dies wird auf meinem desktop angezeigt, wenn ich mit der rechten maustaste auf den desktop klicke kann ich nur noch die reiter "Bildschrimschoner" und "Einstellungen" aufrufen.
der verlauf des internet explorers wird dauernd gelöscht und ansonsten findet kaspersky immer einen virus in "wininet.dll" im system 32 ordner.
hier ist mein log:
Logfile of HijackThis v1.99.1
Scan saved at 01:39:59, on 25.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Dokumente und Einstellungen\Michael\Desktop\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programme\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Microsoft Messenger XP] MSMSN32.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-24.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
bitte sagt mir was ich tun muss, damit mein pc wieder ordnungsgemäß funktioniert.
Warum kostenlos registrieren?
Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.
Login
warning - your computer might be infected with spyware or ad
10 Beiträge • Seite 1 von 1
von Yourhighness am 25.07.2005, 06:32
Hi!
Fixe mit:
O4 - HKLM\..\Run: [Microsoft Messenger XP] MSMSN32.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
NEUSTART
KILLBOX:
http://yourhighness.eddys-domain.de/killbox.html
Du hast einen Trojaner der als Desktop Hijacker fungiert. Mache bitte noch einen Escancheck:
http://nikita.eddys-domain.de/escan.html
MfG,
Fixe mit:
O4 - HKLM\..\Run: [Microsoft Messenger XP] MSMSN32.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
NEUSTART
KILLBOX:
http://yourhighness.eddys-domain.de/killbox.html
Du hast einen Trojaner der als Desktop Hijacker fungiert. Mache bitte noch einen Escancheck:
http://nikita.eddys-domain.de/escan.html
MfG,
- Yourhighness
von Yourhighness am 25.07.2005, 17:24
@!???!
Mache bitte erst mal den Escan, da es auch ein desktophijacker sein kann. Genaueres sehen wir ja dann...
MfG,
Mache bitte erst mal den Escan, da es auch ein desktophijacker sein kann. Genaueres sehen wir ja dann...
MfG,
- Yourhighness
von !???! am 25.07.2005, 22:19
--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------
1: Mon Jul 25 20:43:32 2005 => File C:\WINDOWS\System32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
2: Mon Jul 25 20:43:33 2005 => File C:\WINDOWS\System32\wininet.rar infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
3: Mon Jul 25 20:45:26 2005 => Scanning File C:\Dokumente und Einstellungen\Michael\Favoriten\roter kreis in taskleiste mit 'your computer is infected'.url [**]
4: Mon Jul 25 20:45:26 2005 => Scanning File C:\Dokumente und Einstellungen\Michael\Favoriten\warning - your computer might be infected with spyware or ad.url [**]
5: Mon Jul 25 20:50:45 2005 => Scanning File C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\Infected.wav [**]
6: Mon Jul 25 20:57:19 2005 => File C:\System Volume Information\_restore{2AB08D44-9C84-480C-9979-81B81BE6F7B1}\RP155\A0210199.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
7: Mon Jul 25 21:22:55 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
8: Mon Jul 25 21:22:55 2005 => File C:\WINDOWS\system32\wininet.rar infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------
1: Mon Jul 25 20:45:16 2005 => File C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Downloads\Programs\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
2: Mon Jul 25 20:47:57 2005 => File C:\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
3: Mon Jul 25 20:58:08 2005 => File C:\System Volume Information\_restore{2AB08D44-9C84-480C-9979-81B81BE6F7B1}\RP155\A0211440.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
4: Mon Jul 25 21:00:12 2005 => File C:\System Volume Information\_restore{2AB08D44-9C84-480C-9979-81B81BE6F7B1}\RP155\A0213357.dll tagged as "not-a-virus:AdWare.Banex.a". Action Taken: No Action Taken.
5: Mon Jul 25 21:09:04 2005 => File C:\System Volume Information\_restore{2AB08D44-9C84-480C-9979-81B81BE6F7B1}\RP155\A0223708.dll tagged as "not-a-virus:AdWare.Banex.a". Action Taken: No Action Taken.
--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------
1: Mon Jul 25 19:11:47 2005 => ERROR!!! Invalid Entry RegSvr32 = C:\WINDOWS\System32\msmsgs.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
2: Mon Jul 25 19:11:47 2005 => ERROR!!! Invalid Entry pcEXPLODE = specialfile.exe (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
3: Mon Jul 25 19:11:47 2005 => ERROR!!! Invalid Entry Microsoft Messenger XP = MSMSN32.exe (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
4: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken.
5: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-cht.nls". Action Taken: No Action Taken.
6: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken.
7: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken.
8: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken.
9: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken.
10: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-kor.nls". Action Taken: No Action Taken.
11: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken.
12: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken.
13: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken.
14: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken.
15: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken.
16: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken.
17: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-chs.nls". Action Taken: No Action Taken.
18: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken.
19: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken.
20: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken.
21: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken.
22: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken.
23: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-tha.nls". Action Taken: No Action Taken.
24: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken.
25: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken.
26: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken.
27: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Chs.nls". Action Taken: No Action Taken.
28: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Cht.nls". Action Taken: No Action Taken.
29: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Esp.nls". Action Taken: No Action Taken.
30: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Fra.nls". Action Taken: No Action Taken.
31: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ita.nls". Action Taken: No Action Taken.
32: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken.
33: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Kor.nls". Action Taken: No Action Taken.
34: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Nld.nls". Action Taken: No Action Taken.
35: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: No Action Taken.
36: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\pxwma.dll". Action Taken: No Action Taken.
37: Mon Jul 25 19:12:05 2005 => Entry "HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" refers to invalid object "C:\Programme\Internet Download Manager\IDMIECC.dll". Action Taken: No Action Taken.
38: Mon Jul 25 19:12:05 2005 => Entry "HKCR\CLSID\{03DD44A4-30AD-4CBB-BFAF-D65D3AB6FD2B}" refers to invalid object "C:\Programme\Internet Download Manager\nnprotocol.dll". Action Taken: No Action Taken.
39: Mon Jul 25 19:12:05 2005 => Entry "HKCR\CLSID\{04F3168F-5AFC-4531-B3B4-16CA93720415}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
40: Mon Jul 25 19:12:06 2005 => Entry "HKCR\CLSID\{187A8428-BD94-470D-A178-A2347F940519}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
41: Mon Jul 25 19:12:07 2005 => Entry "HKCR\CLSID\{2865930B-4588-4FF3-8227-6D4F66C92C7A}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
42: Mon Jul 25 19:12:07 2005 => Entry "HKCR\CLSID\{2B7E6AA9-C4FA-4951-815B-4AFE39D81453}" refers to invalid object "C:\Programme\Messenger\msgsc.dll". Action Taken: No Action Taken.
43: Mon Jul 25 19:12:07 2005 => Entry "HKCR\CLSID\{2FE2EDC0-9E62-4F34-8A73-BC66DAE48EF3}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
44: Mon Jul 25 19:12:08 2005 => Entry "HKCR\CLSID\{36A59337-6EEF-40AE-94B1-ED443A0C4740}" refers to invalid object "C:\WINDOWS\banner.dll". Action Taken: No Action Taken.
45: Mon Jul 25 19:12:08 2005 => Entry "HKCR\CLSID\{3A3A8C24-8FF0-4140-9731-54D9483EA70B}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
46: Mon Jul 25 19:12:08 2005 => Entry "HKCR\CLSID\{3A906593-B4BD-48ED-84B0-3249BED65EF9}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
47: Mon Jul 25 19:12:08 2005 => Entry "HKCR\CLSID\{49B72A72-01F5-4AE8-BBD7-DAA67F1E303B}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
48: Mon Jul 25 19:12:09 2005 => Entry "HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" refers to invalid object "C:\Programme\Internet Download Manager\downlWithIDM.dll". Action Taken: No Action Taken.
49: Mon Jul 25 19:12:09 2005 => Entry "HKCR\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" refers to invalid object "C:\Programme\Internet Download Manager\IDMGetAll.dll". Action Taken: No Action Taken.
50: Mon Jul 25 19:12:10 2005 => Entry "HKCR\CLSID\{6AE3ACA6-1BE3-4443-98DD-EFFCFA793D35}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
51: Mon Jul 25 19:12:10 2005 => Entry "HKCR\CLSID\{6D16CB65-1F8E-47ad-AD83-33338667CEAB}" refers to invalid object "C:\Programme\Gemeinsame Dateien\XCPCSync\XCPCSync.dll". Action Taken: No Action Taken.
