.
15: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken.
16: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken.
17: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sve.nls". Action Taken: No Action Taken.
18: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken.
19: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken.
20: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-chs.nls". Action Taken: No Action Taken.
21: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken.
22: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken.
23: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken.
24: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken.
25: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken.
26: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-tha.nls". Action Taken: No Action Taken.
27: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken.
28: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken.
29: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken.
30: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Chs.nls". Action Taken: No Action Taken.
31: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Cht.nls". Action Taken: No Action Taken.
32: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Esp.nls". Action Taken: No Action Taken.
33: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Fra.nls". Action Taken: No Action Taken.
34: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ita.nls". Action Taken: No Action Taken.
35: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Kor.nls". Action Taken: No Action Taken.
36: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Nld.nls". Action Taken: No Action Taken.
37: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: No Action Taken.
38: Mon Jun 20 19:31:52 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_chs.chm". Action Taken: No Action Taken.
39: Mon Jun 20 19:31:53 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_cht.chm". Action Taken: No Action Taken.
40: Mon Jun 20 19:31:53 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_esl.chm". Action Taken: No Action Taken.
41: Mon Jun 20 19:31:53 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_esp.chm". Action Taken: No Action Taken.
42: Mon Jun 20 19:31:53 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Action Taken: No Action Taken.
43: Mon Jun 20 19:31:53 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_ita.chm". Action Taken: No Action Taken.
44: Mon Jun 20 19:31:53 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_jpn.chm". Action Taken: No Action Taken.
45: Mon Jun 20 19:31:53 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_kor.chm". Action Taken: No Action Taken.
46: Mon Jun 20 19:31:53 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_nld.chm". Action Taken: No Action Taken.
47: Mon Jun 20 19:31:53 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_ptg.chm". Action Taken: No Action Taken.
48: Mon Jun 20 19:31:53 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken.
49: Mon Jun 20 19:31:53 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken.
50: Mon Jun 20 19:31:53 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Musicmatch\Musicmatch Jukebox\MMFWCtrl.ocx". Action Taken: No Action Taken.
51: Mon Jun 20 19:31:53 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Musicmatch\Musicmatch Jukebox\MMJBCtrl.ocx". Action Taken: No Action Taken.
52: Mon Jun 20 19:31:53 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Musicmatch\Musicmatch Jukebox\MMRadioEngine.dll". Action Taken: No Action Taken.
53: Mon Jun 20 19:31:54 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\AdobeRGB1998.icc". Action Taken: No Action Taken.
54: Mon Jun 20 19:31:57 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Sierra On-Line\redirect.exe". Action Taken: No Action Taken.
55: Mon Jun 20 19:31:57 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Sierra On-Line\ereg.dll". Action Taken: No Action Taken.
56: Mon Jun 20 19:31:57 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Sierra On-Line\ereg3201.dll". Action Taken: No Action Taken.
57: Mon Jun 20 19:31:57 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Sierra On-Line\Sutil32.exe". Action Taken: No Action Taken.
58: Mon Jun 20 19:31:57 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Sierra On-Line\UtDel32.exe". Action Taken: No Action Taken.
59: Mon Jun 20 19:31:57 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Sierra On-Line\SIGSPat.exe". Action Taken: No Action Taken.
60: Mon Jun 20 19:31:57 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Sierra On-Line\Cpuinf32.dll". Action Taken: No Action Taken.
61: Mon Jun 20 19:31:59 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\AdobePDF.dll". Action Taken: No Action Taken.
62: Mon Jun 20 19:32:01 2005 => Entry "HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}" refers to invalid object "C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL". Action Taken: No Action Taken.
63: Mon Jun 20 19:32:01 2005 => Entry "HKCR\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}" refers to invalid object "C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL". Action Taken: No Action Taken.
64: Mon Jun 20 19:32:01 2005 => Entry "HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}" refers to invalid object "C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL". Action Taken: No Action Taken.
65: Mon Jun 20 19:32:01 2005 => Entry "HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}" refers to invalid object "C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL". Action Taken: No Action Taken.
66: Mon Jun 20 19:32:02 2005 => Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Shell\psicon.dll". Action Taken: No Action Taken.
67: Mon Jun 20 19:32:02 2005 => Entry "HKCR\CLSID\{0C5D39B0-460B-11D4-ADE1-0050DACD3DB9}" refers to invalid object "C:\Programme\Musicmatch\Musicmatch Jukebox\MMRadioEngine.dll". Action Taken: No Action Taken.
68: Mon Jun 20 19:32:03 2005 => Entry "HKCR\CLSID\{1EF2E5CB-646F-4F85-A355-8E328652CA60}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\MMFWCtrl.ocx". Action Taken: No Action Taken.
