hey ihr
ich hab ein spyware problem, bekomm es aber auch nicht so richtig in den griff ich hoffe ihr könnt mir helfen..danke schonmal
hier der logfile von hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 21:55:59, on 27.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Ti4gTWlydHNjaGlu\command.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\N3E98~1.MIR\LOKALE~1\Temp\Rar$EX00.031\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.germania-freund-damen.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant ... gn=efc0605
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Baby, ich liebe dich.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: WhoisAssistant - {1153C29A-2A1C-12E3-A2A3-00D1A2F21300} - C:\Programme\WhoisAssistant\WhoisAssistantDirect.exe
O9 - Extra 'Tools' menuitem: &WhoisAssistant starten - {1153C29A-2A1C-12E3-A2A3-00D1A2F21300} - C:\Programme\WhoisAssistant\WhoisAssistantDirect.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 1577123921
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3782305953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - file://C:\Programme\NavStudio\program\comdlg32.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\enj8l11u1.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programme\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Ti4gTWlydHNjaGlu\command.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Warum kostenlos registrieren?
Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.
Login
spyware probleme bitte um hilfe
8 Beiträge • Seite 1 von 1
von Holy Marcell am 03.11.2005, 20:59
Hallo? Ich brauche wirklich mehr Zeit !?
Es herrscht Expertenmangel! Die anderen müssen auch warten!
Du hast eine L2m infizierung und noch einigen anderen crap:
Abarbeiten und 2 Logs posten:
http://virus-protect.net/l2mfix.html
======================
Lade dir Ewido, Scanne, poste den Report und deinsatlliere es nach getaener Arbeit (Virenentfernung)
http://virus-protect.net/ewido.html
========================
Es herrscht Expertenmangel! Die anderen müssen auch warten!
Du hast eine L2m infizierung und noch einigen anderen crap:
Abarbeiten und 2 Logs posten:
http://virus-protect.net/l2mfix.html
======================
Lade dir Ewido, Scanne, poste den Report und deinsatlliere es nach getaener Arbeit (Virenentfernung)
http://virus-protect.net/ewido.html
========================
- Holy Marcell
von Nadin_20 am 08.11.2005, 19:43
hallo
okee, sorry, ich will nur nicht alles formatieren müssen...sorry, aber danke für die hilfe
der 1. l2mfis log:
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\l6r00g9me6.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{79345D1B-87DC-751D-0F52-C22776DFC73A}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften f
okee, sorry, ich will nur nicht alles formatieren müssen...sorry, aber danke für die hilfe
der 1. l2mfis log:
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\l6r00g9me6.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{79345D1B-87DC-751D-0F52-C22776DFC73A}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften f
- Nadin_20
- Beiträge: 28
- Registriert: 28.12.2004, 21:29
- Wohnort: Düsseldorf
von Holy Marcell am 08.11.2005, 20:07
Oke. hast du auch die Anleitung weiter abgearbeitet?
Lade dir Ewido, Scanne, poste den Report und deinstalliere es nach getaener Arbeit (Virenentfernung)
http://virus-protect.net/ewido.html
========================
Lade dir Ewido, Scanne, poste den Report und deinstalliere es nach getaener Arbeit (Virenentfernung)
http://virus-protect.net/ewido.html
========================
- Holy Marcell
von Nadin_20 am 08.11.2005, 20:29
hier noch der ewido log, hab ich das richtig verstanden, dass ich das programm ewido danach deinstallieren soll????
---------------------------------------------------------
ewido security suite - Scan Report
---------------------------------------------------------
+ Erstellt am: 19:28:38, 08.11.2005
+ Report-Checksumme: 36F12CB5
+ Scanergebnis:
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Gesäubert mit Backup
HKU\S-1-5-21-329068152-299502267-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Gesäubert mit Backup
:mozilla.34:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.35:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.36:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.37:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.38:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.39:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.40:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.41:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.51:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.52:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.53:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.54:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.55:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.56:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.57:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.58:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.59:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.60:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.61:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.62:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.63:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.64:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.65:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.67:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Atdmt : Gesäubert mit Backup
:mozilla.75:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
:mozilla.76:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Mediaplex : Gesäubert mit Backup
:mozilla.78:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Gesäubert mit Backup
:mozilla.79:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Gesäubert mit Backup
:mozilla.80:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Gesäubert mit Backup
:mozilla.86:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Etracker : Gesäubert mit Backup
:mozilla.107:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Doubleclick : Gesäubert mit Backup
:mozilla.116:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Gesäubert mit Backup
:mozilla.124:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Hitbox : Gesäubert mit Backup
:mozilla.125:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Hitbox : Gesäubert mit Backup
:mozilla.126:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Hitbox : Gesäubert mit Backup
:mozilla.129:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.130:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.131:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.132:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.133:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.136:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Addcontrol : Gesäubert mit Backup
:mozilla.141:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.247realmedia : Gesäubert mit Backup
:mozilla.142:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Sitestat : Gesäubert mit Backup
:mozilla.143:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Sitestat : Gesäubert mit Backup
:mozilla.144:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.145:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.146:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.147:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.148:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Hypertracker : Gesäubert mit Backup
:mozilla.149:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Euroclick : Gesäubert mit Backup
:mozilla.150:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Adtech : Gesäubert mit Backup
:mozilla.151:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Adtech : Gesäubert mit Backup
:mozilla.152:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Euroclick : Gesäubert mit Backup
:mozilla.153:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Euroclick : Gesäubert mit Backup
:mozilla.155:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
:mozilla.163:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\N. Mirtschin\Desktop\l2mfix\backup.zip/bjpanui.dll -> Spyware.Look2Me : Fehler beim Säubern
C:\Dokumente und Einstellungen\N. Mirtschin\Desktop\l2mfix\backup.zip/e6jmlg1116.dll -> Spyware.Look2Me : Fehler beim Säubern
C:\Dokumente und Einstellungen\N. Mirtschin\Desktop\l2mfix\backup.zip/h6l2lg3o16.dll -> Spyware.Look2Me : Fehler beim Säubern
C:\Dokumente und Einstellungen\N. Mirtschin\Desktop\l2mfix\backup.zip/ssdll.dll -> Spyware.Look2Me : Fehler beim Säubern
C:\Dokumente und Einstellungen\N. Mirtschin\Desktop\l2mfix\backup.zip/guard.tmp -> Spyware.Look2Me : Fehler beim Säubern
C:\Dokumente und Einstellungen\N. Mirtschin\Lokale Einstellungen\Temp\Cookies\n. mirtschin@2o7[2].txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
C:\Dokumente und Einstellungen\N. Mirtschin\Lokale Einstellungen\Temp\Cookies\n. mirtschin@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
C:\Dokumente und Einstellungen\N. Mirtschin\Lokale Einstellungen\Temp\Cookies\n. mirtschin@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
C:\WINDOWS\Temp\Cookies\n. mirtschin@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
C:\WINDOWS\Temp\Cookies\n. mirtschin@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Gesäubert mit Backup
C:\WINDOWS\Temp\Cookies\n. mirtschin@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
C:\WINDOWS\Temp\Cookies\n. mirtschin@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
C:\WINDOWS\Temp\Cookies\n. mirtschin@paypopup[2].txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
::Report Ende
---------------------------------------------------------
ewido security suite - Scan Report
---------------------------------------------------------
+ Erstellt am: 19:28:38, 08.11.2005
+ Report-Checksumme: 36F12CB5
+ Scanergebnis:
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Gesäubert mit Backup
HKU\S-1-5-21-329068152-299502267-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Gesäubert mit Backup
:mozilla.34:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.35:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.36:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.37:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.38:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.39:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.40:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.41:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.51:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.52:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.53:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.54:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.55:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.56:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.57:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.58:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.59:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.60:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.61:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.62:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.63:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.64:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.65:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
:mozilla.67:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Atdmt : Gesäubert mit Backup
:mozilla.75:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
:mozilla.76:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Mediaplex : Gesäubert mit Backup
:mozilla.78:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Gesäubert mit Backup
:mozilla.79:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Gesäubert mit Backup
:mozilla.80:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Gesäubert mit Backup
:mozilla.86:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Etracker : Gesäubert mit Backup
:mozilla.107:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Doubleclick : Gesäubert mit Backup
:mozilla.116:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Gesäubert mit Backup
:mozilla.124:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Hitbox : Gesäubert mit Backup
:mozilla.125:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Hitbox : Gesäubert mit Backup
:mozilla.126:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Hitbox : Gesäubert mit Backup
:mozilla.129:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.130:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.131:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.132:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.133:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.136:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Addcontrol : Gesäubert mit Backup
:mozilla.141:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.247realmedia : Gesäubert mit Backup
:mozilla.142:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Sitestat : Gesäubert mit Backup
:mozilla.143:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Sitestat : Gesäubert mit Backup
:mozilla.144:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.145:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.146:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.147:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.148:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Hypertracker : Gesäubert mit Backup
:mozilla.149:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Euroclick : Gesäubert mit Backup
:mozilla.150:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Adtech : Gesäubert mit Backup
:mozilla.151:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Adtech : Gesäubert mit Backup
:mozilla.152:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Euroclick : Gesäubert mit Backup
:mozilla.153:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Euroclick : Gesäubert mit Backup
:mozilla.155:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
:mozilla.163:C:\Dokumente und Einstellungen\N. Mirtschin\Anwendungsdaten\Mozilla\Firefox\Profiles\k15dr1lk.default\cookies.txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\N. Mirtschin\Desktop\l2mfix\backup.zip/bjpanui.dll -> Spyware.Look2Me : Fehler beim Säubern
C:\Dokumente und Einstellungen\N. Mirtschin\Desktop\l2mfix\backup.zip/e6jmlg1116.dll -> Spyware.Look2Me : Fehler beim Säubern
C:\Dokumente und Einstellungen\N. Mirtschin\Desktop\l2mfix\backup.zip/h6l2lg3o16.dll -> Spyware.Look2Me : Fehler beim Säubern
C:\Dokumente und Einstellungen\N. Mirtschin\Desktop\l2mfix\backup.zip/ssdll.dll -> Spyware.Look2Me : Fehler beim Säubern
C:\Dokumente und Einstellungen\N. Mirtschin\Desktop\l2mfix\backup.zip/guard.tmp -> Spyware.Look2Me : Fehler beim Säubern
C:\Dokumente und Einstellungen\N. Mirtschin\Lokale Einstellungen\Temp\Cookies\n. mirtschin@2o7[2].txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
C:\Dokumente und Einstellungen\N. Mirtschin\Lokale Einstellungen\Temp\Cookies\n. mirtschin@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
C:\Dokumente und Einstellungen\N. Mirtschin\Lokale Einstellungen\Temp\Cookies\n. mirtschin@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
C:\WINDOWS\Temp\Cookies\n. mirtschin@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
C:\WINDOWS\Temp\Cookies\n. mirtschin@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Gesäubert mit Backup
C:\WINDOWS\Temp\Cookies\n. mirtschin@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
C:\WINDOWS\Temp\Cookies\n. mirtschin@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
C:\WINDOWS\Temp\Cookies\n. mirtschin@paypopup[2].txt -> Spyware.Cookie.Paypopup : Gesäubert mit Backup
::Report Ende
- Nadin_20
- Beiträge: 28
- Registriert: 28.12.2004, 21:29
- Wohnort: Düsseldorf
von Holy Marcell am 08.11.2005, 21:23
Ok, ich denke, damit ist dein Problem gelöst.
Mache noch einen Escan und dann bist du "entlassen"
==============================
Arbeite diese Anleitung bitte vollständig ab und poste das Ergebniss:
http://yourhighness.eddys-domain.de/escan.html
==============================
Mache noch einen Escan und dann bist du "entlassen"
==============================
Arbeite diese Anleitung bitte vollständig ab und poste das Ergebniss:
http://yourhighness.eddys-domain.de/escan.html
==============================
- Holy Marcell
von Nadin_20 am 08.11.2005, 23:07
hey vielen lieben dank für deine schnelle hilfe...
aber der escan hat leider noch eine menge gefunden, was man ja nicht entfernen kann, wenn man keine vollversion hat...
hier der log
--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------
1: Tue Nov 08 21:05:27 2005 => System found infected with istbar Spyware/Adware ({7c559105-9ecf-42b8-b3f7-832e75edd959})! Action taken: No Action Taken.
2: Tue Nov 08 21:05:32 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\gza3fkbg\common[1].js
3: Tue Nov 08 21:05:32 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
4: Tue Nov 08 21:05:32 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\gza3fkbg\show_ads[2].js
5: Tue Nov 08 21:05:32 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
6: Tue Nov 08 21:05:33 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\gza3fkbg\s_code[1].js
7: Tue Nov 08 21:05:33 2005 => System found infected with whenu.savenow Spyware/Adware (s_code[1].js)! Action taken: No Action Taken.
8: Tue Nov 08 21:05:33 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\od2f4tu7\global[1].js
9: Tue Nov 08 21:05:33 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.
10: Tue Nov 08 21:05:40 2005 => Offending file found: C:\Dokumente und Einstellungen\N. Mirtschin\Eigene Dateien\eigene webs\meinweb2\search.htm
11: Tue Nov 08 21:05:40 2005 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
12: Tue Nov 08 21:05:40 2005 => Offending file found: C:\Dokumente und Einstellungen\N. Mirtschin\Eigene Dateien\eigene webs\meinweb2\_vti_cnf\search.htm
13: Tue Nov 08 21:05:40 2005 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
14: Tue Nov 08 21:05:40 2005 => Offending file found: C:\Dokumente und Einstellungen\N. Mirtschin\Eigene Dateien\homepage_stuff\homepage dateien\top.html
15: Tue Nov 08 21:05:40 2005 => System found infected with whenu.sidefinder Spyware/Adware (top.html)! Action taken: No Action Taken.
16: Tue Nov 08 21:05:43 2005 => Offending file found: C:\WINDOWS\iun6002.exe
17: Tue Nov 08 21:05:43 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
18: Tue Nov 08 21:11:19 2005 => Scanning Folder: C:\Dokumente und Einstellungen\N. Mirtschin\Eigene Dateien\Downloads\AVPersonal\INFECTED\*.*
19: Tue Nov 08 21:13:26 2005 => File C:\Dokumente und Einstellungen\N. Mirtschin\Lokale Einstellungen\Temp\iinstall.exe infected by "Trojan-Downloader.Win32.IstBar.mz" Virus! Action Taken: No Action Taken.
20: Tue Nov 08 21:25:11 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
21: Tue Nov 08 21:36:40 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP105\A0020684.exe infected by "Trojan-Downloader.Win32.Adload.j" Virus! Action Taken: No Action Taken.
22: Tue Nov 08 21:37:38 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021290.exe infected by "Trojan-Downloader.Win32.VB.ri" Virus! Action Taken: No Action Taken.
23: Tue Nov 08 21:38:07 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021677.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
24: Tue Nov 08 21:38:08 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021692.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
25: Tue Nov 08 21:38:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021693.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
26: Tue Nov 08 21:38:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021694.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
27: Tue Nov 08 21:38:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021695.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
28: Tue Nov 08 21:38:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021696.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
29: Tue Nov 08 21:38:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021698.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
30: Tue Nov 08 21:38:17 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021778.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
31: Tue Nov 08 21:58:35 2005 => File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GZA3FKBG\send_car_int[2].htm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken.
--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------
1: Tue Nov 08 21:10:21 2005 => File C:\Dokumente und Einstellungen\N. Mirtschin\Desktop\l2mfix\backup.zip tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
2: Tue Nov 08 21:21:02 2005 => Scanning File C:\Programme\Adobe\Adobe InDesign CS\Plug-Ins\Filters\Tagged Text Attributes.apln
3: Tue Nov 08 21:21:03 2005 => Scanning File C:\Programme\Adobe\Adobe InDesign CS\Plug-Ins\Filters\Tagged Text Export Filter.apln
4: Tue Nov 08 21:21:03 2005 => Scanning File C:\Programme\Adobe\Adobe InDesign CS\Plug-Ins\Filters\Tagged Text Import Filter.apln
5: Tue Nov 08 21:34:06 2005 => File C:\Programme\TightVNC\VNCHooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.b. No Action Taken.
6: Tue Nov 08 21:34:11 2005 => File C:\Programme\TightVNC\WinVNC.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.h. No Action Taken.
7: Tue Nov 08 21:36:29 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP104\A0020583.exe tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
8: Tue Nov 08 21:36:29 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP104\A0020584.exe tagged as "not-a-virus:AdWare.Win32.ISearch.d". Action Taken: No Action Taken.
9: Tue Nov 08 21:37:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP105\A0021007.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
10: Tue Nov 08 21:37:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP105\A0021020.exe tagged as "not-a-virus:AdWare.Win32.AdURL.c". Action Taken: No Action Taken.
11: Tue Nov 08 21:37:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP105\A0021023.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
12: Tue Nov 08 21:37:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP105\A0021027.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
13: Tue Nov 08 21:37:39 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021292.DLL tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
14: Tue Nov 08 21:37:39 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021295.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
15: Tue Nov 08 21:37:39 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021304.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
16: Tue Nov 08 21:37:45 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021404.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
17: Tue Nov 08 21:37:46 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021417.dll tagged as "not-a-virus:AdWare.Win32.CommAd.a". Action Taken: No Action Taken.
18: Tue Nov 08 21:37:46 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021418.exe tagged as "not-a-virus:AdWare.Win32.CommAd.a". Action Taken: No Action Taken.
19: Tue Nov 08 21:37:47 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021422.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
20: Tue Nov 08 21:37:47 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021437.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
21: Tue Nov 08 21:37:48 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021443.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
22: Tue Nov 08 21:37:57 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021577.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
23: Tue Nov 08 21:37:58 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021584.exe tagged as "not-a-virus:AdWare.Win32.AdURL.c". Action Taken: No Action Taken.
24: Tue Nov 08 21:37:58 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021586.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
25: Tue Nov 08 21:37:58 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021591.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
26: Tue Nov 08 21:37:58 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021595.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
27: Tue Nov 08 21:37:58 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021600.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
28: Tue Nov 08 21:37:58 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021604.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
29: Tue Nov 08 21:37:59 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021608.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
30: Tue Nov 08 21:37:59 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021612.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
31: Tue Nov 08 21:38:05 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021637.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
32: Tue Nov 08 21:38:06 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021650.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
33: Tue Nov 08 21:38:06 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021654.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
34: Tue Nov 08 21:38:06 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021658.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
35: Tue Nov 08 21:38:06 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021661.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
36: Tue Nov 08 21:38:06 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021666.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
37: Tue Nov 08 21:38:06 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021669.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
38: Tue Nov 08 21:38:06 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021673.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
39: Tue Nov 08 21:38:07 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021678.exe tagged as "not-a-virus:AdWare.Win32.PowerScan.d". Action Taken: No Action Taken.
40: Tue Nov 08 21:38:07 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021680.dll tagged as "not-a-virus:AdWare.Win32.AdMir.a". Action Taken: No Action Taken.
41: Tue Nov 08 21:38:07 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021683.exe tagged as "not-a-virus:AdWare.Win32.SurfAccuracy.d". Action Taken: No Action Taken.
42: Tue Nov 08 21:38:17 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021780.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
43: Tue Nov 08 21:38:17 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021784.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
44: Tue Nov 08 21:38:17 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021785.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
45: Tue Nov 08 21:38:17 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021786.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
46: Tue Nov 08 21:38:17 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021787.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
47: Tue Nov 08 21:39:58 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP79\A0009189.exe tagged as "not-a-virus:Porn-Dialer.Win32.GBDialer.c". Action Taken: No Action Taken.
48: Tue Nov 08 21:40:33 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP82\A0009825.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
49: Tue Nov 08 21:40:36 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP82\A0009848.dll tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
50: Tue Nov 08 21:40:36 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP82\A0009858.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
51: Tue Nov 08 21:46:35 2005 => File C:\WINDOWS\Downloaded Program Files\UWFX5U_0001_LPNetInstaller.exe tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
52: Tue Nov 08 21:58:36 2005 => File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GZA3FKBG\WinFixer2005ScannerInstallDE[1].cab tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------
1: Tue Nov 08 21:05:18 2005 => ERROR!!! Invalid Entry crypserv.exe in SYSTEM\CurrentControlSet\Services\Crypkey License...
2: Tue Nov 08 21:05:24 2005 => ERROR!!! Invalid Entry \??\C:\WINDOWS\system32\drivers\SLEE503.sys in SYSTEM\CurrentControlSet\Services\SLEE_503_DRIVER...
3: Tue Nov 08 21:05:24 2005 => ERROR!!! Invalid Entry C:\WINDOWS\system32\SLEE503.exe in SYSTEM\CurrentControlSet\Services\SLEE_503_SERVICE...
4: Tue Nov 08 21:05:46 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\asinst.dll". Action Taken: No Action Taken.
5: Tue Nov 08 21:05:50 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\DAO350" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\DAO350.DLL". Action Taken: No Action Taken.
6: Tue Nov 08 21:05:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "EaccelSetup". Action Taken: No Action Taken.
7: Tue Nov 08 21:05:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ISTsvc". Action Taken: No Action Taken.
8: Tue Nov 08 21:05:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Power Scan". Action Taken: No Action Taken.
9: Tue Nov 08 21:05:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SAcc". Action Taken: No Action Taken.
10: Tue Nov 08 21:05:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Spyware Nuker". Action Taken: No Action Taken.
11: Tue Nov 08 21:05:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "TightVNC_is1". Action Taken: No Action Taken.
12: Tue Nov 08 21:05:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0496D9E8-224B-4AFA-8F37-23B98D52F1EB}". Action Taken: No Action Taken.
13: Tue Nov 08 21:05:51 2005 => Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
14: Tue Nov 08 21:05:52 2005 => Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
15: Tue Nov 08 21:05:54 2005 => Entry "HKCR\CLSID\{A1031BAF-3039-4dd6-BC5E-522F007DAF8B}" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
16: Tue Nov 08 21:05:54 2005 => Entry "HKCR\CLSID\{BC20CB75-A981-460e-81D4-F06F61B59247}" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
17: Tue Nov 08 21:05:55 2005 => Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
18: Tue Nov 08 21:05:55 2005 => Entry "HKCR\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}" refers to invalid object "C:\PROGRA~1\SPYWAR~2\swdoctor.exe". Action Taken: No Action Taken.
19: Tue Nov 08 21:05:55 2005 => Entry "HKCR\CLSID\{E0B8F398-BB08-4298-87F0-34502693902E}" refers to invalid object ""C:\Programme\Messenger\msmsgs.exe"". Action Taken: No Action Taken.
20: Tue Nov 08 21:05:56 2005 => Entry "HKCR\CLSID\{F3A614DC-ABE0-11d2-A441-00C04F795683}" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
21: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{0CEBAFA2-A5F8-11D1-B76F-58BB04C10000}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
22: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{1257CD33-90D0-11D1-A197-080009AB3411}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
23: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{143C9CF1-E3E7-11D1-A1D2-080009AB3411}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
24: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{164B2582-1F73-11D3-B764-EFFAF1F7B10E}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
25: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{19362773-E965-11D1-A1F0-080009AB3411}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
26: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{1FA4B99F-3155-4A26-837B-9734C1297A1B}" refers to invalid object "C:\Programme\MSN Messenger\msnmsgr.exe". Action Taken: No Action Taken.
27: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{218CB45F-20B6-11d2-8E17-0000F803A446}" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
28: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{3201590C-8C63-4558-8142-82C29FC695E9}" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
29: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{36C8B6E8-7013-462A-85B7-298F91FBC783}" refers to invalid object "C:\Programme\MSN Messenger\msnmsgr.exe". Action Taken: No Action Taken.
30: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{38621105-225E-4716-964C-A9AC8804F989}" refers to invalid object "C:\Programme\Gemeinsame Dateien\InterVideo\DVD7\InterActual\IAManager.dll". Action Taken: No Action Taken.
31: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{3E895E71-0C27-11D2-A212-080009AB3411}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
32: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{53CED51D-432B-45b2-A3E0-0CE2C24235D4}" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
33: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{60ACE49B-F247-4E12-B740-EF8DB1941D0F}" refers to invalid object "C:\Programme\ewido\security suite\context.dll". Action Taken: No Action Taken.
34: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{67800A63-C222-11D1-A1B3-080009AB3411}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
35: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{7E4A9BE4-7A58-4076-9E78-1A93434DA29D}" refers to invalid object "C:\DOKUME~1\N3E98~1.MIR\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
36: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{86FC1FC2-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\itproto\mDxEmul.mom". Action Taken: No Action Taken.
37: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{9F3595E2-B5CC-11D1-B76F-58BB04C10000}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
38: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{9FD46A24-F9E8-11D1-A204-080009AB3411}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
39: Tue Nov 08 21:05:57 2005 => Entry "HKCR\TypeLib\{C1637F37-3FC8-4B37-B3B2-6CC5E202390D}" refers to invalid object "C:\Programme\MSN Messenger\msnmsgr.exe". Action Taken: No Action Taken.
40: Tue Nov 08 21:05:57 2005 => Entry "HKCR\TypeLib\{C8E100B3-6D59-11D1-A181-080009AB3411}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
41: Tue Nov 08 21:05:57 2005 => Entry "HKCR\TypeLib\{DFFAEA82-07FA-4440-9A52-D54EB21C627F}" refers to invalid object "C:\Programme\Alcohol Soft\Alcohol 120\AXShlEx.dll". Action Taken: No Action Taken.
42: Tue Nov 08 21:05:57 2005 => Entry "HKCR\TypeLib\{E02AD29E-80F5-46c6-B416-9B3EBDDF057E}" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
43: Tue Nov 08 21:05:57 2005 => Entry "HKCR\TypeLib\{E891EE9A-D0AE-4cb4-8871-F92C0109F18E}" refers to invalid object "C:\Programme\Adobe Photoshop CS2\Zusatzmodule\Adobe Photoshop Only\Automatisieren\Skriptunterstützung.8li". Action Taken: No Action Taken.
44: Tue Nov 08 21:05:57 2005 => Entry "HKCR\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}" refers to invalid object "C:\Programme\Accoona\ASearchAssist.dll". Action Taken: No Action Taken.
45: Tue Nov 08 21:05:57 2005 => Entry "HKCR\TypeLib\{FD6E3405-67CB-11D1-A17E-080009AB3411}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
46: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.ase" refers to invalid object "Photoshop.ExchangeableSwatchFile.9". Action Taken: No Action Taken.
47: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.cin" refers to invalid object "Photoshop.CINFile.9". Action Taken: No Action Taken.
48: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.cr2" refers to invalid object "Photoshop.CameraRawFileCanon2.9". Action Taken: No Action Taken.
49: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.crw" refers to invalid object "Photoshop.CameraRawFileCanon.9". Action Taken: No Action Taken.
50: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.dcr" refers to invalid object "Photoshop.CameraRawFileKodak.9". Action Taken: No Action Taken.
51: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.dng" refers to invalid object "Photoshop.CameraRawFileDigital.9". Action Taken: No Action Taken.
52: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.dpx" refers to invalid object "Photoshop.CINFile.9". Action Taken: No Action Taken.
53: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.erf" refers to invalid object "Photoshop.CameraRawFileEpson.9". Action Taken: No Action Taken.
54: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.exr" refers to invalid object "Photoshop.OpenEXRFile.9". Action Taken: No Action Taken.
55: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.fido" refers to invalid object "Photoshop.CINFile.9". Action Taken: No Action Taken.
56: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.hdr" refers to invalid object "Photoshop.PortableBitMapFile.9". Action Taken: No Action Taken.
57: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.kys" refers to invalid object "Photoshop.KYSFile.9". Action Taken: No Action Taken.
58: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.mnu" refers to invalid object "Photoshop.MenuCustomizationFile.9". Action Taken: No Action Taken.
59: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.mos" refers to invalid object "Photoshop.CameraRawFileLeaf.9". Action Taken: No Action Taken.
60: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.mrw" refers to invalid object "Photoshop.CameraRawFileMinolta.9". Action Taken: No Action Taken.
61: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.nef" refers to invalid object "Photoshop.CameraRawFileNikon.9". Action Taken: No Action Taken.
62: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.orf" refers to invalid object "Photoshop.CameraRawFileOlympus.9". Action Taken: No Action Taken.
63: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.pbm" refers to invalid object "Photoshop.RadianceFile.9". Action Taken: No Action Taken.
64: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.PCD" refers to invalid object "Photoshop.PCDFile.9". Action Taken: No Action Taken.
65: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.pcx" refers to invalid object "Photoshop.PCXFile.9". Action Taken: No Action Taken.
66: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.pdd" refers to invalid object "Photoshop.PDDFile.9". Action Taken: No Action Taken.
67: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.pef" refers to invalid object "Photoshop.CameraRawFilePentax.9". Action Taken: No Action Taken.
68: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.psb" refers to invalid object "Photoshop.PSBFile.9". Action Taken: No Action Taken.
69: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.raf" refers to invalid object "Photoshop.CameraRawFileFujifilm.9". Action Taken: No Action Taken.
70: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.rle" refers to invalid object "Photoshop.BMPFile.9". Action Taken: No Action Taken.
71: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.sdpx" refers to invalid object "Photoshop.CINFile.9". Action Taken: No Action Taken.
72: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.shh" refers to invalid object "Photoshop.SHHFile.9". Action Taken: No Action Taken.
73: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.srf" refers to invalid object "Photoshop.CameraRawFileSony.9". Action Taken: No Action Taken.
74: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.wbm" refers to invalid object "Photoshop.WBMFile.9". Action Taken: No Action Taken.
75: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.x3f" refers to invalid object "Photoshop.CameraRawFileFoveon.9". Action Taken: No Action Taken.
76: Tue Nov 08 21:05:58 2005 => Entry "HKCR\Context.test" refers to invalid object "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}". Action Taken: No Action Taken.
77: Tue Nov 08 21:05:58 2005 => Entry "HKCR\Context.test.1" refers to invalid object "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}". Action Taken: No Action Taken.
78: Tue Nov 08 21:05:59 2005 => Entry "HKCR\Photoshop.Image.8" refers to invalid object "{3fd07b5f-b17a-4243-949b-94c5a9d2e465}". Action Taken: No Action Taken.
79: Tue Nov 08 21:05:59 2005 => Entry "HKCR\Photoshop.Image.9" refers to invalid object "{3fd07b5f-b17a-4243-949b-94c5a9d2e465}". Action Taken: No Action Taken.
80: Tue Nov 08 21:06:00 2005 => Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.
81: Tue Nov 08 21:06:00 2005 => Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.
82: Tue Nov 08 21:06:00 2005 => Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.
83: Tue Nov 08 21:06:00 2005 => Entry "HKCR\SWiSH.Movie" refers to invalid object "{C5178CAC-8D15-4AC1-85DB-C4D017218D43}". Action Taken: No Action Taken.
84: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX.zip is Not Scanned
85: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar.zip is Not Scanned
86: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar1.zip is Not Scanned
87: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar2.zip is Not Scanned
88: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar3.zip is Not Scanned
89: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar4.zip is Not Scanned
90: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar5.zip is Not Scanned
91: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar6.zip is Not Scanned
92: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc.zip is Not Scanned
93: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc1.zip is Not Scanned
94: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc2.zip is Not Scanned
95: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc3.zip is Not Scanned
96: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip is Not Scanned
97: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan1.zip is Not Scanned
98: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan2.zip is Not Scanned
99: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan3.zip is Not Scanned
100: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan4.zip is Not Scanned
101: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechSideFind.zip is Not Scanned
102: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechSideFind1.zip is Not Scanned
103: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechSideFind2.zip is Not Scanned
104: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechSlotch.zip is Not Scanned
105: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechSlotch1.zip is Not Scanned
106: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechSlotch2.zip is Not Scanned
107: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant.zip is Not Scanned
108: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SurfAccuracy.zip is Not Scanned
109: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SurfAccuracy1.zip is Not Scanned
110: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SurfAccuracy2.zip is Not Scanned
111: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SurfAccuracy3.zip is Not Scanned
112: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SurfAccuracy4.zip is Not Scanned
113: Tue Nov 08 21:08:17 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip is Not Scanned
114: Tue Nov 08 21:08:17 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride.zip is Not Scanned
115: Tue Nov 08 21:08:17 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterUpdateDisableNotify.zip is Not Scanned
116: Tue Nov 08 21:08:17 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WinsoftwareCommon.zip is Not Scanned
--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------
1: C:\Dokumente und Einstellungen\N. Mirtschin\Lokale Einstellungen\Temp\iinstall.exe => Trojan-Downloader.Win32.IstBar.mz
2: C:\Programme\TightVNC\VNCHooks.dll => tagged:RemoteAdmin.Win32.WinVNC-based.b.
3: C:\Programme\TightVNC\WinVNC.exe => tagged:RemoteAdmin.Win32.WinVNC-based.h.
4: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP105\A0020684.exe => Trojan-Downloader.Win32.Adload.j
5: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021290.exe => Trojan-Downloader.Win32.VB.ri
6: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021677.exe => Trojan-Downloader.Win32.IstBar.gen
7: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021692.dll => Trojan.Win32.Crypt.t
8: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021693.exe => Trojan.Win32.Crypt.t
9: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021694.exe => Trojan.Win32.Crypt.t
10: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021695.dll => Trojan.Win32.Crypt.t
11: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021696.exe => Trojan.Win32.Crypt.t
12: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021698.exe => Trojan.Win32.Crypt.t
13: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021778.dll => Trojan.Win32.Crypt.t
14: C:\WINDOWS\Downloaded Program Files\UWFX5U_0001_LPNetInstaller.exe => tagged:Downloader.Win32.Agent.d.
15: C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GZA3FKBG\send_car_int[2].htm => Exploit.HTML.CodeBaseExec
16: C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GZA3FKBG\WinFixer2005ScannerInstallDE[1].cab => tagged:Downloader.Win32.Agent.d.
--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------
Tue Nov 08 21:58:54 2005 => Total Objects Scanned: 87212
Tue Nov 08 21:58:54 2005 => Total Virus(es) Found: 72
Tue Nov 08 21:58:54 2005 => Total Errors: 116
Tue Nov 08 21:58:54 2005 => Virus Database Date: 2005/11/08
Tue Nov 08 21:58:54 2005 => Virus Database Count: 158898
Tue Nov 08 22:02:58 2005 => Total Objects Scanned: 87212
Tue Nov 08 22:02:58 2005 => Total Virus(es) Found: 72
Tue Nov 08 22:02:58 2005 => Total Errors: 116
aber der escan hat leider noch eine menge gefunden, was man ja nicht entfernen kann, wenn man keine vollversion hat...
hier der log
--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------
1: Tue Nov 08 21:05:27 2005 => System found infected with istbar Spyware/Adware ({7c559105-9ecf-42b8-b3f7-832e75edd959})! Action taken: No Action Taken.
2: Tue Nov 08 21:05:32 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\gza3fkbg\common[1].js
3: Tue Nov 08 21:05:32 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
4: Tue Nov 08 21:05:32 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\gza3fkbg\show_ads[2].js
5: Tue Nov 08 21:05:32 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
6: Tue Nov 08 21:05:33 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\gza3fkbg\s_code[1].js
7: Tue Nov 08 21:05:33 2005 => System found infected with whenu.savenow Spyware/Adware (s_code[1].js)! Action taken: No Action Taken.
8: Tue Nov 08 21:05:33 2005 => Offending file found: C:\WINDOWS\TEMP\temporary internet files\content.ie5\od2f4tu7\global[1].js
9: Tue Nov 08 21:05:33 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.
10: Tue Nov 08 21:05:40 2005 => Offending file found: C:\Dokumente und Einstellungen\N. Mirtschin\Eigene Dateien\eigene webs\meinweb2\search.htm
11: Tue Nov 08 21:05:40 2005 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
12: Tue Nov 08 21:05:40 2005 => Offending file found: C:\Dokumente und Einstellungen\N. Mirtschin\Eigene Dateien\eigene webs\meinweb2\_vti_cnf\search.htm
13: Tue Nov 08 21:05:40 2005 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
14: Tue Nov 08 21:05:40 2005 => Offending file found: C:\Dokumente und Einstellungen\N. Mirtschin\Eigene Dateien\homepage_stuff\homepage dateien\top.html
15: Tue Nov 08 21:05:40 2005 => System found infected with whenu.sidefinder Spyware/Adware (top.html)! Action taken: No Action Taken.
16: Tue Nov 08 21:05:43 2005 => Offending file found: C:\WINDOWS\iun6002.exe
17: Tue Nov 08 21:05:43 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
18: Tue Nov 08 21:11:19 2005 => Scanning Folder: C:\Dokumente und Einstellungen\N. Mirtschin\Eigene Dateien\Downloads\AVPersonal\INFECTED\*.*
19: Tue Nov 08 21:13:26 2005 => File C:\Dokumente und Einstellungen\N. Mirtschin\Lokale Einstellungen\Temp\iinstall.exe infected by "Trojan-Downloader.Win32.IstBar.mz" Virus! Action Taken: No Action Taken.
20: Tue Nov 08 21:25:11 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
21: Tue Nov 08 21:36:40 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP105\A0020684.exe infected by "Trojan-Downloader.Win32.Adload.j" Virus! Action Taken: No Action Taken.
22: Tue Nov 08 21:37:38 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021290.exe infected by "Trojan-Downloader.Win32.VB.ri" Virus! Action Taken: No Action Taken.
23: Tue Nov 08 21:38:07 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021677.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
24: Tue Nov 08 21:38:08 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021692.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
25: Tue Nov 08 21:38:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021693.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
26: Tue Nov 08 21:38:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021694.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
27: Tue Nov 08 21:38:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021695.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
28: Tue Nov 08 21:38:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021696.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
29: Tue Nov 08 21:38:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021698.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
30: Tue Nov 08 21:38:17 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021778.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
31: Tue Nov 08 21:58:35 2005 => File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GZA3FKBG\send_car_int[2].htm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken.
--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------
1: Tue Nov 08 21:10:21 2005 => File C:\Dokumente und Einstellungen\N. Mirtschin\Desktop\l2mfix\backup.zip tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
2: Tue Nov 08 21:21:02 2005 => Scanning File C:\Programme\Adobe\Adobe InDesign CS\Plug-Ins\Filters\Tagged Text Attributes.apln
3: Tue Nov 08 21:21:03 2005 => Scanning File C:\Programme\Adobe\Adobe InDesign CS\Plug-Ins\Filters\Tagged Text Export Filter.apln
4: Tue Nov 08 21:21:03 2005 => Scanning File C:\Programme\Adobe\Adobe InDesign CS\Plug-Ins\Filters\Tagged Text Import Filter.apln
5: Tue Nov 08 21:34:06 2005 => File C:\Programme\TightVNC\VNCHooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.b. No Action Taken.
6: Tue Nov 08 21:34:11 2005 => File C:\Programme\TightVNC\WinVNC.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.h. No Action Taken.
7: Tue Nov 08 21:36:29 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP104\A0020583.exe tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
8: Tue Nov 08 21:36:29 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP104\A0020584.exe tagged as "not-a-virus:AdWare.Win32.ISearch.d". Action Taken: No Action Taken.
9: Tue Nov 08 21:37:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP105\A0021007.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
10: Tue Nov 08 21:37:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP105\A0021020.exe tagged as "not-a-virus:AdWare.Win32.AdURL.c". Action Taken: No Action Taken.
11: Tue Nov 08 21:37:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP105\A0021023.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
12: Tue Nov 08 21:37:09 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP105\A0021027.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
13: Tue Nov 08 21:37:39 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021292.DLL tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
14: Tue Nov 08 21:37:39 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021295.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
15: Tue Nov 08 21:37:39 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021304.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
16: Tue Nov 08 21:37:45 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021404.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
17: Tue Nov 08 21:37:46 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021417.dll tagged as "not-a-virus:AdWare.Win32.CommAd.a". Action Taken: No Action Taken.
18: Tue Nov 08 21:37:46 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021418.exe tagged as "not-a-virus:AdWare.Win32.CommAd.a". Action Taken: No Action Taken.
19: Tue Nov 08 21:37:47 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021422.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
20: Tue Nov 08 21:37:47 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021437.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
21: Tue Nov 08 21:37:48 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021443.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
22: Tue Nov 08 21:37:57 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021577.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
23: Tue Nov 08 21:37:58 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021584.exe tagged as "not-a-virus:AdWare.Win32.AdURL.c". Action Taken: No Action Taken.
24: Tue Nov 08 21:37:58 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021586.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
25: Tue Nov 08 21:37:58 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021591.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
26: Tue Nov 08 21:37:58 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021595.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
27: Tue Nov 08 21:37:58 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021600.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
28: Tue Nov 08 21:37:58 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021604.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
29: Tue Nov 08 21:37:59 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021608.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
30: Tue Nov 08 21:37:59 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP107\A0021612.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
31: Tue Nov 08 21:38:05 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021637.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
32: Tue Nov 08 21:38:06 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021650.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
33: Tue Nov 08 21:38:06 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021654.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
34: Tue Nov 08 21:38:06 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021658.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
35: Tue Nov 08 21:38:06 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021661.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
36: Tue Nov 08 21:38:06 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021666.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
37: Tue Nov 08 21:38:06 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021669.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
38: Tue Nov 08 21:38:06 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021673.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
39: Tue Nov 08 21:38:07 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021678.exe tagged as "not-a-virus:AdWare.Win32.PowerScan.d". Action Taken: No Action Taken.
40: Tue Nov 08 21:38:07 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021680.dll tagged as "not-a-virus:AdWare.Win32.AdMir.a". Action Taken: No Action Taken.
41: Tue Nov 08 21:38:07 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021683.exe tagged as "not-a-virus:AdWare.Win32.SurfAccuracy.d". Action Taken: No Action Taken.
42: Tue Nov 08 21:38:17 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021780.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
43: Tue Nov 08 21:38:17 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021784.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
44: Tue Nov 08 21:38:17 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021785.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
45: Tue Nov 08 21:38:17 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021786.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
46: Tue Nov 08 21:38:17 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021787.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
47: Tue Nov 08 21:39:58 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP79\A0009189.exe tagged as "not-a-virus:Porn-Dialer.Win32.GBDialer.c". Action Taken: No Action Taken.
48: Tue Nov 08 21:40:33 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP82\A0009825.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
49: Tue Nov 08 21:40:36 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP82\A0009848.dll tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
50: Tue Nov 08 21:40:36 2005 => File C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP82\A0009858.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
51: Tue Nov 08 21:46:35 2005 => File C:\WINDOWS\Downloaded Program Files\UWFX5U_0001_LPNetInstaller.exe tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
52: Tue Nov 08 21:58:36 2005 => File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GZA3FKBG\WinFixer2005ScannerInstallDE[1].cab tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------
1: Tue Nov 08 21:05:18 2005 => ERROR!!! Invalid Entry crypserv.exe in SYSTEM\CurrentControlSet\Services\Crypkey License...
2: Tue Nov 08 21:05:24 2005 => ERROR!!! Invalid Entry \??\C:\WINDOWS\system32\drivers\SLEE503.sys in SYSTEM\CurrentControlSet\Services\SLEE_503_DRIVER...
3: Tue Nov 08 21:05:24 2005 => ERROR!!! Invalid Entry C:\WINDOWS\system32\SLEE503.exe in SYSTEM\CurrentControlSet\Services\SLEE_503_SERVICE...
4: Tue Nov 08 21:05:46 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\asinst.dll". Action Taken: No Action Taken.
5: Tue Nov 08 21:05:50 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\DAO350" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\DAO350.DLL". Action Taken: No Action Taken.
6: Tue Nov 08 21:05:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "EaccelSetup". Action Taken: No Action Taken.
7: Tue Nov 08 21:05:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ISTsvc". Action Taken: No Action Taken.
8: Tue Nov 08 21:05:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Power Scan". Action Taken: No Action Taken.
9: Tue Nov 08 21:05:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SAcc". Action Taken: No Action Taken.
10: Tue Nov 08 21:05:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Spyware Nuker". Action Taken: No Action Taken.
11: Tue Nov 08 21:05:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "TightVNC_is1". Action Taken: No Action Taken.
12: Tue Nov 08 21:05:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0496D9E8-224B-4AFA-8F37-23B98D52F1EB}". Action Taken: No Action Taken.
13: Tue Nov 08 21:05:51 2005 => Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
14: Tue Nov 08 21:05:52 2005 => Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
15: Tue Nov 08 21:05:54 2005 => Entry "HKCR\CLSID\{A1031BAF-3039-4dd6-BC5E-522F007DAF8B}" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
16: Tue Nov 08 21:05:54 2005 => Entry "HKCR\CLSID\{BC20CB75-A981-460e-81D4-F06F61B59247}" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
17: Tue Nov 08 21:05:55 2005 => Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
18: Tue Nov 08 21:05:55 2005 => Entry "HKCR\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}" refers to invalid object "C:\PROGRA~1\SPYWAR~2\swdoctor.exe". Action Taken: No Action Taken.
19: Tue Nov 08 21:05:55 2005 => Entry "HKCR\CLSID\{E0B8F398-BB08-4298-87F0-34502693902E}" refers to invalid object ""C:\Programme\Messenger\msmsgs.exe"". Action Taken: No Action Taken.
20: Tue Nov 08 21:05:56 2005 => Entry "HKCR\CLSID\{F3A614DC-ABE0-11d2-A441-00C04F795683}" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
21: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{0CEBAFA2-A5F8-11D1-B76F-58BB04C10000}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
22: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{1257CD33-90D0-11D1-A197-080009AB3411}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
23: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{143C9CF1-E3E7-11D1-A1D2-080009AB3411}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
24: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{164B2582-1F73-11D3-B764-EFFAF1F7B10E}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
25: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{19362773-E965-11D1-A1F0-080009AB3411}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
26: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{1FA4B99F-3155-4A26-837B-9734C1297A1B}" refers to invalid object "C:\Programme\MSN Messenger\msnmsgr.exe". Action Taken: No Action Taken.
27: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{218CB45F-20B6-11d2-8E17-0000F803A446}" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
28: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{3201590C-8C63-4558-8142-82C29FC695E9}" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
29: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{36C8B6E8-7013-462A-85B7-298F91FBC783}" refers to invalid object "C:\Programme\MSN Messenger\msnmsgr.exe". Action Taken: No Action Taken.
30: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{38621105-225E-4716-964C-A9AC8804F989}" refers to invalid object "C:\Programme\Gemeinsame Dateien\InterVideo\DVD7\InterActual\IAManager.dll". Action Taken: No Action Taken.
31: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{3E895E71-0C27-11D2-A212-080009AB3411}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
32: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{53CED51D-432B-45b2-A3E0-0CE2C24235D4}" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
33: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{60ACE49B-F247-4E12-B740-EF8DB1941D0F}" refers to invalid object "C:\Programme\ewido\security suite\context.dll". Action Taken: No Action Taken.
34: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{67800A63-C222-11D1-A1B3-080009AB3411}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
35: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{7E4A9BE4-7A58-4076-9E78-1A93434DA29D}" refers to invalid object "C:\DOKUME~1\N3E98~1.MIR\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
36: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{86FC1FC2-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\itproto\mDxEmul.mom". Action Taken: No Action Taken.
37: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{9F3595E2-B5CC-11D1-B76F-58BB04C10000}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
38: Tue Nov 08 21:05:56 2005 => Entry "HKCR\TypeLib\{9FD46A24-F9E8-11D1-A204-080009AB3411}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
39: Tue Nov 08 21:05:57 2005 => Entry "HKCR\TypeLib\{C1637F37-3FC8-4B37-B3B2-6CC5E202390D}" refers to invalid object "C:\Programme\MSN Messenger\msnmsgr.exe". Action Taken: No Action Taken.
40: Tue Nov 08 21:05:57 2005 => Entry "HKCR\TypeLib\{C8E100B3-6D59-11D1-A181-080009AB3411}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
41: Tue Nov 08 21:05:57 2005 => Entry "HKCR\TypeLib\{DFFAEA82-07FA-4440-9A52-D54EB21C627F}" refers to invalid object "C:\Programme\Alcohol Soft\Alcohol 120\AXShlEx.dll". Action Taken: No Action Taken.
42: Tue Nov 08 21:05:57 2005 => Entry "HKCR\TypeLib\{E02AD29E-80F5-46c6-B416-9B3EBDDF057E}" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
43: Tue Nov 08 21:05:57 2005 => Entry "HKCR\TypeLib\{E891EE9A-D0AE-4cb4-8871-F92C0109F18E}" refers to invalid object "C:\Programme\Adobe Photoshop CS2\Zusatzmodule\Adobe Photoshop Only\Automatisieren\Skriptunterstützung.8li". Action Taken: No Action Taken.
44: Tue Nov 08 21:05:57 2005 => Entry "HKCR\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}" refers to invalid object "C:\Programme\Accoona\ASearchAssist.dll". Action Taken: No Action Taken.
45: Tue Nov 08 21:05:57 2005 => Entry "HKCR\TypeLib\{FD6E3405-67CB-11D1-A17E-080009AB3411}" refers to invalid object "C:\itproto\Rmd8P2.MOM". Action Taken: No Action Taken.
46: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.ase" refers to invalid object "Photoshop.ExchangeableSwatchFile.9". Action Taken: No Action Taken.
47: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.cin" refers to invalid object "Photoshop.CINFile.9". Action Taken: No Action Taken.
48: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.cr2" refers to invalid object "Photoshop.CameraRawFileCanon2.9". Action Taken: No Action Taken.
49: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.crw" refers to invalid object "Photoshop.CameraRawFileCanon.9". Action Taken: No Action Taken.
50: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.dcr" refers to invalid object "Photoshop.CameraRawFileKodak.9". Action Taken: No Action Taken.
51: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.dng" refers to invalid object "Photoshop.CameraRawFileDigital.9". Action Taken: No Action Taken.
52: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.dpx" refers to invalid object "Photoshop.CINFile.9". Action Taken: No Action Taken.
53: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.erf" refers to invalid object "Photoshop.CameraRawFileEpson.9". Action Taken: No Action Taken.
54: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.exr" refers to invalid object "Photoshop.OpenEXRFile.9". Action Taken: No Action Taken.
55: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.fido" refers to invalid object "Photoshop.CINFile.9". Action Taken: No Action Taken.
56: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.hdr" refers to invalid object "Photoshop.PortableBitMapFile.9". Action Taken: No Action Taken.
57: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.kys" refers to invalid object "Photoshop.KYSFile.9". Action Taken: No Action Taken.
58: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.mnu" refers to invalid object "Photoshop.MenuCustomizationFile.9". Action Taken: No Action Taken.
59: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.mos" refers to invalid object "Photoshop.CameraRawFileLeaf.9". Action Taken: No Action Taken.
60: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.mrw" refers to invalid object "Photoshop.CameraRawFileMinolta.9". Action Taken: No Action Taken.
61: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.nef" refers to invalid object "Photoshop.CameraRawFileNikon.9". Action Taken: No Action Taken.
62: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.orf" refers to invalid object "Photoshop.CameraRawFileOlympus.9". Action Taken: No Action Taken.
63: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.pbm" refers to invalid object "Photoshop.RadianceFile.9". Action Taken: No Action Taken.
64: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.PCD" refers to invalid object "Photoshop.PCDFile.9". Action Taken: No Action Taken.
65: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.pcx" refers to invalid object "Photoshop.PCXFile.9". Action Taken: No Action Taken.
66: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.pdd" refers to invalid object "Photoshop.PDDFile.9". Action Taken: No Action Taken.
67: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.pef" refers to invalid object "Photoshop.CameraRawFilePentax.9". Action Taken: No Action Taken.
68: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.psb" refers to invalid object "Photoshop.PSBFile.9". Action Taken: No Action Taken.
69: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.raf" refers to invalid object "Photoshop.CameraRawFileFujifilm.9". Action Taken: No Action Taken.
70: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.rle" refers to invalid object "Photoshop.BMPFile.9". Action Taken: No Action Taken.
71: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.sdpx" refers to invalid object "Photoshop.CINFile.9". Action Taken: No Action Taken.
72: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.shh" refers to invalid object "Photoshop.SHHFile.9". Action Taken: No Action Taken.
73: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.srf" refers to invalid object "Photoshop.CameraRawFileSony.9". Action Taken: No Action Taken.
74: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.wbm" refers to invalid object "Photoshop.WBMFile.9". Action Taken: No Action Taken.
75: Tue Nov 08 21:05:57 2005 => Entry "HKCR\.x3f" refers to invalid object "Photoshop.CameraRawFileFoveon.9". Action Taken: No Action Taken.
76: Tue Nov 08 21:05:58 2005 => Entry "HKCR\Context.test" refers to invalid object "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}". Action Taken: No Action Taken.
77: Tue Nov 08 21:05:58 2005 => Entry "HKCR\Context.test.1" refers to invalid object "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}". Action Taken: No Action Taken.
78: Tue Nov 08 21:05:59 2005 => Entry "HKCR\Photoshop.Image.8" refers to invalid object "{3fd07b5f-b17a-4243-949b-94c5a9d2e465}". Action Taken: No Action Taken.
79: Tue Nov 08 21:05:59 2005 => Entry "HKCR\Photoshop.Image.9" refers to invalid object "{3fd07b5f-b17a-4243-949b-94c5a9d2e465}". Action Taken: No Action Taken.
80: Tue Nov 08 21:06:00 2005 => Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.
81: Tue Nov 08 21:06:00 2005 => Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.
82: Tue Nov 08 21:06:00 2005 => Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.
83: Tue Nov 08 21:06:00 2005 => Entry "HKCR\SWiSH.Movie" refers to invalid object "{C5178CAC-8D15-4AC1-85DB-C4D017218D43}". Action Taken: No Action Taken.
84: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX.zip is Not Scanned
85: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar.zip is Not Scanned
86: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar1.zip is Not Scanned
87: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar2.zip is Not Scanned
88: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar3.zip is Not Scanned
89: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar4.zip is Not Scanned
90: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar5.zip is Not Scanned
91: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar6.zip is Not Scanned
92: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc.zip is Not Scanned
93: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc1.zip is Not Scanned
94: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc2.zip is Not Scanned
95: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc3.zip is Not Scanned
96: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip is Not Scanned
97: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan1.zip is Not Scanned
98: Tue Nov 08 21:08:15 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan2.zip is Not Scanned
99: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan3.zip is Not Scanned
100: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan4.zip is Not Scanned
101: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechSideFind.zip is Not Scanned
102: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechSideFind1.zip is Not Scanned
103: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechSideFind2.zip is Not Scanned
104: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechSlotch.zip is Not Scanned
105: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechSlotch1.zip is Not Scanned
106: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechSlotch2.zip is Not Scanned
107: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant.zip is Not Scanned
108: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SurfAccuracy.zip is Not Scanned
109: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SurfAccuracy1.zip is Not Scanned
110: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SurfAccuracy2.zip is Not Scanned
111: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SurfAccuracy3.zip is Not Scanned
112: Tue Nov 08 21:08:16 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SurfAccuracy4.zip is Not Scanned
113: Tue Nov 08 21:08:17 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip is Not Scanned
114: Tue Nov 08 21:08:17 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride.zip is Not Scanned
115: Tue Nov 08 21:08:17 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterUpdateDisableNotify.zip is Not Scanned
116: Tue Nov 08 21:08:17 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WinsoftwareCommon.zip is Not Scanned
--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------
1: C:\Dokumente und Einstellungen\N. Mirtschin\Lokale Einstellungen\Temp\iinstall.exe => Trojan-Downloader.Win32.IstBar.mz
2: C:\Programme\TightVNC\VNCHooks.dll => tagged:RemoteAdmin.Win32.WinVNC-based.b.
3: C:\Programme\TightVNC\WinVNC.exe => tagged:RemoteAdmin.Win32.WinVNC-based.h.
4: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP105\A0020684.exe => Trojan-Downloader.Win32.Adload.j
5: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP106\A0021290.exe => Trojan-Downloader.Win32.VB.ri
6: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021677.exe => Trojan-Downloader.Win32.IstBar.gen
7: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021692.dll => Trojan.Win32.Crypt.t
8: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021693.exe => Trojan.Win32.Crypt.t
9: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021694.exe => Trojan.Win32.Crypt.t
10: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021695.dll => Trojan.Win32.Crypt.t
11: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021696.exe => Trojan.Win32.Crypt.t
12: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021698.exe => Trojan.Win32.Crypt.t
13: C:\System Volume Information\_restore{043080D7-CE7C-485D-A76A-AECAA80F8104}\RP112\A0021778.dll => Trojan.Win32.Crypt.t
14: C:\WINDOWS\Downloaded Program Files\UWFX5U_0001_LPNetInstaller.exe => tagged:Downloader.Win32.Agent.d.
15: C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GZA3FKBG\send_car_int[2].htm => Exploit.HTML.CodeBaseExec
16: C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GZA3FKBG\WinFixer2005ScannerInstallDE[1].cab => tagged:Downloader.Win32.Agent.d.
--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------
Tue Nov 08 21:58:54 2005 => Total Objects Scanned: 87212
Tue Nov 08 21:58:54 2005 => Total Virus(es) Found: 72
Tue Nov 08 21:58:54 2005 => Total Errors: 116
Tue Nov 08 21:58:54 2005 => Virus Database Date: 2005/11/08
Tue Nov 08 21:58:54 2005 => Virus Database Count: 158898
Tue Nov 08 22:02:58 2005 => Total Objects Scanned: 87212
Tue Nov 08 22:02:58 2005 => Total Virus(es) Found: 72
Tue Nov 08 22:02:58 2005 => Total Errors: 116
- Nadin_20
- Beiträge: 28
- Registriert: 28.12.2004, 21:29
- Wohnort: Düsseldorf
8 Beiträge • Seite 1 von 1
Ähnliche Themen
| plötzlich mehrere probleme Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
Probleme mit WinXP auf einem Laptop Amilo A beim Hochfahren Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
Probleme mit Onboard-Geräten Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
Probleme beim Installiern Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
HILFE ALLE MEINE ORDNERBERECHTIGUNG SIND WEG HILFE BITTE Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste