Informationsarchiv.net > Foren-Übersicht > Computerprobleme > Software-Hilfe
Warum kostenlos registrieren?

Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.

Login


Fehlermeldung beim runterfahren

Alles über Betriebssysteme, Anwenderprogramme und andere Software-Probleme.
Antwort erstellen

Fehlermeldung beim runterfahren

Beitragvon gonzo1 am 30.10.2005, 13:12

:?: Brauche Hilfe
Bei der Maus blinkt die ganze Zeit die Sanduhr aber wieso?
Und beim runterfahren kommt eine Fehlermeldung:
MDMD 3DIM.EXE - DLL Initialisierung fehlgeschlagen
Weiß jemand wieso?? :?: :D
gonzo1
 
Beiträge: 15
Registriert: 30.10.2005, 13:03
Nach oben

Beitragvon Fat_Mike am 30.10.2005, 13:19

Damit dir geholfen werden kann, brauchen wir zunächst mal ein HijackThis-log.
  1. erstelle einen Ordner Hijack This irgendwo auf deiner Festplatte (HijackThis muß nicht installiert werden, aber es braucht einen eigenen Ordner, damit es Backups erstellen kann)
  2. lad dir HijackThis z.B. hier runter -->
    http://www.downloads.subratam.org/hijackthis.zip
  3. speicher die Hijack This.zip, und entpacke sie anschließend in deinen HijackThis-Ordner
  4. führe das Programm aus, (einfach Doppelklick auf die EXE),
  5. drücke Do a system scan and save a logfile
  6. speicher das logfile
  7. das gespeicherte logfile öffnet sich automatisch im Text-Editor , markiere alles (mit „Bearbeiten --> alles markieren“ oder über „Strg + A“), und kopiere es (mit „Rechtsklick --> Kopieren“ oder über "Strg + C")
  8. schreibe eine Antwort in deinem eigenen Beitrag (klick „post reply“) und füge das komplette logfile in deine Antwort ein (mit „Rechtsklick --> Einfügen“ oder über „Strg + V“), dann können die Experten dir sagen, was Sache ist.

oder lies dir die Anleitung hier mal durch -->
http://yourhighness.eddys-domain.de/hijackthis.html
Created by Miezmutz



gruss
fat.
Fat_Mike
 
Beiträge: 2198
Registriert: 22.07.2005, 11:55
Wohnort: Dortmund
Nach oben

Beitragvon gonzo1 am 30.10.2005, 13:38

Logfile of HijackThis v1.99.1
Scan saved at 12:35:13, on 30.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\PowerS.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\ASUS\ASUS Remote Master\Remote Master.exe
C:\Programme\CyberLink Media Carnival\PowerVCR II\Agent.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\ISTsvc\istsvc.exe
gonzo1
 
Beiträge: 15
Registriert: 30.10.2005, 13:03
Nach oben

Beitragvon gonzo1 am 30.10.2005, 13:50

Sorry das oben ist nicht vollständig!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Logfile of HijackThis v1.99.
Scan saved at 12:35:13, on 30.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\PowerS.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\ASUS\ASUS Remote Master\Remote Master.exe
C:\Programme\CyberLink Media Carnival\PowerVCR II\Agent.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\ISTsvc\istsvc.exe
C:\WINDOWS\ermxbc.exe
C:\Programme\SurfAccuracy\SAcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\MSMSGS.EXE
C:\Programme\phonostar\ps_agent.exe
C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programme\SideFind\sfbho.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Programme\YourSiteBar\ysb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [remotecontrol] C:\Programme\ASUS\ASUS Remote Master\Remote Master.exe
O4 - HKLM\..\Run: [Agent] "C:\Programme\CyberLink Media Carnival\PowerVCR II\Agent.exe"
O4 - HKLM\..\Run: [Remote_Agent] "C:\Programme\CyberLink Media Carnival\PowerVCR II\RemoteAgent.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [C5VEBcb9] C:\WINDOWS\ermxbc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Á³#  L"h'þ9Óœð3rÅWC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\ermxbc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe
O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 8.0 Tray-Symbol.lnk = C:\Programme\AOL 8.0\aoltray.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4. ... egular.cab
O16 - DPF: {67F02384-3864-4BCE-A408-EDD9BD565D51} (DemoShield DemoNow Class) - http://www.maerklin.de/specials/steuern ... emonow.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www6.pc-sicherheit.web.de/ols/fscax.cab
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
gonzo1
 
Beiträge: 15
Registriert: 30.10.2005, 13:03
Nach oben

Beitragvon Fat_Mike am 30.10.2005, 14:16

au backe. das sieht nicht gut aus. besorg dir das tool ad aware (http://www.lavasoft.de/) und führe einen kompletten scan durch.
die gefundenen einträge lässt du durch das programm entfernen. damit können wir schonmal einen teil bereinigen.

anschliessend poste bitte ein neues hijackthis log, dann sehen wir uns den rest an.


gruss
fat.
Fat_Mike
 
Beiträge: 2198
Registriert: 22.07.2005, 11:55
Wohnort: Dortmund
Nach oben

Beitragvon Holy Marcell am 30.10.2005, 14:41

"au backe. das sieht nicht gut aus." um nicht zu sagen Beschissen.