69: Mon Jun 20 19:32:04 2005 => Entry "HKCR\CLSID\{2294C466-0D91-4689-9762-C1E92CF079BB}" refers to invalid object "C:\Programme\Musicmatch\Musicmatch Jukebox\SkinMgr.dll". Action Taken: No Action Taken.
70: Mon Jun 20 19:32:04 2005 => Entry "HKCR\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\mmjbctrl.ocx". Action Taken: No Action Taken.
71: Mon Jun 20 19:32:04 2005 => Entry "HKCR\CLSID\{23AA6EBD-86AA-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\mmjbctrl.ocx". Action Taken: No Action Taken.
72: Mon Jun 20 19:32:04 2005 => Entry "HKCR\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\MMFWCtrl.ocx". Action Taken: No Action Taken.
73: Mon Jun 20 19:32:06 2005 => Entry "HKCR\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\HHACTI~1.DLL". Action Taken: No Action Taken.
74: Mon Jun 20 19:32:10 2005 => Entry "HKCR\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\mmjbctrl.ocx". Action Taken: No Action Taken.
75: Mon Jun 20 19:32:10 2005 => Entry "HKCR\CLSID\{6B58B5DD-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\mmjbctrl.ocx". Action Taken: No Action Taken.
76: Mon Jun 20 19:32:10 2005 => Entry "HKCR\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\mmjbctrl.ocx". Action Taken: No Action Taken.
77: Mon Jun 20 19:32:10 2005 => Entry "HKCR\CLSID\{6B58B5E1-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\mmjbctrl.ocx". Action Taken: No Action Taken.
78: Mon Jun 20 19:32:10 2005 => Entry "HKCR\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\mmjbctrl.ocx". Action Taken: No Action Taken.
79: Mon Jun 20 19:32:10 2005 => Entry "HKCR\CLSID\{6B58B5E5-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\mmjbctrl.ocx". Action Taken: No Action Taken.
80: Mon Jun 20 19:32:13 2005 => Entry "HKCR\CLSID\{84268CDA-5AE9-409C-94E9-B6FEB4B5A123}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\MMFWCtrl.ocx". Action Taken: No Action Taken.
81: Mon Jun 20 19:32:13 2005 => Entry "HKCR\CLSID\{86FC1FD1-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\Dokumente und Einstellungen\Manuel\Desktop\Neuer Ordner\Erotica Island\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.
82: Mon Jun 20 19:32:13 2005 => Entry "HKCR\CLSID\{86FC1FD3-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\Dokumente und Einstellungen\Manuel\Desktop\Neuer Ordner\Erotica Island\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.
83: Mon Jun 20 19:32:13 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
84: Mon Jun 20 19:32:14 2005 => Entry "HKCR\CLSID\{959F94FD-DD1E-11D2-B559-00105A0422DF}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\HHACTI~1.DLL". Action Taken: No Action Taken.
85: Mon Jun 20 19:32:16 2005 => Entry "HKCR\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\MMFWCtrl.ocx". Action Taken: No Action Taken.
86: Mon Jun 20 19:32:17 2005 => Entry "HKCR\CLSID\{B617F87F-1856-43BC-ADEB-C43922F7A575}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\MMFWCtrl.ocx". Action Taken: No Action Taken.
87: Mon Jun 20 19:32:18 2005 => Entry "HKCR\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\mmjbctrl.ocx". Action Taken: No Action Taken.
88: Mon Jun 20 19:32:19 2005 => Entry "HKCR\CLSID\{CE0E7204-D82C-4273-8A70-919963F4CFE0}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\MMFWCtrl.ocx". Action Taken: No Action Taken.
89: Mon Jun 20 19:32:20 2005 => Entry "HKCR\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\MMFWCtrl.ocx". Action Taken: No Action Taken.
90: Mon Jun 20 19:32:23 2005 => Entry "HKCR\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\MMFWCtrl.ocx". Action Taken: No Action Taken.
91: Mon Jun 20 19:32:23 2005 => Entry "HKCR\CLSID\{F0FDBF9F-63BF-4BFB-A3DB-E7B7FCF3F7DE}" refers to invalid object "C:\Programme\Musicmatch\Musicmatch Jukebox\directorps.dll". Action Taken: No Action Taken.
92: Mon Jun 20 19:32:23 2005 => Entry "HKCR\CLSID\{F1DD8F2C-1A49-40F0-9649-ACB3AB7AF86A}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\MMFWCtrl.ocx". Action Taken: No Action Taken.
93: Mon Jun 20 19:32:24 2005 => Entry "HKCR\CLSID\{FACF11A2-5095-11D3-A9DE-00C0268E5C48}" refers to invalid object "C:\Dokumente und Einstellungen\Manuel\Desktop\Neuer Ordner\Erotica Island\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.
94: Mon Jun 20 19:32:24 2005 => Entry "HKCR\CLSID\{FB215E25-F536-4B36-8262-ECF59601FAC1}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~1\MMFWCtrl.ocx". Action Taken: No Action Taken.
95: Mon Jun 20 19:32:33 2005 => Entry "HKCR\CertificateAuthority.Intel" refers to invalid object "{69EB43D3-51F6-7044-5181-B5B235ABAF75}". Action Taken: No Action Taken.
96: Mon Jun 20 19:32:34 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
97: Mon Jun 20 19:32:34 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
98: Mon Jun 20 19:32:39 2005 => Entry "HKCR\ICQVideoControl.ICQVideoControl.1" refers to invalid object "{53B8B406-42E4-4dd3-96E7-9DEC8CEB3DD8}". Action Taken: No Action Taken.
99: Mon Jun 20 19:32:39 2005 => Entry "HKCR\ICQVideoControl.MCVideoWindow" refers to invalid object "{D7A4D8FB-83F0-40e5-954F-88F48D15AE96}". Action Taken: No Action Taken.
100: Mon Jun 20 19:32:39 2005 => Entry "HKCR\ICQVideoControl.MCVideoWindow.1" refers to invalid object "{D7A4D8FB-83F0-40e5-954F-88F48D15AE96}". Action Taken: No Action Taken.
101: Mon Jun 20 19:32:41 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
102: Mon Jun 20 19:32:41 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
103: Mon Jun 20 19:32:41 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
104: Mon Jun 20 19:32:51 2005 => Entry "HKCR\SevenZip" refers to invalid object "{23170F69-40C1-278A-1000-000100020000}". Action Taken: No Action Taken.
105: Mon Jun 20 19:32:51 2005 => Entry "HKCR\SevenZip.1" refers to invalid object "{23170F69-40C1-278A-1000-000100020000}". Action Taken: No Action Taken.
106: Mon Jun 20 19:32:52 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
107: Mon Jun 20 19:53:49 2005 => Result: ERROR!!! File C:\Programme\eMule.de\Incoming\unreal.tournament.2004.bloodpatch.german_www.goldesel.to.rar is Not Scanned

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\Programme\Counterstrike\hltv.exe => tagged:Server-Proxy.Win32.Hltv.
2: C:\Programme\Gamers.IRC\mirc.exe => tagged:Client-IRC.Win32.mIRC.14.
3: C:\RECYCLER\NPROTECT\00526151.exe => Trojan-Downloader.Win32.IstBar.ij
4: C:\System Volume Information\_restore{3A17C901-FE76-4014-8506-1D253C92CBED}\RP116\A0047335.exe => Trojan-Downloader.Win32.IstBar.gen

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Mon Jun 20 20:11:03 2005 => Total Objects Scanned: 73115
Mon Jun 20 20:11:03 2005 => Total Virus(es) Found: 50
Mon Jun 20 20:11:03 2005 => Total Errors: 107
Mon Jun 20 20:11:03 2005 => Virus Database Date: 2005/06/20
Mon Jun 20 20:11:03 2005 => Virus Database Count: 135552
Mon Jun 20 20:11:06 2005 => Total Objects Scanned: 73115
Mon Jun 20 20:11:06 2005 => Total Virus(es) Found: 50
Mon Jun 20 20:11:06 2005 => Total Errors: 107

von **Nikita** am 21.06.2005, 00:00

•KillBox
http://bilder.informationsarchiv.net/Ni ... illBox.zip
Anleitung: (bebildert)
http://nikita.eddys-domain.de/killbox.html

•Delete File on Reboot <--anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

C:\RECYCLER\NPROTECT\00526151.exe
C:\WINDOWS\system32\f3PSSavr.scr
C:\Dokumente und Einstellungen\Manuel\Eigene Dateien\Hijackthis\backups\backup-20050620-183025-627.dll
C:\Dokumente und Einstellungen\Manuel\Eigene Dateien\Hijackthis\backups\backup-20050620-183025-743.dll
C:\System Volume Information\_restore{3A17C901-FE76-4014-8506-1D253C92CBED}\RP116\A0047335.exe
C:\Programme\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Programme\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Programme\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Programme\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Programme\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Programme\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Programme\MyWebSearch\bar\1.bin\MWSOESTB.DLL

PC neustarten

#Alternativbrowser zum IE
Firefox
http://www.firefox-browser.de/windows.php
http://www.mozilla-europe.org/de/
Installation+Konfiguration Firefox
http://www.pcwelt.de/know-how/software/ ... ndex1.html

#TuneUp2004 (30 Tage free)
http://nikita.eddys-domain.de/reinigung ... istry.html
Cleanup repair -->TuneUp Diskcleaner
Cleanup repair -->Registry Cleaner

von **Acez** am 21.06.2005, 10:01

Ok, hab alles gemacht, anstatt IE benutze ich eigentlich immer Opera.
Vielen Dank für die schnelle und kompetente Hilfe!

Gruß Ace

istsvc.exe (Spyware) kann nicht gelöscht werden

istsvc.exe (Spyware) kann nicht gelöscht werden

Ähnliche Themen

Wer ist online?