52: Mon Jul 25 19:12:11 2005 => Entry "HKCR\CLSID\{787DEC39-69D0-40B3-B173-E0411C59B300}" refers to invalid object "C:\Programme\PSGuard\WndLayer.dll". Action Taken: No Action Taken.
53: Mon Jul 25 19:12:11 2005 => Entry "HKCR\CLSID\{79DDF2EF-D881-464B-B2AF-5AF8816A3964}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
54: Mon Jul 25 19:12:11 2005 => Entry "HKCR\CLSID\{813C8E86-4C90-4617-B59E-E130CC068140}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
55: Mon Jul 25 19:12:12 2005 => Entry "HKCR\CLSID\{89133BCE-57D0-4D2B-AFAF-A97B74AD704E}" refers to invalid object "C:\Programme\PSGuard\WndLayer.dll". Action Taken: No Action Taken.
56: Mon Jul 25 19:12:12 2005 => Entry "HKCR\CLSID\{8F40CC34-FE77-4618-AA3D-BD2EFACAA8DC}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
57: Mon Jul 25 19:12:12 2005 => Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken.
58: Mon Jul 25 19:12:12 2005 => Entry "HKCR\CLSID\{9F89E240-06A6-4E1C-BA84-F267DE7DB391}" refers to invalid object "C:\Programme\PSGuard\WndLayer.dll". Action Taken: No Action Taken.
59: Mon Jul 25 19:12:13 2005 => Entry "HKCR\CLSID\{B60A0E56-548D-40AE-9383-D752531F653F}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
60: Mon Jul 25 19:12:13 2005 => Entry "HKCR\CLSID\{B67B0756-2528-4996-B4BD-C993614CC0B6}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
61: Mon Jul 25 19:12:14 2005 => Entry "HKCR\CLSID\{BCC51EA9-6340-4EBE-8736-13A752ECB0BE}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
62: Mon Jul 25 19:12:16 2005 => Entry "HKCR\CLSID\{daa873d4-958c-453c-81ca-3fe6f3676a87}" refers to invalid object "C:\WINDOWS\System32:vnaa.dll". Action Taken: No Action Taken.
63: Mon Jul 25 19:12:17 2005 => Entry "HKCR\CLSID\{E9719D38-EC55-4C8B-9DF0-080ADE95A9FA}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
64: Mon Jul 25 19:12:18 2005 => Entry "HKCR\CLSID\{F4B3E25A-33B4-4647-9A78-B627DDE211A6}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
65: Mon Jul 25 19:12:27 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
66: Mon Jul 25 19:12:27 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
67: Mon Jul 25 19:12:27 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
68: Mon Jul 25 19:12:33 2005 => Entry "HKCR\Voice-It File Object" refers to invalid object "{CA100010-2543-11D2-B012-0060088DC929}". Action Taken: No Action Taken.
69: Mon Jul 25 19:12:33 2005 => Entry "HKCR\Voice-It Live Audio" refers to invalid object "{CA100011-2543-11D2-B012-0060088DC929}". Action Taken: No Action Taken.
70: Mon Jul 25 20:44:33 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AbetterInternet.zip is Not Scanned
71: Mon Jul 25 20:44:33 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AbetterInternet1.zip is Not Scanned
72: Mon Jul 25 20:44:33 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip is Not Scanned
73: Mon Jul 25 20:45:37 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Temp\PSGuardInstall.exe is Not Scanned
--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------
1: C:\WINDOWS\System32\wininet.dll => Virus.Win32.Nsag.b
2: C:\WINDOWS\System32\wininet.rar => Virus.Win32.Nsag.b
3: C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Downloads\Programs\mirc616.exe => tagged:Client-IRC.Win32.mIRC.616.
4: C:\Dokumente und Einstellungen\Michael\Favoriten\warning - your computer might be =>
5: C:\mIRC\mirc.exe => tagged:Client-IRC.Win32.mIRC.616.
6: C:\System Volume Information\_restore{2AB08D44-9C84-480C-9979-81B81BE6F7B1}\RP155\A0210199.dll => Virus.Win32.Nsag.b
7: C:\System Volume Information\_restore{2AB08D44-9C84-480C-9979-81B81BE6F7B1}\RP155\A0211440.exe => tagged:Client-IRC.Win32.mIRC.616.
8: C:\WINDOWS\system32\wininet.dll => Virus.Win32.Nsag.b
9: C:\WINDOWS\system32\wininet.rar => Virus.Win32.Nsag.b
--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------
Mon Jul 25 21:26:21 2005 => Total Objects Scanned: 63630
Mon Jul 25 21:26:21 2005 => Total Virus(es) Found: 11
Mon Jul 25 21:26:21 2005 => Total Errors: 73
Mon Jul 25 21:26:21 2005 => Virus Database Date: 2005/07/25
Mon Jul 25 21:26:21 2005 => Virus Database Count: 139835
hab jetzt mal alles gepostet, da ich mich mit dem escan noch net so auskenne und nicht auf anhieb sehe was wichtig ist.
die wininet.dll hab ich schon 3 mal gelöscht, die taucht aber immer wieder auf.
-------------------- INFECTED --------------------
--------------------------------------------------
1: Mon Jul 25 20:43:32 2005 => File C:\WINDOWS\System32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
2: Mon Jul 25 20:43:33 2005 => File C:\WINDOWS\System32\wininet.rar infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
3: Mon Jul 25 20:45:26 2005 => Scanning File C:\Dokumente und Einstellungen\Michael\Favoriten\roter kreis in taskleiste mit 'your computer is infected'.url [**]
4: Mon Jul 25 20:45:26 2005 => Scanning File C:\Dokumente und Einstellungen\Michael\Favoriten\warning - your computer might be infected with spyware or ad.url [**]
5: Mon Jul 25 20:50:45 2005 => Scanning File C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\Infected.wav [**]
6: Mon Jul 25 20:57:19 2005 => File C:\System Volume Information\_restore{2AB08D44-9C84-480C-9979-81B81BE6F7B1}\RP155\A0210199.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
7: Mon Jul 25 21:22:55 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
8: Mon Jul 25 21:22:55 2005 => File C:\WINDOWS\system32\wininet.rar infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------
1: Mon Jul 25 20:45:16 2005 => File C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Downloads\Programs\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
2: Mon Jul 25 20:47:57 2005 => File C:\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
3: Mon Jul 25 20:58:08 2005 => File C:\System Volume Information\_restore{2AB08D44-9C84-480C-9979-81B81BE6F7B1}\RP155\A0211440.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
4: Mon Jul 25 21:00:12 2005 => File C:\System Volume Information\_restore{2AB08D44-9C84-480C-9979-81B81BE6F7B1}\RP155\A0213357.dll tagged as "not-a-virus:AdWare.Banex.a". Action Taken: No Action Taken.
5: Mon Jul 25 21:09:04 2005 => File C:\System Volume Information\_restore{2AB08D44-9C84-480C-9979-81B81BE6F7B1}\RP155\A0223708.dll tagged as "not-a-virus:AdWare.Banex.a". Action Taken: No Action Taken.
--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------
1: Mon Jul 25 19:11:47 2005 => ERROR!!! Invalid Entry RegSvr32 = C:\WINDOWS\System32\msmsgs.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
2: Mon Jul 25 19:11:47 2005 => ERROR!!! Invalid Entry pcEXPLODE = specialfile.exe (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
3: Mon Jul 25 19:11:47 2005 => ERROR!!! Invalid Entry Microsoft Messenger XP = MSMSN32.exe (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
4: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken.
5: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-cht.nls". Action Taken: No Action Taken.
6: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken.
7: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken.
8: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken.
9: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken.
10: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-kor.nls". Action Taken: No Action Taken.
11: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken.
12: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken.
13: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken.
14: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken.
15: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken.
16: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken.
17: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-chs.nls". Action Taken: No Action Taken.
18: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken.
19: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken.
20: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken.
21: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken.
22: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken.
23: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-tha.nls". Action Taken: No Action Taken.
24: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken.
25: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken.
26: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken.
27: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Chs.nls". Action Taken: No Action Taken.
28: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Cht.nls". Action Taken: No Action Taken.
29: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Esp.nls". Action Taken: No Action Taken.
30: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Fra.nls". Action Taken: No Action Taken.
31: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ita.nls". Action Taken: No Action Taken.
32: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken.
33: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Kor.nls". Action Taken: No Action Taken.
34: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Nld.nls". Action Taken: No Action Taken.
35: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: No Action Taken.
36: Mon Jul 25 19:12:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\pxwma.dll". Action Taken: No Action Taken.
37: Mon Jul 25 19:12:05 2005 => Entry "HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" refers to invalid object "C:\Programme\Internet Download Manager\IDMIECC.dll". Action Taken: No Action Taken.
38: Mon Jul 25 19:12:05 2005 => Entry "HKCR\CLSID\{03DD44A4-30AD-4CBB-BFAF-D65D3AB6FD2B}" refers to invalid object "C:\Programme\Internet Download Manager\nnprotocol.dll". Action Taken: No Action Taken.
39: Mon Jul 25 19:12:05 2005 => Entry "HKCR\CLSID\{04F3168F-5AFC-4531-B3B4-16CA93720415}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
40: Mon Jul 25 19:12:06 2005 => Entry "HKCR\CLSID\{187A8428-BD94-470D-A178-A2347F940519}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
41: Mon Jul 25 19:12:07 2005 => Entry "HKCR\CLSID\{2865930B-4588-4FF3-8227-6D4F66C92C7A}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
42: Mon Jul 25 19:12:07 2005 => Entry "HKCR\CLSID\{2B7E6AA9-C4FA-4951-815B-4AFE39D81453}" refers to invalid object "C:\Programme\Messenger\msgsc.dll". Action Taken: No Action Taken.
43: Mon Jul 25 19:12:07 2005 => Entry "HKCR\CLSID\{2FE2EDC0-9E62-4F34-8A73-BC66DAE48EF3}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
44: Mon Jul 25 19:12:08 2005 => Entry "HKCR\CLSID\{36A59337-6EEF-40AE-94B1-ED443A0C4740}" refers to invalid object "C:\WINDOWS\banner.dll". Action Taken: No Action Taken.
45: Mon Jul 25 19:12:08 2005 => Entry "HKCR\CLSID\{3A3A8C24-8FF0-4140-9731-54D9483EA70B}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
46: Mon Jul 25 19:12:08 2005 => Entry "HKCR\CLSID\{3A906593-B4BD-48ED-84B0-3249BED65EF9}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
47: Mon Jul 25 19:12:08 2005 => Entry "HKCR\CLSID\{49B72A72-01F5-4AE8-BBD7-DAA67F1E303B}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
48: Mon Jul 25 19:12:09 2005 => Entry "HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" refers to invalid object "C:\Programme\Internet Download Manager\downlWithIDM.dll". Action Taken: No Action Taken.
49: Mon Jul 25 19:12:09 2005 => Entry "HKCR\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" refers to invalid object "C:\Programme\Internet Download Manager\IDMGetAll.dll". Action Taken: No Action Taken.
50: Mon Jul 25 19:12:10 2005 => Entry "HKCR\CLSID\{6AE3ACA6-1BE3-4443-98DD-EFFCFA793D35}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
51: Mon Jul 25 19:12:10 2005 => Entry "HKCR\CLSID\{6D16CB65-1F8E-47ad-AD83-33338667CEAB}" refers to invalid object "C:\Programme\Gemeinsame Dateien\XCPCSync\XCPCSync.dll". Action Taken: No Action Taken.
52: Mon Jul 25 19:12:11 2005 => Entry "HKCR\CLSID\{787DEC39-69D0-40B3-B173-E0411C59B300}" refers to invalid object "C:\Programme\PSGuard\WndLayer.dll". Action Taken: No Action Taken.
53: Mon Jul 25 19:12:11 2005 => Entry "HKCR\CLSID\{79DDF2EF-D881-464B-B2AF-5AF8816A3964}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
54: Mon Jul 25 19:12:11 2005 => Entry "HKCR\CLSID\{813C8E86-4C90-4617-B59E-E130CC068140}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
55: Mon Jul 25 19:12:12 2005 => Entry "HKCR\CLSID\{89133BCE-57D0-4D2B-AFAF-A97B74AD704E}" refers to invalid object "C:\Programme\PSGuard\WndLayer.dll". Action Taken: No Action Taken.
56: Mon Jul 25 19:12:12 2005 => Entry "HKCR\CLSID\{8F40CC34-FE77-4618-AA3D-BD2EFACAA8DC}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
57: Mon Jul 25 19:12:12 2005 => Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken.
58: Mon Jul 25 19:12:12 2005 => Entry "HKCR\CLSID\{9F89E240-06A6-4E1C-BA84-F267DE7DB391}" refers to invalid object "C:\Programme\PSGuard\WndLayer.dll". Action Taken: No Action Taken.
59: Mon Jul 25 19:12:13 2005 => Entry "HKCR\CLSID\{B60A0E56-548D-40AE-9383-D752531F653F}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
60: Mon Jul 25 19:12:13 2005 => Entry "HKCR\CLSID\{B67B0756-2528-4996-B4BD-C993614CC0B6}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
61: Mon Jul 25 19:12:14 2005 => Entry "HKCR\CLSID\{BCC51EA9-6340-4EBE-8736-13A752ECB0BE}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
62: Mon Jul 25 19:12:16 2005 => Entry "HKCR\CLSID\{daa873d4-958c-453c-81ca-3fe6f3676a87}" refers to invalid object "C:\WINDOWS\System32:vnaa.dll". Action Taken: No Action Taken.
63: Mon Jul 25 19:12:17 2005 => Entry "HKCR\CLSID\{E9719D38-EC55-4C8B-9DF0-080ADE95A9FA}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
64: Mon Jul 25 19:12:18 2005 => Entry "HKCR\CLSID\{F4B3E25A-33B4-4647-9A78-B627DDE211A6}" refers to invalid object "C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
65: Mon Jul 25 19:12:27 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
66: Mon Jul 25 19:12:27 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
67: Mon Jul 25 19:12:27 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
68: Mon Jul 25 19:12:33 2005 => Entry "HKCR\Voice-It File Object" refers to invalid object "{CA100010-2543-11D2-B012-0060088DC929}". Action Taken: No Action Taken.
69: Mon Jul 25 19:12:33 2005 => Entry "HKCR\Voice-It Live Audio" refers to invalid object "{CA100011-2543-11D2-B012-0060088DC929}". Action Taken: No Action Taken.
70: Mon Jul 25 20:44:33 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AbetterInternet.zip is Not Scanned
71: Mon Jul 25 20:44:33 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AbetterInternet1.zip is Not Scanned
72: Mon Jul 25 20:44:33 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip is Not Scanned
73: Mon Jul 25 20:45:37 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Temp\PSGuardInstall.exe is Not Scanned
--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------
1: C:\WINDOWS\System32\wininet.dll => Virus.Win32.Nsag.b
2: C:\WINDOWS\System32\wininet.rar => Virus.Win32.Nsag.b
3: C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Downloads\Programs\mirc616.exe => tagged:Client-IRC.Win32.mIRC.616.
4: C:\Dokumente und Einstellungen\Michael\Favoriten\warning - your computer might be =>
5: C:\mIRC\mirc.exe => tagged:Client-IRC.Win32.mIRC.616.
6: C:\System Volume Information\_restore{2AB08D44-9C84-480C-9979-81B81BE6F7B1}\RP155\A0210199.dll => Virus.Win32.Nsag.b
7: C:\System Volume Information\_restore{2AB08D44-9C84-480C-9979-81B81BE6F7B1}\RP155\A0211440.exe => tagged:Client-IRC.Win32.mIRC.616.
8: C:\WINDOWS\system32\wininet.dll => Virus.Win32.Nsag.b
9: C:\WINDOWS\system32\wininet.rar => Virus.Win32.Nsag.b
--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------
Mon Jul 25 21:26:21 2005 => Total Objects Scanned: 63630
Mon Jul 25 21:26:21 2005 => Total Virus(es) Found: 11
Mon Jul 25 21:26:21 2005 => Total Errors: 73
Mon Jul 25 21:26:21 2005 => Virus Database Date: 2005/07/25
Mon Jul 25 21:26:21 2005 => Virus Database Count: 139835
hab jetzt mal alles gepostet, da ich mich mit dem escan noch net so auskenne und nicht auf anhieb sehe was wichtig ist.
die wininet.dll hab ich schon 3 mal gelöscht, die taucht aber immer wieder auf.
- !???!
- Beiträge: 7
- Registriert: 25.07.2005, 01:44
von Yourhighness am 25.07.2005, 22:25
Hi!
Gehe in den Escancheck --> Datei --> Escanlog einfügen --> MWAV.LOG auswählen
Vor diese Dateien ein Häckchen setzen und dann unten rechts auf "Delete files" klicken. Nun sollten die Dateien gelöscht sein.
+++++++++++++++++++++++++++++++
Deaktiviere die Systemwiederherstellung (aktiviere Sie wieder nach der Säuberung)
+++++++++++++++++++++++++++++++
Lade Dir Tuneup2004 und RegSupreme und säubere deine Registry
Dann scanne noch mal mit Escancheck und es sollten keine Einträge mehr da sein
MfG,
Gehe in den Escancheck --> Datei --> Escanlog einfügen --> MWAV.LOG auswählen
1: C:\WINDOWS\System32\wininet.dll => Virus.Win32.Nsag.b
2: C:\WINDOWS\System32\wininet.rar => Virus.Win32.Nsag.b
3: C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Downloads\Programs\mirc616.exe => tagged:Client-IRC.Win32.mIRC.616.
4: C:\Dokumente und Einstellungen\Michael\Favoriten\warning - your computer might be =>
5: C:\mIRC\mirc.exe => tagged:Client-IRC.Win32.mIRC.616.
6: C:\System Volume Information\_restore{2AB08D44-9C84-480C-9979-81B81BE6F7B1}\RP155\A0210199.dll => Virus.Win32.Nsag.b
7: C:\System Volume Information\_restore{2AB08D44-9C84-480C-9979-81B81BE6F7B1}\RP155\A0211440.exe => tagged:Client-IRC.Win32.mIRC.616.
8: C:\WINDOWS\system32\wininet.dll => Virus.Win32.Nsag.b
9: C:\WINDOWS\system32\wininet.rar => Virus.Win32.Nsag.b
Vor diese Dateien ein Häckchen setzen und dann unten rechts auf "Delete files" klicken. Nun sollten die Dateien gelöscht sein.
+++++++++++++++++++++++++++++++
Deaktiviere die Systemwiederherstellung (aktiviere Sie wieder nach der Säuberung)
+++++++++++++++++++++++++++++++
Lade Dir Tuneup2004 und RegSupreme und säubere deine Registry
Dann scanne noch mal mit Escancheck und es sollten keine Einträge mehr da sein
MfG,
- Yourhighness
von !???! am 26.07.2005, 17:32
jetzt schauts fast so aus, als ob alle viren behoben wären nur der in der wininet.dll nicht. wie kann ich denn den noch einfach beheben??
die anleitungen die ich bis jetzt gefunden habe sind ziemlich kompliziert!!
die anleitungen die ich bis jetzt gefunden habe sind ziemlich kompliziert!!
- !???!
- Beiträge: 7
- Registriert: 25.07.2005, 01:44
von Yourhighness am 26.07.2005, 18:15
Nun ja, Du kannst die Datei mit der Killbox löschen....
http://yourhighness.eddys-domain.de/killbox.html
MfG,
http://yourhighness.eddys-domain.de/killbox.html
MfG,
- Yourhighness
von !???! am 27.07.2005, 01:14
Yourhighness hat geschrieben:Nun ja, Du kannst die Datei mit der Killbox löschen....
http://yourhighness.eddys-domain.de/killbox.html
MfG,
das hab ich schon 3 mal gemacht, mit dem ergebniss da er immer noch da ist!
das ist ein hartnäckiges problem.
- !???!
- Beiträge: 7
- Registriert: 25.07.2005, 01:44
von Yourhighness am 27.07.2005, 06:09
Hi!
1 ) Du must unbedingt
2 ) Das mit der Killbox MUSS funktionieren. Hast Du auch alles gemacht, was in der Anleitung beschrieben wird (DELETE ON REBOOT) angetickt?
3 ) Deaktiviere die Systemwiederherstellung (aktiviere nach der Säuberung wieder)
4 ) Säubere die Registry
MfG,
1 ) Du must unbedingt
PSGuard deinstallieren!!!"C:\Programme\PSGuard\AVECore.dll". Action Taken: No Action Taken.
2 ) Das mit der Killbox MUSS funktionieren. Hast Du auch alles gemacht, was in der Anleitung beschrieben wird (DELETE ON REBOOT) angetickt?
3 ) Deaktiviere die Systemwiederherstellung (aktiviere nach der Säuberung wieder)
4 ) Säubere die Registry
MfG,
- Yourhighness
10 Beiträge • Seite 1 von 1
Ähnliche Themen
| Computer-Forum nimmt Betrieb auf Forum: Aktuelles und News (hier sind die Forenregeln) Autor: Computerdirk Antworten: |
Computer geht net selbst aus!! Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
Computer langsamer - Virenscanner? Forum: Software-Hilfe Autor: maus Antworten: |
Vernetzung zweier Computer mal ganz einfach Forum: Software-Hilfe Autor: Anonymous Antworten: |
Computer macht sich selbstständig..!? Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste