| |
| |||||||
Log-Analyse und Auswertung: BullsEye wütet wieder!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
23.05.2005, 09:30
| #1 |
 |  BullsEye wütet wieder! Hallo! Ich habe mir nun schon einige Posts über den Trojaner Bullseye durchgelesen, den ich mir eingefangen habe. Da ich aber absolut keine Ahnung auf diesem Gebiet habe, poste ich hier mal meinen Logfile, in der Hoffnung, dass mir jemand helfen kann!!! Vielen Dank schonmal für jede Hilfe! Logfile of HijackThis v1.99.1 Scan saved at 09:50:00, on 23.05.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\carpserv.exe C:\Programme\Apoint2K\Apoint.exe C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Apoint2K\Apntex.exe C:\Programme\CASIO\PCsync\QDCTray.exe C:\Programme\Palm\HOTSYNC.EXE C:\Programme\OpenOffice.org1.1.0\program\soffice.exe C:\Programme\OpenOffice.org1.1.1\program\soffice.exe C:\Programme\OpenOffice.org1.0.3\program\soffice.exe C:\Programme\NaviSearch\bin\nls.exe C:\Programme\BullsEye Network\bin\bargains.exe C:\Programme\CashBack\bin\cashback.exe C:\WINDOWS\explorer.exe C:\Dokumente und Einstellungen\Profaktur\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch F3 - REG:win.ini: run= O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Startup: Quick Data Copy.lnk = C:\Programme\CASIO\PCsync\QDCTray.exe O4 - Startup: HotSync Manager.lnk = C:\Programme\Palm\HOTSYNC.EXE O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Programme\OpenOffice.org1.1.0\program\quickstart.exe O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Programme\OpenOffice.org1.1.1\program\quickstart.exe O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Programme\OpenOffice.org1.0.3\program\quickstart.exe O4 - Startup: SmartSurfer.lnk = C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe O4 - Global Startup: Zahlungserinnerung.lnk = C:\HCW\wzed.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\COMOne\Bluetooth Software\btsendto_ie.htm (file missing) O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\COMOne\Bluetooth Software\btsendto_ie.htm (file missing) O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/ O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.power-url.de/InstallationsAssistent.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{5C4221A4-20E3-4E8F-9CC4-6CF80D6689E9}: NameServer = 195.8.224.1 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe _____________ Anm. Aktive Links editiert! Beachte die Hinweise dieser Anleitung: HiJackThis LG Cidre S-Mod TB Geändert von Cidre (25.05.2005 um 17:47 Uhr) |
|
25.05.2005, 15:41
| #2 |
| |  BullsEye wütet wieder! So, habe jetzt alles in stundenlanger Arbeit getan, was hier im Forum über den Bullseye gesagt wurde! Kann sich bitte jetzt nochmal jemand mein LogFile ansehen und sagen, ob noch was fehlerhaftes bzw. schädliches zu finden ist!? Vielen Dank und einen schönen Feiertag! Gruß, Squad
__________________Logfile of HijackThis v1.99.1 Scan saved at 16:32:28, on 25.05.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\carpserv.exe C:\Programme\Apoint2K\Apoint.exe C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Apoint2K\Apntex.exe C:\Programme\Palm\HOTSYNC.EXE C:\Programme\OpenOffice.org1.1.0\program\soffice.exe C:\Programme\OpenOffice.org1.1.1\program\soffice.exe C:\Programme\OpenOffice.org1.0.3\program\soffice.exe C:\WINDOWS\System32\wuauclt.exe C:\Dokumente und Einstellungen\Jan\Eigene Dateien\Jan\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch F3 - REG:win.ini: run= O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Startup: Quick Data Copy.lnk = C:\Programme\CASIO\PCsync\QDCTray.exe O4 - Startup: HotSync Manager.lnk = C:\Programme\Palm\HOTSYNC.EXE O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Programme\OpenOffice.org1.1.0\program\quickstart.exe O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Programme\OpenOffice.org1.1.1\program\quickstart.exe O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Programme\OpenOffice.org1.0.3\program\quickstart.exe O4 - Startup: SmartSurfer.lnk = C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe O4 - Global Startup: Zahlungserinnerung.lnk = C:\HCW\wzed.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\COMOne\Bluetooth Software\btsendto_ie.htm (file missing) O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\COMOne\Bluetooth Software\btsendto_ie.htm (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/ O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5C4221A4-20E3-4E8F-9CC4-6CF80D6689E9}: NameServer = 195.8.224.1 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE Geändert von Cidre (25.05.2005 um 17:47 Uhr) |
|
25.05.2005, 16:42
| #3 |
| |  BullsEye wütet wieder! Hy,
__________________Logfile passt denke ich.Aber Update unbedingt Dein Windows auf Service Pack 2 schliest sämtliche Sicherheitslücken. Greetings from MEERJUNGFRAUMANN (SPONGEBOB MEMBER)  |
|
25.05.2005, 17:10
| #4 | |||
  | BullsEye wütet wieder! @Squad Bitte alle Links im Log deaktivieren (z.B. h**p statt http) Zitat:
 Bitte fixen: Zitat:
Zitat:
|
|
27.05.2005, 00:14
| #5 |
| |  BullsEye wütet wieder! @Rene: Na ja, ich hab insgesamt ca. 10 Stunden drangesessen inkl. Wartezeiten bei Scans etc.  Danke für's checken meines Logfiles! Jetzt müsste es doch eigentlich okay sein, oder!? Logfile of HijackThis v1.99.1 Scan saved at 01:04:43, on 27.05.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\carpserv.exe C:\Programme\Apoint2K\Apoint.exe C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Apoint2K\Apntex.exe C:\Programme\Palm\HOTSYNC.EXE C:\Programme\OpenOffice.org1.1.0\program\soffice.exe C:\Programme\OpenOffice.org1.1.1\program\soffice.exe C:\Programme\OpenOffice.org1.0.3\program\soffice.exe C:\WINDOWS\System32\wuauclt.exe C:\Dokumente und Einstellungen\Ordner\Eigene Dateien\Ordner\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://global.acer.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Startup: Quick Data Copy.lnk = C:\Programme\CASIO\PCsync\QDCTray.exe O4 - Startup: HotSync Manager.lnk = C:\Programme\Palm\HOTSYNC.EXE O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Programme\OpenOffice.org1.1.0\program\quickstart.exe O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Programme\OpenOffice.org1.1.1\program\quickstart.exe O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Programme\OpenOffice.org1.0.3\program\quickstart.exe O4 - Startup: SmartSurfer.lnk = C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe O4 - Global Startup: Zahlungserinnerung.lnk = C:\HCW\wzed.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - h**p://216.249.24.143/code/PWActiveXImgCtl.CAB O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - h**p://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5C4221A4-20E3-4E8F-9CC4-6CF80D6689E9}: NameServer = 195.8.224.1 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE |
|
27.05.2005, 00:45
| #6 |
| | BullsEye wütet wieder! Sauber ist der Log immer noch nicht! Um mehr Informationen zu bekommen führe Escan wie beschrieben aus und teile uns die Ergebnisse mit! Edit: Warum ist kein Service Pack 2 installiert?
__________________ --> BullsEye wütet wieder! |
|
27.05.2005, 07:51
| #7 | |
| | BullsEye wütet wieder! @Squad Zitat:
. In 3 Stunden hättest du deine Kiste neu formatiert und virenfrei gehabt. Und SP2 fehlt nach wie vor |
|
01.06.2005, 16:23
| #8 |
| | BullsEye wütet wieder! Hallo! Wenn ich das Service Pack 2 installiere und dann ins Internet gehe, stürzt mein Rechner IMMER ab.  Deshalb habe ich es wieder deinstalliert. Woran kann das liegen? Verträgt es sich nicht mit AV? Gruß, Squad |
|
01.06.2005, 17:20
| #9 |
| | BullsEye wütet wieder! @Squad Installieren von SP2 und Co. befreit den PC von Malware nicht. Warum hast du den Posting von cronos nicht abgearbeitet? |
|
02.06.2005, 20:17
| #10 |
| | BullsEye wütet wieder! Habe jetzt den eScan jetzt ausgeführt! Herausgekommen ist eine ewig lange Liste von der ich so gut wie nichts verstehe...  Sorry, ich hab' von solchen Sachen leider wirklich nur sehr wenig Ahnung. Ich hoffe ihr könnt mir weiterhelfen und ich poste nichts unerlaubtes vom eScan! Danke schonmal für alle hilfreichen Antworten! Hier mein Scan: Geändert von Squad (02.06.2005 um 20:32 Uhr) |
|
02.06.2005, 20:19
| #11 |
| |  BullsEye wütet wieder! Scan kommt im neuen Fenster! Wenn ich die find.bat Datei erstellt habe und dann doppelklicke, öffnet sich zwar ein neues Fenster im MS-DOS und es wird etwas geschrieben. Dann schließt sich das Fenster aber schnell wieder. Eine Datei Namens eScan_neu.txt kann ich nicht finden. Was mache ich falsch??? Geändert von Squad (02.06.2005 um 20:55 Uhr) |
|
02.06.2005, 20:44
| #12 |
| | BullsEye wütet wieder! @Squad Scan kommt im neuen Fenster! wo bleibts? chaosman
__________________ Bonus vir semper tiro |
|
02.06.2005, 20:52
| #13 |
| | BullsEye wütet wieder! Da es anders nicht funktioniert hier mein Scan: Seite 1: File C:\WINDOWS\zeta.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken. Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Alexa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "cashback Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "exactutil Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "bargainbuddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\CyberLink\Common\UpdateIPR.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\DIMM.DLL". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Siemens AG Shared\DESServer.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\APMmxBVR.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\APMmxSVR.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\APMP5BVR.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\APMP5SVR.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\GliDetectDll.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\GliDX6vf.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\GliVd1vf.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\MPGMXBVR.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\MPGMXSVR.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\MPGP5BVR.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\MPGP5SVR.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\WAVd3BVR.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\WAVMWBVR.DLL". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\WAVMWSVR.DLL". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\WAVPWBVR.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\WAVPWSVR.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto_office.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto_notes.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTNeighborhood.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btcss.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTNCopy.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btwpimif.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\bt2k_ins.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\wbtapi.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btcpl.cpl". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsec.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btosif.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btosif_notes.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btosif_ol.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btins.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btdev.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\WidcommSdk.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\lcppn21.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto_lnagent.nsf". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTXPPanel.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BtXpShell.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btrez.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btbigbmp.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\bthcrp.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btosif_olx.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BtWizard.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto_wab.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BtAudioHelper.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTNeighborhood.tlb". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTNCopy.tlb". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTXPPanel.tlb". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto_ie.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTNeighborhood.dll.manifest". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btcss.dll.manifest". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btcpl.cpl.manifest". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\bthcrpui.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btprn2k.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btrezxp.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Lexware1\Gemeinsame Dateien\Optionen\BenutzerMgr.xml". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Lexware1\Gemeinsame Dateien\Optionen\PersonalMgr.xml". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0002E500-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0002E510-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0002E520-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0002E530-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0002E531-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0002E532-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0083AA80-357D-11D4-876E-CA5F65139036}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\hhvrend2.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{01002B17-5D93-4551-81E4-831FEF780A53}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0174EB42-3CBC-4910-9C88-82B36A14C62B}" refers to invalid object "C:\Programme\Intuwave\Shared\mRouterRunTime\mRouterBluetooth.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0AA02E8D-F851-4CB0-9F64-BBA9BE7A983D}" refers to invalid object "C:\PROGRA~1\WINDOW~3\mpvis.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{13E40445-0C30-11D2-ADAC-00104B453807}" refers to invalid object "C:\PROGRA~1\Lexware\ANLAGE~1\AnlageVW.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{1B544C24-FD0B-11CE-8C63-00AA0044B520}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{1CB1623E-BBEC-4E8D-B2DF-DC08C6F4627C}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2aa2b5fe-b846-4d07-810c-b21ee45320e3}" refers to invalid object "%SystemRoot%\System32\xmlprovi.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2D20D4BB-B47E-4FB7-83BD-E3C2EE250D26}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2EA10031-0033-450E-8072-E27D9E768142}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{305F718E-620B-11D3-B484-008029659E91}" refers to invalid object "C:\MAGIX\MM2005~1\REGMOD~1\audiovis.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{31087270-D348-432C-899E-2D2F38FF29A0}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{353359C1-39E1-491b-9951-464FD8AB071C}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{35465706-E211-11d3-8B87-C295F909460A}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\WMServerReader.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{36773DF3-37FC-47B6-9F8F-CC4699917938}" refers to invalid object "D:\acer\tools\LaunchRS.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{41D2B841-7692-4C83-AFD3-F60E845341AF}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{442D12A1-2641-11d2-90FB-006008A1F441}" refers to invalid object "a3d.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{4C85388F-1500-11D1-A0DF-00C04FC9E20F}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{4D4C9FEF-ED80-47EA-A3FA-3215FDBB33AB}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{4E7F49AD-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{4E7F49AF-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{4E7F49B6-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{4E7F49B8-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{4E7F49CF-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{4E7F49D5-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{4F3E50BD-A9D7-4721-B0E1-00CB42A0A747}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{56d398df-f37d-4d6d-94cc-8b3ea36c3a39}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\MXMPEG2.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{586FB486-5560-4FF3-96DF-1118C96AF456}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{596AB062-B4D2-4215-9F74-E9109B0A8153}" refers to invalid object "C:\WINDOWS\System32\twext.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken. |
|
02.06.2005, 20:53
| #14 |
| | BullsEye wütet wieder! Seite 2: Entry "HKCR\CLSID\{5B4B05EB-1F63-446B-AAD1-E10A34D650E0}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{5D62A639-0FB0-11D2-8DB2-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{62090F4D-7F27-11D4-ABF2-0080C8FCDE68}" refers to invalid object "C:\PROGRA~1\Lexware\BUCHHA~1\BHAUSW~1.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{679E132F-561B-42F8-846C-A70DBDC62999}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{6C68955E-F965-4249-8E18-F0977B1D2899}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{78D80080-F388-11D3-9161-00105A07EA40}" refers to invalid object "C:\WINDOWS\SYSTEM\LCODCCMP.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{78D80081-F388-11D3-9161-00105A07EA40}" refers to invalid object "C:\WINDOWS\SYSTEM\LCODCCMP.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{78D80082-F388-11D3-9161-00105A07EA40}" refers to invalid object "C:\WINDOWS\SYSTEM\LCODCCMP.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{78D80083-F388-11D3-9161-00105A07EA40}" refers to invalid object "C:\WINDOWS\SYSTEM\LCODCCMP.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{7F1232EE-44D7-4494-AB8B-CC61B10E21A5}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{7FB3E3A1-829B-11D3-8032-00A0C941A56C}" refers to invalid object "C:\Programme\KraiSoft\Warkanoid\GmIntrnt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{849F5184-79E2-11D5-99F3-0050043E594A}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\Lexware\Dll\LxBsns30.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{849F519C-79E2-11D5-99F3-0050043E594A}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\Lexware\Dll\AVBsns30.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{8602FB8E-2F21-46A0-89DA-BCBFF80A9B02}" refers to invalid object "C:\LEXWARE\PCBH32\KRCheck.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{90914AA1-0A85-407B-AA90-AD5BE725D805}" refers to invalid object "D:\acer\tools\LaunchRS.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{92883667-E95C-443D-AC96-4CACA27BEB6E}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441}" refers to invalid object "a3dapi.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{97D6D376-23BB-11D1-A0E1-00C04FC9E20F}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{9AC5BD2F-604B-4062-86BC-5B1AB98D6648}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\Lexware\EBUSIN~1\FKUpload.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{9DB7A13C-F208-4981-8353-73CC61AE2783}" refers to invalid object "C:\WINDOWS\System32\twext.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A2EDA89A-0966-4B91-9C18-AB69F098187F}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{ADEADEB8-E54B-11d1-9A72-0000F875EADE}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{AECF5D2E-7A18-4DD2-BDCD-29B6F615B448}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{B4DC8DD9-2CC1-4081-9B2B-20D7030234EF}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{B6E33EB2-8C6D-49E6-BBA9-9CF33759D35F}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\hhmultee.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{BC0D69A8-0923-4EEE-9375-9239F5A38B92}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C0D076C5-E4C6-4561-8BF4-80DA8DB819D7}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C378B3A7-404B-445B-8334-D078852EABDB}" refers to invalid object "C:\Programme\Intuwave\Shared\mRouterRunTime\mRouterBluetooth.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C44C65C7-FDF1-453D-89A5-BCC28F5D69F9}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C63344D8-70D3-4032-9B32-7A3CAD5091A5}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C8F209F8-480E-454C-94A4-5392D88EBA0F}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{CD2425E4-8141-11D0-8CE4-444553540000}" refers to invalid object "C:\LEXWARE\PCFK32\Pcfk32.exe". Action Taken: No Action Taken. Entry "HKCR\CLSID\{CFFB1FC7-270D-4986-B299-FECF3F0E42DB}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D3B06B05-3667-4175-B2D2-D54DCED5E9F1}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\dscapture.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D42AB085-7E24-460f-9BFB-9ADE542A81B9}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\mxvisuals.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D7546AAE-A77A-11D1-B901-00AA00585640}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCF.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D7546ABD-A77A-11D1-B901-00AA00585640}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCF.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{d8f1eee0-f634-11cf-8700-00a0245d918b}" refers to invalid object "a3d.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken. Entry "HKCR\CLSID\{DB6E8F48-FD3E-11D0-A0BC-00C04FC9E20F}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{E188F7A3-A04E-413E-99D1-D79A45F70305}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{E476CBFF-E229-4524-B6B7-228A3129D1C7}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{E673DCF2-C316-4c6f-AA96-4E4DC6DC291E}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxb.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{E769AC40-7735-11D2-8B7B-9D5958F45120}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\wavdest.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{E8C31D11-6FD2-4659-AD75-155FA143F42B}" refers to invalid object "C:\Programme\Movie Maker\wmm2ae.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{EC85D8F1-1C4E-46e4-A748-7AA04E7C0496}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{ED4EB73F-EDEC-11D3-BC26-00A0CC5087AB}" refers to invalid object "C:\MAGIX\mm2005_silver\pptaddin.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{EF105BC3-C064-45F1-AD53-6D8A8578D01B}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F44BB2D0-F070-463E-9433-B0CCF3CFD627}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken. Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken. Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken. Entry "HKCR\ADP.UrlCatcher" refers to invalid object "{F4E04583-354E-4076-BE7D-ED6A80FD66DA}". Action Taken: No Action Taken. Entry "HKCR\ADP.UrlCatcher.1" refers to invalid object "{F4E04583-354E-4076-BE7D-ED6A80FD66DA}". Action Taken: No Action Taken. Entry "HKCR\Automatische Zuordnung.Map.EU" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken. Entry "HKCR\Automatische Zuordnung.Map.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken. Entry "HKCR\Automatische Zuordnung.Template.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken. Entry "HKCR\CB.UrlCatcher" refers to invalid object "{CE188402-6EE7-4022-8868-AB25173A3E14}". Action Taken: No Action Taken. Entry "HKCR\CB.UrlCatcher.1" refers to invalid object "{CE188402-6EE7-4022-8868-AB25173A3E14}". Action Taken: No Action Taken. Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\MultimediaConverter.Converter" refers to invalid object "{E180CA8F-034D-11d6-AEA1-00B0D0797201}". Action Taken: No Action Taken. Entry "HKCR\NLS.UrlCatcher" refers to invalid object "{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}". Action Taken: No Action Taken. Entry "HKCR\PDF.PdfCtrl.5" refers to invalid object "{CA8A9780-280D-11CF-A24D-444553540000}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. File C:\WINDOWS\autoheal.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken. File C:\WINDOWS\System32\exdl.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\System32\exul.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\System32\javexulm.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\System32\exdl2.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\System32\exdl3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\System32\exdl1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\System32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken. File C:\WINDOWS\System32\mac80ex.idf tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken. File C:\WINDOWS\System32\javex80.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken. File C:\WINDOWS\System32\psis80ex.ax tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken. File C:\WINDOWS\System32\exul3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\System32\exul1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\System32\mqexdlm.srg tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\System32\netut80ex.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\system32\exdl.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\system32\exul.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\system32\javexulm.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\system32\exdl2.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\system32\exdl3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\system32\exdl1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\system32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken. File C:\WINDOWS\system32\mac80ex.idf tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken. File C:\WINDOWS\system32\javex80.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken. File C:\WINDOWS\system32\psis80ex.ax tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken. File C:\WINDOWS\system32\exul3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\system32\exul1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\system32\mqexdlm.srg tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\system32\netut80ex.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\installer_MARKETING32.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus! Action Taken: No Action Taken. File C:\WINDOWS\autoheal.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Gast\Eigene Dateien\Ralph\CD-Brennd\tägliche Losung\Winlos03.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Dokumente und Einstellungen\Jan\Eigene Dateien\Jan\backups\backup-20050523-115914-837.dll tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Jan\Eigene Dateien\Jan\backups\backup-20050523-115914-344.dll tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Jan\Eigene Dateien\Jan\backups\backup-20050523-115914-345.dll tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken. File C:\HCW\wpcuinst.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. |
|
02.06.2005, 21:02
| #15 |
| | BullsEye wütet wieder! @Squad poste bitte folgendes ________________________________________ Öffne C:\bases\mwav.log Am Ende folgendes suchen und hier rein kopieren: Zitat: Total Files Scanned: Total Virus(es) Found: Total Disinfected Files: Total Files Renamed: Total Deleted Files: Total Errors: Time Elapsed: Virus Database Date: Virus Database Count: chaosman
__________________ Bonus vir semper tiro |
|
| Themen zu BullsEye wütet wieder! |
| adobe, antivir, antivir update, bho, button, canon, dateien, einstellungen, explorer, file missing, helfen, hijack, hijackthis, internet, internet explorer, keine ahnung, launch, logfile, messenger, microsoft, programme, scan, software, system, system32, temp, trojaner, update, vielen dank, windows, windows xp |