Deinstalliere über die Software:

~ISTsvc
~SurfAccuraty
~SideFind
~YourSitebar

Dann sehen wir uns mit einem neuen HJT-log wieder.
Holy Marcell
 
Nach oben

Beitragvon Fat_Mike am 30.10.2005, 14:42

ich fürchte, die werden sich über software nicht wirklich deinstallieren lassen...


gruss
fat.
Fat_Mike
 
Beiträge: 2198
Registriert: 22.07.2005, 11:55
Wohnort: Dortmund
Nach oben

Beitragvon gonzo1 am 30.10.2005, 20:25

Logfile of HijackThis v1.99.1
Scan saved at 19:24:30, on 30.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\PowerS.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\ASUS\ASUS Remote Master\Remote Master.exe
C:\Programme\CyberLink Media Carnival\PowerVCR II\Agent.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\MSMSGS.EXE
C:\Programme\phonostar\ps_agent.exe
C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [remotecontrol] C:\Programme\ASUS\ASUS Remote Master\Remote Master.exe
O4 - HKLM\..\Run: [Agent] "C:\Programme\CyberLink Media Carnival\PowerVCR II\Agent.exe"
O4 - HKLM\..\Run: [Remote_Agent] "C:\Programme\CyberLink Media Carnival\PowerVCR II\RemoteAgent.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C5VEBcb9] C:\WINDOWS\ermxbc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe
O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 8.0 Tray-Symbol.lnk = C:\Programme\AOL 8.0\aoltray.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4. ... egular.cab
O16 - DPF: {67F02384-3864-4BCE-A408-EDD9BD565D51} (DemoShield DemoNow Class) - http://www.maerklin.de/specials/steuern ... emonow.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www6.pc-sicherheit.web.de/ols/fscax.cab
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
gonzo1
 
Beiträge: 15
Registriert: 30.10.2005, 13:03
Nach oben

Beitragvon gonzo1 am 30.10.2005, 21:15

Und jetzt nach dem löschen der programme und nach dem bereinigen mit dem Programm!! 8) Die Sanduhr blinkt nicht mehr :wink: und hier zum nachschauen:
Logfile of HijackThis v1.99.1
Scan saved at 20:08:40, on 30.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\PowerS.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\ASUS\ASUS Remote Master\Remote Master.exe
C:\Programme\CyberLink Media Carnival\PowerVCR II\Agent.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\MSMSGS.EXE
C:\Programme\phonostar\ps_agent.exe
C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [remotecontrol] C:\Programme\ASUS\ASUS Remote Master\Remote Master.exe
O4 - HKLM\..\Run: [Agent] "C:\Programme\CyberLink Media Carnival\PowerVCR II\Agent.exe"
O4 - HKLM\..\Run: [Remote_Agent] "C:\Programme\CyberLink Media Carnival\PowerVCR II\RemoteAgent.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C5VEBcb9] C:\WINDOWS\ermxbc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe
O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 8.0 Tray-Symbol.lnk = C:\Programme\AOL 8.0\aoltray.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4. ... egular.cab
O16 - DPF: {67F02384-3864-4BCE-A408-EDD9BD565D51} (DemoShield DemoNow Class) - http://www.maerklin.de/specials/steuern ... emonow.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www6.pc-sicherheit.web.de/ols/fscax.cab
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
gonzo1
 
Beiträge: 15
Registriert: 30.10.2005, 13:03
Nach oben

Beitragvon Holy Marcell am 30.10.2005, 21:50

Schon besser:
==============================

Hijack This Starten ==> Button: Noone of the above just start the programm ==> Button Scan ==> Die Checkbox vor folgenden Einträgen Aktiviren ==> Button Fix Checked ==> Neustart

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [C5VEBcb9] C:\WINDOWS\ermxbc.exe

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4. ... egular.cab

==============================

==============================

Arbeite diese Anleitung bitte vollständig ab und poste das Ergebniss:
http://yourhighness.eddys-domain.de/escan.html

==============================

==============================

Führe den CrapCleaner aus und hake alles an:
http://virus-protect.net/temp.html

Lade dir Ewido, Scanne, poste den Report und deinsatlliere es nach getaener Arbeit (Virenentfernung)
http://virus-protect.net/ewido.html

========================
Holy Marcell
 
Nach oben

Beitragvon gonzo1 am 01.11.2005, 18:38

Hier das neue Ergebnis :
Logfile of HijackThis v1.99.1
Scan saved at 17:35:41, on 01.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\PowerS.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\ASUS\ASUS Remote Master\Remote Master.exe
C:\Programme\CyberLink Media Carnival\PowerVCR II\Agent.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\MSMSGS.EXE
C:\Programme\phonostar\ps_agent.exe
C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.de/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [remotecontrol] C:\Programme\ASUS\ASUS Remote Master\Remote Master.exe
O4 - HKLM\..\Run: [Agent] "C:\Programme\CyberLink Media Carnival\PowerVCR II\Agent.exe"
O4 - HKLM\..\Run: [Remote_Agent] "C:\Programme\CyberLink Media Carnival\PowerVCR II\RemoteAgent.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C5VEBcb9] C:\WINDOWS\ermxbc.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe
O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 8.0 Tray-Symbol.lnk = C:\Programme\AOL 8.0\aoltray.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67F02384-3864-4BCE-A408-EDD9BD565D51} (DemoShield DemoNow Class) - http://www.maerklin.de/specials/steuern ... emonow.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www6.pc-sicherheit.web.de/ols/fscax.cab
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Besser??? :roll:
gonzo1
 
Beiträge: 15
Registriert: 30.10.2005, 13:03
Nach oben

Beitragvon Holy Marcell am 01.11.2005, 20:33

ich bekomme da noch etwas von dir:
Holy_Marcell hat geschrieben:==============================

Arbeite diese Anleitung bitte vollständig ab und poste das Ergebniss:
http://yourhighness.eddys-domain.de/escan.html

==============================

Lade dir Ewido, Scanne, poste den Report und deinsatlliere es nach getaener Arbeit (Virenentfernung)
http://virus-protect.net/ewido.html

========================


Lasse diese Datei überprüfen und Poste das ergebniss:

~C:\WINDOWS\ermxbc.exe

http://www.virustotal.com/flash/index_en.html

===========================
Holy Marcell
 
Nach oben

Beitragvon gonzo1 am 03.11.2005, 14:10

--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Thu Nov 03 11:34:03 2005 => File C:\WINDOWS\system32\shsassam.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
2: Thu Nov 03 11:34:54 2005 => Offending file found: C:\DOKUME~1\CHRIST~1.NAM\LOKALE~1\Temp\iinstall.exe
3: Thu Nov 03 11:34:54 2005 => System found infected with istbar Spyware/Adware (iinstall.exe)! Action taken: No Action Taken.
4: Thu Nov 03 11:34:54 2005 => Offending file found: C:\DOKUME~1\CHRIST~1.NAM\LOKALE~1\Temp\insthelp.dll
5: Thu Nov 03 11:34:54 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.
6: Thu Nov 03 11:35:02 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Desktop\spiele\ct\config.dat
7: Thu Nov 03 11:35:02 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.
8: Thu Nov 03 11:35:08 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\temp\iinstall.exe
9: Thu Nov 03 11:35:08 2005 => System found infected with istbar Spyware/Adware (iinstall.exe)! Action taken: No Action Taken.
10: Thu Nov 03 11:35:08 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\temp\insthelp.dll
11: Thu Nov 03 11:35:08 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.
12: Thu Nov 03 11:35:11 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\temporary internet files\content.ie5\avuvwlm9\formie[1].css
13: Thu Nov 03 11:35:11 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.
14: Thu Nov 03 11:35:12 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\temporary internet files\content.ie5\mzwxm34l\common[1].js
15: Thu Nov 03 11:35:12 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
16: Thu Nov 03 11:35:12 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\temporary internet files\content.ie5\mzwxm34l\global[1].js
17: Thu Nov 03 11:35:12 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.
18: Thu Nov 03 11:35:13 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\temporary internet files\content.ie5\uf076vet\show_ads[2].js
19: Thu Nov 03 11:35:13 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
20: Thu Nov 03 11:35:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\temporary internet files\content.ie5\wrcpinqh\common[1].js
21: Thu Nov 03 11:35:14 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
22: Thu Nov 03 11:35:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\temporary internet files\content.ie5\wrcpinqh\global[1].js
23: Thu Nov 03 11:35:14 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.
24: Thu Nov 03 11:35:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\temporary internet files\content.ie5\wrcpinqh\s_code[1].js
25: Thu Nov 03 11:35:14 2005 => System found infected with whenu.savenow Spyware/Adware (s_code[1].js)! Action taken: No Action Taken.
26: Thu Nov 03 11:35:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\temporary internet files\content.ie5\wrcpinqh\ticker[1].js
27: Thu Nov 03 11:35:14 2005 => System found infected with whenu.savenow Spyware/Adware (ticker[1].js)! Action taken: No Action Taken.
28: Thu Nov 03 11:35:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\Temporary Internet Files\content.ie5\avuvwlm9\formie[1].css
29: Thu Nov 03 11:35:14 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.
30: Thu Nov 03 11:35:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\Temporary Internet Files\content.ie5\mzwxm34l\common[1].js
31: Thu Nov 03 11:35:14 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
32: Thu Nov 03 11:35:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\Temporary Internet Files\content.ie5\mzwxm34l\global[1].js
33: Thu Nov 03 11:35:14 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.
34: Thu Nov 03 11:35:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\Temporary Internet Files\content.ie5\uf076vet\show_ads[2].js
35: Thu Nov 03 11:35:14 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
36: Thu Nov 03 11:35:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\Temporary Internet Files\content.ie5\wrcpinqh\common[1].js
37: Thu Nov 03 11:35:14 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
38: Thu Nov 03 11:35:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\Temporary Internet Files\content.ie5\wrcpinqh\global[1].js
39: Thu Nov 03 11:35:14 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.
40: Thu Nov 03 11:35:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\Temporary Internet Files\content.ie5\wrcpinqh\s_code[1].js
41: Thu Nov 03 11:35:14 2005 => System found infected with whenu.savenow Spyware/Adware (s_code[1].js)! Action taken: No Action Taken.
42: Thu Nov 03 11:35:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\Temporary Internet Files\content.ie5\wrcpinqh\ticker[1].js
43: Thu Nov 03 11:35:14 2005 => System found infected with whenu.savenow Spyware/Adware (ticker[1].js)! Action taken: No Action Taken.
44: Thu Nov 03 11:35:16 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
45: Thu Nov 03 11:35:16 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
46: Thu Nov 03 11:37:26 2005 => File C:\WINDOWS\system32\shsassam.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
47: Thu Nov 03 11:37:29 2005 => File C:\WINDOWS\system32\spismsfi.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
48: Thu Nov 03 11:38:03 2005 => File C:\DOKUME~1\CHRIST~1.NAM\LOKALE~1\Temp\iinstall.exe infected by "Trojan-Downloader.Win32.IstBar.lw" Virus! Action Taken: No Action Taken.
49: Thu Nov 03 11:43:19 2005 => File C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\Temp\iinstall.exe infected by "Trojan-Downloader.Win32.IstBar.lw" Virus! Action Taken: No Action Taken.
50: Thu Nov 03 12:23:59 2005 => File C:\Programme\Norton AntiVirus\Quarantine\02493575.class infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
51: Thu Nov 03 12:23:59 2005 => File C:\Programme\Norton AntiVirus\Quarantine\02493575.zip infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
52: Thu Nov 03 12:23:59 2005 => File C:\Programme\Norton AntiVirus\Quarantine\024C5F72.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus! Action Taken: No Action Taken.
53: Thu Nov 03 12:23:59 2005 => File C:\Programme\Norton AntiVirus\Quarantine\060C60CD.class infected by "Trojan.Java.ClassLoader.u" Virus! Action Taken: No Action Taken.
54: Thu Nov 03 12:23:59 2005 => File C:\Programme\Norton AntiVirus\Quarantine\068E1F47.tmp infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
55: Thu Nov 03 12:23:59 2005 => File C:\Programme\Norton AntiVirus\Quarantine\069E6EB2.tmp infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
56: Thu Nov 03 12:23:59 2005 => File C:\Programme\Norton AntiVirus\Quarantine\08E41086.tmp infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
57: Thu Nov 03 12:24:00 2005 => File C:\Programme\Norton AntiVirus\Quarantine\137B637C.tmp infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
58: Thu Nov 03 12:24:00 2005 => File C:\Programme\Norton AntiVirus\Quarantine\18C669CF.tmp infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
59: Thu Nov 03 12:24:00 2005 => File C:\Programme\Norton AntiVirus\Quarantine\19597213.tmp infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
60: Thu Nov 03 12:24:00 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1A541074.tmp infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
61: Thu Nov 03 12:24:00 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1A573A71.tmp infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
62: Thu Nov 03 12:24:00 2005 => File C:\Programme\Norton AntiVirus\Quarantine\21973E1C.tmp infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
63: Thu Nov 03 12:24:00 2005 => File C:\Programme\Norton AntiVirus\Quarantine\24240B4D.tmp infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
64: Thu Nov 03 12:24:01 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2B273E4E.tmp infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
65: Thu Nov 03 12:24:01 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2B9A6DD6.tmp infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
66: Thu Nov 03 12:24:01 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3A530E5A.tmp infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
67: Thu Nov 03 12:24:01 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3E476DB5.tmp infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
68: Thu Nov 03 12:24:01 2005 => File C:\Programme\Norton AntiVirus\Quarantine\41A53A01.tmp infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
69: Thu Nov 03 12:24:01 2005 => File C:\Programme\Norton AntiVirus\Quarantine\41A963FD.tmp infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
70: Thu Nov 03 12:24:02 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4779279A.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
71: Thu Nov 03 12:24:02 2005 => File C:\Programme\Norton AntiVirus\Quarantine\48C2065A.tmp infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
72: Thu Nov 03 12:24:02 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4BD863B5.tmp infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
73: Thu Nov 03 12:24:02 2005 => File C:\Programme\Norton AntiVirus\Quarantine\51DF4192.tmp infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
74: Thu Nov 03 12:24:02 2005 => File C:\Programme\Norton AntiVirus\Quarantine\52621A92.tmp infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
75: Thu Nov 03 12:24:02 2005 => File C:\Programme\Norton AntiVirus\Quarantine\561B3151.tmp infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
76: Thu Nov 03 12:24:02 2005 => File C:\Programme\Norton AntiVirus\Quarantine\561E5B4D.tmp infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
77: Thu Nov 03 12:24:02 2005 => File C:\Programme\Norton AntiVirus\Quarantine\60852ECC.tmp infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
78: Thu Nov 03 12:24:03 2005 => File C:\Programme\Norton AntiVirus\Quarantine\608858C8.tmp infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
79: Thu Nov 03 12:24:03 2005 => File C:\Programme\Norton AntiVirus\Quarantine\643248AC.tmp infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
80: Thu Nov 03 12:24:03 2005 => File C:\Programme\Norton AntiVirus\Quarantine\68953823.tmp infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
81: Thu Nov 03 12:24:03 2005 => File C:\Programme\Norton AntiVirus\Quarantine\69F525AF.tmp infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
82: Thu Nov 03 12:24:03 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6F2C39F2.tmp infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
83: Thu Nov 03 12:24:03 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6F2F63EE.tmp infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
84: Thu Nov 03 12:24:03 2005 => File C:\Programme\Norton AntiVirus\Quarantine\75D5569E.tmp infected by "Trojan.Java.ClassLoader.b" Virus! Action Taken: No Action Taken.
85: Thu Nov 03 12:24:04 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77484A3B.tmp infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
86: Thu Nov 03 12:24:04 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7E2F2963.tmp infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
87: Thu Nov 03 12:26:43 2005 => File C:\RECYCLER\S-1-5-21-4107944520-4121981136-756533935-1006\Dc223\backups\backup-20051030-215004-943.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
88: Thu Nov 03 12:33:04 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP152\A0085719.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus! Action Taken: No Action Taken.
89: Thu Nov 03 12:38:43 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP185\A0089297.exe infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus! Action Taken: No Action Taken.
90: Thu Nov 03 12:41:35 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP186\A0094423.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
91: Thu Nov 03 12:59:21 2005 => File C:\WINDOWS\system32\shsassam.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
92: Thu Nov 03 12:59:24 2005 => File C:\WINDOWS\system32\spismsfi.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Thu Nov 03 12:27:46 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP111\A0069443.exe tagged as "not-a-virus:AdWare.Win32.Hotbar.an". Action Taken: No Action Taken.
2: Thu Nov 03 12:27:46 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP111\A0069444.dll tagged as "not-a-virus:AdWare.Win32.HotBar.be". Action Taken: No Action Taken.
3: Thu Nov 03 12:27:46 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP111\A0069445.exe tagged as "not-a-virus:AdWare.Win32.Hotbar.ar". Action Taken: No Action Taken.
4: Thu Nov 03 12:27:47 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP111\A0069447.dll tagged as "not-a-virus:AdWare.Win32.HotBar.be". Action Taken: No Action Taken.
5: Thu Nov 03 12:27:47 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP111\A0069449.exe tagged as "not-a-virus:AdWare.Win32.HotBar.bh". Action Taken: No Action Taken.
6: Thu Nov 03 12:27:47 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP111\A0069451.dll tagged as "not-a-virus:AdWare.Win32.HotBar.bk". Action Taken: No Action Taken.
7: Thu Nov 03 12:27:48 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP111\A0069454.exe tagged as "not-a-virus:AdWare.Win32.HotBar.bd". Action Taken: No Action Taken.
8: Thu Nov 03 12:27:48 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP111\A0069456.exe tagged as "not-a-virus:AdWare.Win32.HotBar.bh". Action Taken: No Action Taken.
9: Thu Nov 03 12:27:48 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP111\A0069457.dll tagged as "not-a-virus:AdWare.Win32.HotBar.av". Action Taken: No Action Taken.
10: Thu Nov 03 12:27:48 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP111\A0069458.dll tagged as "not-a-virus:AdWare.Win32.HotBar.be". Action Taken: No Action Taken.
11: Thu Nov 03 12:27:48 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP111\A0070436.dll tagged as "not-a-virus:AdWare.Win32.Hotbar.ar". Action Taken: No Action Taken.
12: Thu Nov 03 12:27:48 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP111\A0070437.dll tagged as "not-a-virus:AdWare.Win32.HotBar.be". Action Taken: No Action Taken.
13: Thu Nov 03 12:28:09 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP112\A0072784.exe tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
14: Thu Nov 03 12:41:35 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP186\A0094428.exe tagged as "not-a-virus:AdWare.Win32.SurfAccuracy.d". Action Taken: No Action Taken.
15: Thu Nov 03 12:41:36 2005 => File C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP186\A0094444.dll tagged as "not-a-virus:AdWare.Win32.SideFind". Action Taken: No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Thu Nov 03 11:34:21 2005 => ERROR!!! Invalid Entry C5VEBcb9 = C:\WINDOWS\ermxbc.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
2: Thu Nov 03 11:34:42 2005 => ERROR!!! Invalid Entry \??\C:\Programme\TGTSoft\StyleXP\StyleXPHelper.exe in SYSTEM\CurrentControlSet\Services\StyleXPHelper...
3: Thu Nov 03 11:35:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ysbactivex.dll". Action Taken: No Action Taken.
4: Thu Nov 03 11:35:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
5: Thu Nov 03 11:35:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
6: Thu Nov 03 11:35:24 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe\Photoshop Album\Kataloge\My Catalog.psa". Action Taken: No Action Taken.
7: Thu Nov 03 11:35:24 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ysbactivex.dll". Action Taken: No Action Taken.
8: Thu Nov 03 11:35:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
9: Thu Nov 03 11:35:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe" refers to invalid object "C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Desktop\hijackthis\hijackthis.exe". Action Taken: No Action Taken.
10: Thu Nov 03 11:35:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Moorhuhn 4 Teile" refers to invalid object "C:\Phenomedia AG\Moorhuhn 4 Teile\Moorhuhn 4 Teile". Action Taken: No Action Taken.
11: Thu Nov 03 11:35:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken.
12: Thu Nov 03 11:35:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe" refers to invalid object "C:\Programme\SCM PC Card\ReadKVK\YourApp.exe". Action Taken: No Action Taken.
13: Thu Nov 03 11:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\InstantCDDVD\Projects\". Action Taken: No Action Taken.
14: Thu Nov 03 11:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\InstantCDDVD\". Action Taken: No Action Taken.
15: Thu Nov 03 11:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\InstantCDDVD\Labels\". Action Taken: No Action Taken.
16: Thu Nov 03 11:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\InstantCDDVD\Audio\". Action Taken: No Action Taken.
17: Thu Nov 03 11:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Pinnacle Expression\Captured Video\". Action Taken: No Action Taken.
18: Thu Nov 03 11:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Pinnacle Expression\". Action Taken: No Action Taken.
19: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asp?FORM=AS35&srch=5&q=map24+hegau". Action Taken: No Action Taken.
20: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".b". Action Taken: No Action Taken.
21: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".Cns". Action Taken: No Action Taken.
22: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".con". Action Taken: No Action Taken.
23: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dff". Action Taken: No Action Taken.
24: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dsp". Action Taken: No Action Taken.
25: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".image". Action Taken: No Action Taken.
26: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mds". Action Taken: No Action Taken.
27: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
28: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php?controller=Download&DokKey=P0710&Format=doc". Action Taken: No Action Taken.
29: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rdb". Action Taken: No Action Taken.
30: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".RTP". Action Taken: No Action Taken.
31: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sc4". Action Taken: No Action Taken.
32: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sln". Action Taken: No Action Taken.
33: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tag". Action Taken: No Action Taken.
34: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".txd". Action Taken: No Action Taken.
35: Thu Nov 03 11:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
36: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
37: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB282010". Action Taken: No Action Taken.
38: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817778". Action Taken: No Action Taken.
39: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB820291". Action Taken: No Action Taken.
40: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821253". Action Taken: No Action Taken.
41: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821557". Action Taken: No Action Taken.
42: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken.
43: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823559". Action Taken: No Action Taken.
44: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823980". Action Taken: No Action Taken.
45: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
46: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.
47: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
48: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
49: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
50: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB890923-IE6SP1-20050225.103456". Action Taken: No Action Taken.
51: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA". Action Taken: No Action Taken.
52: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
53: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q322011". Action Taken: No Action Taken.
54: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.
55: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q328310". Action Taken: No Action Taken.
56: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329048". Action Taken: No Action Taken.
57: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329115". Action Taken: No Action Taken.
58: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329170". Action Taken: No Action Taken.
59: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329390". Action Taken: No Action Taken.
60: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329441". Action Taken: No Action Taken.
61: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329834". Action Taken: No Action Taken.
62: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810565". Action Taken: No Action Taken.
63: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810577". Action Taken: No Action Taken.
64: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810833". Action Taken: No Action Taken.
65: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q811493". Action Taken: No Action Taken.
66: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814033". Action Taken: No Action Taken.
67: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken.
68: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815021". Action Taken: No Action Taken.
69: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815485". Action Taken: No Action Taken.
70: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817606". Action Taken: No Action Taken.
71: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WFX5U_is1". Action Taken: No Action Taken.
72: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}". Action Taken: No Action Taken.
73: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7B802DE5-84E5-4503-965B-2ABFFC78506A}". Action Taken: No Action Taken.
74: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000702}". Action Taken: No Action Taken.
75: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000703}". Action Taken: No Action Taken.
76: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000704}". Action Taken: No Action Taken.
77: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B005394D-5A4D-6AE4-CB08-F59CDC9A255C}". Action Taken: No Action Taken.
78: Thu Nov 03 11:35:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B6F867E8-F092-4C5E-7D72-AC7057DBEF45}". Action Taken: No Action Taken.
79: Thu Nov 03 11:35:32 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
80: Thu Nov 03 11:35:33 2005 => Entry "HKCR\CLSID\{BBCF0215-BE43-40E0-88ED-F50B8A28CCC5}" refers to invalid object "C:\PROGRA~1\WEB.DE\WEB~1.DES\TraySvr.exe". Action Taken: No Action Taken.
81: Thu Nov 03 11:35:35 2005 => Entry "HKCR\TypeLib\{60ACE49B-F247-4E12-B740-EF8DB1941D0F}" refers to invalid object "C:\Programme\ewido\security suite\context.dll". Action Taken: No Action Taken.
82: Thu Nov 03 11:35:35 2005 => Entry "HKCR\TypeLib\{8B5CC0D7-CD17-4849-A3E1-EA2C681D8C73}" refers to invalid object "C:\Programme\WEB.DE\WEB.DE Screensaver\TraySvr.exe". Action Taken: No Action Taken.
83: Thu Nov 03 11:35:36 2005 => Entry "HKCR\TypeLib\{B55B9108-FF52-474f-A15C-03DE72F52E33}" refers to invalid object "piproj.dll". Action Taken: No Action Taken.
84: Thu Nov 03 11:35:36 2005 => Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
85: Thu Nov 03 11:35:37 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
86: Thu Nov 03 11:35:37 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
87: Thu Nov 03 11:35:37 2005 => Entry "HKCR\Automap.Map.EU" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
88: Thu Nov 03 11:35:37 2005 => Entry "HKCR\Automap.Map.EU.11" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
89: Thu Nov 03 11:35:37 2005 => Entry "HKCR\Automap.Template.EU.11" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
90: Thu Nov 03 11:35:37 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
91: Thu Nov 03 11:35:37 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
92: Thu Nov 03 11:35:37 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
93: Thu Nov 03 11:35:37 2005 => Entry "HKCR\Context.test" refers to invalid object "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}". Action Taken: No Action Taken.
94: Thu Nov 03 11:35:37 2005 => Entry "HKCR\Context.test.1" refers to invalid object "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}". Action Taken: No Action Taken.
95: Thu Nov 03 11:35:39 2005 => Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
96: Thu Nov 03 11:35:39 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
97: Thu Nov 03 11:35:39 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
98: Thu Nov 03 11:35:39 2005 => Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
99: Thu Nov 03 11:35:39 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
100: Thu Nov 03 11:35:39 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
101: Thu Nov 03 11:35:40 2005 => Entry "HKCR\steam\shell\open\command" refers to invalid object ""C:\Programme\Valve\Steam\Steam.exe" "%1"". Action Taken: No Action Taken.
102: Thu Nov 03 11:35:40 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
103: Thu Nov 03 11:35:40 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
104: Thu Nov 03 11:35:40 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
105: Thu Nov 03 11:40:56 2005 => ERROR!!! FindFirstFile For C:\Dokumente und Einstellungen\1\Eigene Dateien\Biuro Wczsów PRZYMORZE leba-Dateien\Turystyka i Wedkarstwo Morskie HALNY-Dateien\*.* Failed!!! Reason is Das System kann den angegebenen Pfad nicht finden. (0x3)
106: Thu Nov 03 11:40:56 2005 => ERROR!!! FindFirstFile For C:\Dokumente und Einstellungen\1\Eigene Dateien\Biuro Wczsów PRZYMORZE leba-Dateien\Leba i okolice - promocyjny serwis p-Dateien\*.* Failed!!! Reason is Das System kann den angegebenen Pfad nicht finden. (0x3)
107: Thu Nov 03 11:40:56 2005 => ERROR!!! FindFirstFile For C:\Dokumente und Einstellungen\1\Eigene Dateien\Biuro Wczsów PRZYMORZE leba-Dateien\Leba i okolice - promocyjny serwis-Dateien\*.* Failed!!! Reason is Das System kann den angegebenen Pfad nicht finden. (0x3)
108: Thu Nov 03 11:40:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\1\Recent\Leba i okolice - promocyjny serwis.lnk: Scanning Failure!!!
109: Thu Nov 03 11:40:56 2005 => ERROR!!! ScanFile fails for C:\Dokumente und Einstellungen\1\Recent\Leba i okolice - promocyjny serwis.lnk
110: Thu Nov 03 11:40:56 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\1\Recent\Leba i okolice - promocyjny ses turystyczny.lnk: Scanning Failure!!!
111: Thu Nov 03 11:40:56 2005 => ERROR!!! ScanFile fails for C:\Dokumente und Einstellungen\1\Recent\Leba i okolice - promocyjny ses turystyczny.lnk
112: Thu Nov 03 11:44:31 2005 => ERROR!!! FindFirstFile For C:\Dokumente und Einstellungen\iternet\Eigene Dateien\Eigene Musik\Krzysztof Krawczyk\To,co w zyciu wazne\*.* Failed!!! Reason is Das System kann den angegebenen Pfad nicht finden. (0x3)
113: Thu Nov 03 11:44:31 2005 => ERROR!!! FindFirstFile For C:\Dokumente und Einstellungen\iternet\Eigene Dateien\Eigene Musik\lzy\*.* Failed!!! Reason is Das System kann den angegebenen Pfad nicht finden. (0x3)
114: Thu Nov 03 11:44:32 2005 => ERROR!!! FindFirstFile For C:\Dokumente und Einstellungen\stefan\Eigene Dateien\Eigene Musik\Krzysztof Krawczyk\To,co w zyciu wazne\*.* Failed!!! Reason is Das System kann den angegebenen Pfad nicht finden. (0x3)
115: Thu Nov 03 11:44:32 2005 => ERROR!!! FindFirstFile For C:\Dokumente und Einstellungen\stefan\Eigene Dateien\Eigene Musik\lzy\*.* Failed!!! Reason is Das System kann den angegebenen Pfad nicht finden. (0x3)
116: Thu Nov 03 11:44:33 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\stefan.GONZO\Recent\Turystyka i Wedkarstwo Morskie HALNY.lnk: Scanning Failure!!!
117: Thu Nov 03 11:44:33 2005 => ERROR!!! ScanFile fails for C:\Dokumente und Einstellungen\stefan.GONZO\Recent\Turystyka i Wedkarstwo Morskie HALNY.lnk
118: Thu Nov 03 12:56:17 2005 => ERROR!!! FindFirstFile For C:\WINDOWS\system32\config\systemprofile\Eigene Dateien\Eigene Musik\Krzysztof Krawczyk\To,co w zyciu wazne\*.* Failed!!! Reason is Das System kann den angegebenen Pfad nicht finden. (0x3)
119: Thu Nov 03 12:56:17 2005 => ERROR!!! FindFirstFile For C:\WINDOWS\system32\config\systemprofile\Eigene Dateien\Eigene Musik\lzy\*.* Failed!!! Reason is Das System kann den angegebenen Pfad nicht finden. (0x3)

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\WINDOWS\system32\shsassam.dll => Trojan.Win32.Crypt.t
2: C:\WINDOWS\system32\spismsfi.exe => Trojan.Win32.Crypt.t
3: C:\DOKUME~1\CHRIST~1.NAM\LOKALE~1\Temp\iinstall.exe => Trojan-Downloader.Win32.IstBar.lw
4: C:\Dokumente und Einstellungen\Christian.NAME-O4KGD4YBHN\Lokale Einstellungen\Temp\iinstall.exe => Trojan-Downloader.Win32.IstBar.lw
5: C:\Programme\Norton AntiVirus\Quarantine\02493575.class => Trojan.Java.ClassLoader.b
6: C:\Programme\Norton AntiVirus\Quarantine\02493575.zip => Trojan.Java.ClassLoader.b
7: C:\Programme\Norton AntiVirus\Quarantine\024C5F72.class => Trojan.Java.ClassLoader.Dummy.a
8: C:\Programme\Norton AntiVirus\Quarantine\060C60CD.class => Trojan.Java.ClassLoader.u
9: C:\Programme\Norton AntiVirus\Quarantine\068E1F47.tmp => Exploit.Java.ByteVerify
10: C:\Programme\Norton AntiVirus\Quarantine\069E6EB2.tmp => Trojan.Java.ClassLoader.b
11: C:\Programme\Norton AntiVirus\Quarantine\08E41086.tmp => Exploit.Java.ByteVerify
12: C:\Programme\Norton AntiVirus\Quarantine\137B637C.tmp => Trojan.Java.ClassLoader.b
13: C:\Programme\Norton AntiVirus\Quarantine\18C669CF.tmp => Trojan.Java.ClassLoader.b
14: C:\Programme\Norton AntiVirus\Quarantine\19597213.tmp => Exploit.Java.ByteVerify
15: C:\Programme\Norton AntiVirus\Quarantine\1A541074.tmp => Trojan.Java.ClassLoader.b
16: C:\Programme\Norton AntiVirus\Quarantine\1A573A71.tmp => Exploit.Java.ByteVerify
17: C:\Programme\Norton AntiVirus\Quarantine\21973E1C.tmp => Trojan.Java.ClassLoader.b
18: C:\Programme\Norton AntiVirus\Quarantine\24240B4D.tmp => Trojan.Java.ClassLoader.b
19: C:\Programme\Norton AntiVirus\Quarantine\2B273E4E.tmp => Exploit.Java.ByteVerify
20: C:\Programme\Norton AntiVirus\Quarantine\2B9A6DD6.tmp => Trojan.Java.ClassLoader.b
21: C:\Programme\Norton AntiVirus\Quarantine\3A530E5A.tmp => Trojan.Java.ClassLoader.b
22: C:\Programme\Norton AntiVirus\Quarantine\3E476DB5.tmp => Trojan.Java.ClassLoader.b
23: C:\Programme\Norton AntiVirus\Quarantine\41A53A01.tmp => Trojan.Java.ClassLoader.b
24: C:\Programme\Norton AntiVirus\Quarantine\41A963FD.tmp => Exploit.Java.ByteVerify
25: C:\Programme\Norton AntiVirus\Quarantine\4779279A.zip => Exploit.Java.ByteVerify
26: C:\Programme\Norton AntiVirus\Quarantine\48C2065A.tmp => Exploit.Java.ByteVerify
27: C:\Programme\Norton AntiVirus\Quarantine\4BD863B5.tmp => Trojan.Java.ClassLoader.b
28: C:\Programme\Norton AntiVirus\Quarantine\51DF4192.tmp => Exploit.Java.ByteVerify
29: C:\Programme\Norton AntiVirus\Quarantine\52621A92.tmp => Exploit.Java.ByteVerify
30: C:\Programme\Norton AntiVirus\Quarantine\561B3151.tmp => Trojan.Java.ClassLoader.b
31: C:\Programme\Norton AntiVirus\Quarantine\561E5B4D.tmp => Exploit.Java.ByteVerify
32: C:\Programme\Norton AntiVirus\Quarantine\60852ECC.tmp => Trojan.Java.ClassLoader.b
33: C:\Programme\Norton AntiVirus\Quarantine\608858C8.tmp => Exploit.Java.ByteVerify
34: C:\Programme\Norton AntiVirus\Quarantine\643248AC.tmp => Exploit.Java.ByteVerify
35: C:\Programme\Norton AntiVirus\Quarantine\68953823.tmp => Exploit.Java.ByteVerify
36: C:\Programme\Norton AntiVirus\Quarantine\69F525AF.tmp => Trojan.Java.ClassLoader.b
37: C:\Programme\Norton AntiVirus\Quarantine\6F2C39F2.tmp => Trojan.Java.ClassLoader.b
38: C:\Programme\Norton AntiVirus\Quarantine\6F2F63EE.tmp => Exploit.Java.ByteVerify
39: C:\Programme\Norton AntiVirus\Quarantine\75D5569E.tmp => Trojan.Java.ClassLoader.b
40: C:\Programme\Norton AntiVirus\Quarantine\77484A3B.tmp => Exploit.Java.ByteVerify
41: C:\Programme\Norton AntiVirus\Quarantine\7E2F2963.tmp => Exploit.Java.ByteVerify
42: C:\RECYCLER\S-1-5-21-4107944520-4121981136-756533935-1006\Dc223\backups\backup-20051030-215004-943.dll => Trojan-Downloader.Win32.IstBar.gen
43: C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP112\A0072784.exe => tagged:Downloader.Win32.Agent.d.
44: C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP152\A0085719.dll => Trojan-Downloader.Win32.Dyfuca.gen
45: C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP185\A0089297.exe => Trojan-Downloader.Win32.Dyfuca.ei
46: C:\System Volume Information\_restore{45B4590D-410F-4CE5-9B01-A17FC6A9D916}\RP186\A0094423.exe => Trojan-Downloader.Win32.IstBar.gen

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Thu Nov 03 13:02:50 2005 => Total Objects Scanned: 158706
Thu Nov 03 13:02:50 2005 => Total Virus(es) Found: 89
Thu Nov 03 13:02:50 2005 => Total Errors: 116
Thu Nov 03 13:02:50 2005 => Virus Database Date: 2005/11/03
Thu Nov 03 13:02:50 2005 => Virus Database Count: 157916
Thu Nov 03 13:08:06 2005 => Total Objects Scanned: 158706
Thu Nov 03 13:08:06 2005 => Total Virus(es) Found: 89
Thu Nov 03 13:08:06 2005 => Total Errors: 116
gonzo1
 
Beiträge: 15
Registriert: 30.10.2005, 13:03
Nach oben

Beitragvon Holy Marcell am 03.11.2005, 15:03

Gut. Mache noch den Scan mit Ewido.
Holy Marcell
 
Nach oben

Beitragvon gonzo1 am 05.11.2005, 12:34

Aber die Fehlermeldung kommt noch immer!! :?
gonzo1
 
Beiträge: 15
Registriert: 30.10.2005, 13:03
Nach oben
Nächste
Antwort erstellen

Ähnliche Themen

Tomb Raider DdHelp-Fehlermeldung
Forum: Spiele-Probleme
Autor: GuessWho
Antworten:
probs beim booten mit win 98 und bildschirm
Forum: Hardware-Hilfe
Autor: Anonymous
Antworten:
Probleme mit WinXP auf einem Laptop Amilo A beim Hochfahren
Forum: Hardware-Hilfe
Autor: Anonymous
Antworten:
CPU-Auslastung beim Drucken
Forum: Software-Hilfe
Autor: Anonymous
Antworten:
PC hängt sich beim Runterladen mit flashget auf
Forum: Software-Hilfe
Autor: Anonymous
Antworten:
Nach oben

Zurück zu Software-Hilfe

Wer ist online?

Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Deutsche Übersetzung durch phpBB.de
phpBB SEO