|
Ich bin ge-hijacked - bin jetzt am Ende Hallo Forum, Ich habe mir einen Highjacker eingehandelt. Ich habe mir das alles im Forum durchgelesen und durchgeführt. CWS hat nichts gefunden Adware hat nichts gefunden Dann habe ich mit HJT angefangen Ich habe die angehägten Einträge vom HJT log entfernt. Danach ist es auch schon besser geworden aber noch nicht völlig weg Jetzt weiss ich nicht mehr weiter was ich noch rausschmeissen Wo kann man noch was dazu lesen? Wie kann man weiter vorgehen? Vielen Dank JoEh Entfernt aus HJT log: O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\lthba.dll O4 - HKCU\..\Run: [WareOut] "C:\Programme\WareOut\WareOut.exe" O4 - HKCU\..\Run: [DCC_send] ExchangeMaster.exe O4 - HKCU\..\Run: [NukeSpan] avpmondll.exe O4 - HKCU\..\Run: [NSYSCPLSTR] StatusCheck.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Programme\WareOut\WareOut.exe (HKCU) O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Programme\WareOut\WareOut.exe (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{1447E809-7E4B-4D78-B87D-56C84272E61B}: NameServer = 69.50.176.158,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{BF3ED80A-5472-4F71-9EE3-14364A5589C8}: NameServer = 69.50.176.158,85.255.112.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{1447E809-7E4B-4D78-B87D-56C84272E61B}: NameServer = 69.50.176.158,85.255.112.8 O17 - HKLM\System\CS2\Services\Tcpip\..\{1447E809-7E4B-4D78-B87D-56C84272E61B}: NameServer = 69.50.176.158,85.255.112.8 Aktuelles Log Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe C:\Programme\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\WINDOWS\System32\RunDll32.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programme\Agilent\IO Libraries\bin\iprocsvr.exe C:\Corel\Graphics8\Programs\MFIndexer.exe C:\Programme\Agilent\IO Libraries\bin\iproc82357.exe C:\Programme\Agilent\IO Libraries\bin\iproc488.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Programme\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe C:\WINDOWS\System32\RegSrvc.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\bcmwltry.exe C:\totalcmd\TOTALCMD.EXE C:\WINDOWS\System32\taskmgr.exe C:\Programme\Internet Explorer\iexplore.exe c:\projekte\download\adware\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.10:3128 R3 - URLSearchHook: (no name) - {E98938F2-BA4F-80A6-9A4E-A97DA5F29FB7} - sound64.dll (file missing) O1 - Hosts: localhost 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\lthba.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programme\Gemeinsame Dateien\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programme\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [HP SchedIndexer] C:\Programme\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe O4 - HKLM\..\Run: [HP AutoIndexer] C:\Programme\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe /waitservice O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [borlandg] panel_its.exe O4 - HKLM\..\Run: [TemplateDongle] sysconf16.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: HP LaserJet Director.lnk = C:\Programme\Hewlett-Packard\LaserJet 33xx\hppdirector.exe O4 - Global Startup: IO Control.lnk = ? O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123411190614 O17 - HKLM\System\CCS\Services\Tcpip\..\{1BE4C32B-7C0E-4A2E-B3B4-F1068A44C183}: NameServer = 192.168.100.10 O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\NCS\Sync\NetSvc.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE |
warum hast du die ersten 4 zeilen (betriebssystem usw.) entfernt? fixe mal mit hijackthis: R3 - URLSearchHook: (no name) - {E98938F2-BA4F-80A6-9A4E-A97DA5F29FB7} - sound64.dll (file missing) O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\lthba.dll O4 - HKLM\..\Run: [borlandg] panel_its.exe O4 - HKLM\..\Run: [TemplateDongle] sysconf16.exe O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe lösche im abgesicherten modus diese dateien: c:\windows\system32\lthba.dll c:\windows\system32\panel_its.exe c:\windows\system32\sysconf16.exe C:\Programme\WareOut\WareOut.exe" c:\windows\system32\ExchangeMaster.exe c:\windows\system32\avpmondll.exe c:\windows\system32\StatusCheck.exe leere mal den papierkorb auf c: und mach mal einen eScan falls nicht getan, das system patchen (SP2 installieren) |
@ chris14 wegen Zitat:
http://www.sophos.com/virusinfo/anal...ojsdbotfb.html Wäre da nicht wieder ein Neuaufsetzen anzuraten? Bis denn, stupormundi |
net umbedingt. das ist auch wareout malware. und der eintrag: >O4 - HKLM\..\Run: [TemplateDongle] sysconf16.exe weißt eher auf wareout trojan statt bot hin. aber du hast mich stutzig gemacht; @joeh lass die datei sysconf16.exe bei http://virusscan.jotti.org/de überprüfen und poste das ergebnis. |
Hallo, ausser der Downloader im Papierkorb gehört alls dazu: http://www.doxdesk.com/parasite/WareOut.html (Entfernung wird beschrieben) Sind noch jede Menge andere Dateien. dartus |
genau. deswegen soll er auch auf jedenfall einen escan machen. ich weiß jezt schon, das da noch einiges anderes trojanerzeugs aufm system is. |
Vielen Dank für die umfangreichen Anworten! Zur Geschichte. Am 5.8. hat der Rechner nicht mehr gebootet. Hatte am Vortag eine ganze mengean tools installiert und deinstalliert. Kam über mein Linux noch an die Platte und konnte die Daten retten. Dann habe ich das XP Pro von der Recovery CD drauf gemacht. Habe das Update von Microsoft drüber laufen lassen (ging recht kurz, ggf sammelupdate???) Norton antivirus, Outpost firewall drauf und die Alten Daten(!!!) Ich denke da liegt es drin. Dann 2 Wo Später die Hijack geschichte Norton scan, CWShredder, Adware, Spybot -> alle haben nichts gefunden. Dann habe ich noch das SP2 drüber geladen hat ein halbe Stunde gedauert. Ich denke in den Daten des Backups ist der Virus(???) drin. Ich werden jetzt 1. http://www.doxdesk.com/parasite/WareOut.html 2. http://virusscan.jotti.org/de 3. escan durchführen. @chris14 12:37 Die DNS und alternativer DNS Server waren total zerrodelt. Deshalb ich die vier Zeilen mit den IP adressen rausgenommen |
die dns mein ich net. sondern eher sowas wie betriebssystem, service packs usw. aber ich denke das da alles in ordnung ist (hast ja grad geschrieben, dass du die patches drüberlaufen lässt) |
@chris14: Sorry für das Missverständnis. Die ersten vier einträge: Alles was ich nicht zuordnen konnte habe ich im Netz (google) eingegeben und durchgelesen was die Welt dazu meint. dann habe ich die dinge rausgeschmissen w gesag wird, dass man sie besser löscht. Ich habe jetzt das alles durchgeführt. Die lage hat sich aber insgesamtverschlchtert Doch der Reihe nach 1. Wareout Hatte schon die deinstall genutzt die das ding mitbringt. und habe alle daten die in der doxdesk drin stehen nicht mehr gefunden 2. sysconf16.exe Die datei gibt s auf meinem rechner nicht 3. escan Lief über 6 Stunden gekürztes Protkoll am ende zusätzlich A. In der Taskleiste geht ein Box auf mit "Your computer might by a risk ... geht man darauf versucht eine HH.exe etwas von einer winprotct.net seite zu laden B. Norton AVmeckert ständig über eine hclean32.exe in der ein trojaner sitzen soll die Datei gibt es auf meinem rechnernicht C. Obwohl ich das Update von microsoft komplett machen lassen habe hat er schon wieder ein SP2 installiert D. der Rechner fängt nach dem booten an ohne grund eine DSL verbindung an Insgesamt sieht das nicht gut aus Ich bin kurz davor den Rechner wieder platt zu machen. Aber dann habe ich wahrscheinlich in 14 Tagen wieder das Problem und ausserdem ist es mein productivrechener (ist ganz schöne scheisse) Gruss JoEh hier das escan log (gekürzt auf alle monierten einträge) Wed Aug 24 06:34:19 2005 => Scanning File C:\WINDOWS\System32\lthba.dll Wed Aug 24 06:34:22 2005 => File C:\WINDOWS\System32\lthba.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken. Wed Aug 24 06:34:35 2005 => ERROR!!! Invalid Entry borlandg = panel_its.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. Wed Aug 24 06:34:35 2005 => ERROR!!! Invalid Entry TemplateDongle = sysconf16.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. Wed Aug 24 06:34:56 2005 => System found infected with AdWare.ToolBar.SBSoft.h Spyware/Adware ({08BEC6AA-49FC-4379-3587-4B21E286C19E})! Action taken: No Action Taken. Wed Aug 24 06:35:30 2005 => Offending file found: C:\DOKUME~1\JoEh\LOKALE~1\Temp\insthelp.dll Wed Aug 24 06:35:30 2005 => System found infected with RedV Spyware/Adware (insthelp.dll)! Action taken: No Action Taken. Wed Aug 24 06:35:55 2005 => ***** Scanning Registry for errors created because of Adware/Spyware ***** Wed Aug 24 06:35:57 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken. Wed Aug 24 06:35:57 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Roxioscan.exe" refers to invalid object "C:\Programme\Gemeinsame Dateien\Roxio Shared\Support\Roxioscan.exe". Action Taken: No Action Taken. Wed Aug 24 06:35:57 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Programme\ATI Technologies\ATI Control Panel\setup.exe". Action Taken: No Action Taken. Wed Aug 24 06:35:58 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\WINDOWS\yourapp.Exe". Action Taken: No Action Taken. Wed Aug 24 06:35:59 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 6.0\TempIccProfiles\". Action Taken: No Action Taken. Wed Aug 24 06:35:59 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 6.0\TempIccProfiles\Non-Recommended\". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".013". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".abs". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".acr". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".b3d". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cam". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cfm". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".crw". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dcm". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dcx". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dds". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".djvu". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ecw". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fpx". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fsh". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".g3". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gsm". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".hwl". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".icl". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ics". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iff". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".img". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iw44". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".j2k". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jng". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jp2". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpc". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpm". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kdc". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lbm". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ldf". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lds". Action Taken: No Action Taken. Wed Aug 24 06:36:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lwf". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".med". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mng". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ngg". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nlm". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nol". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ogg". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pbm". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pgm". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ppm". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".prj". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".psp". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ras". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".raw". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rgb". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sff". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfw". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sgi". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sid". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".st5". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sun". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tga". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".wbmp". Action Taken: No Action Taken. Wed Aug 24 06:36:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xpm". Action Taken: No Action Taken. Wed Aug 24 06:36:02 2005 => Entry "HKCR\CLSID\{0662245D-254C-4363-AA70-D909C154A688}" refers to invalid object ".\sldwebpub.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:02 2005 => Entry "HKCR\CLSID\{0880413D-9C3D-11D3-B931-00C04F8EF738}" refers to invalid object ".\sldse.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:03 2005 => Entry "HKCR\CLSID\{1C9BC2F5-6822-11d2-B8A7-00C04F8EF738}" refers to invalid object ".\sldug.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:04 2005 => Entry "HKCR\CLSID\{2FC765C5-AE47-11D1-9975-00805F8AC6B3}" refers to invalid object "brpref32.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:04 2005 => Entry "HKCR\CLSID\{2FC765C6-AE47-11D1-9975-00805F8AC636}" refers to invalid object "brpref32.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:04 2005 => Entry "HKCR\CLSID\{2FC765C7-AE47-11D1-9975-00805F8AC6B3}" refers to invalid object "brpref32.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:04 2005 => Entry "HKCR\CLSID\{2FC765C8-AE47-11D1-9975-00805F8AC6B3}" refers to invalid object "edpref32.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:04 2005 => Entry "HKCR\CLSID\{2FC765CB-AE47-11D1-9975-00805F8AC63E}" refers to invalid object "mnpref32.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:04 2005 => Entry "HKCR\CLSID\{2FC765CC-AE47-11D1-9975-00805F8AC6B3}" refers to invalid object "mnpref32.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:05 2005 => Entry "HKCR\CLSID\{4575C431-E2CB-11d2-B8E0-00C04F8EF738}" refers to invalid object ".\sld2demu.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:05 2005 => Entry "HKCR\CLSID\{46C64A4D-2B14-11D2-B484-00C04FA33EF2}" refers to invalid object "ShellExt\sldicon.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:05 2005 => Entry "HKCR\CLSID\{47B4ACA1-B1C4-11d2-8398-0008C7B2F44D}" refers to invalid object ".\sldmdt.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:06 2005 => Entry "HKCR\CLSID\{5d3d7a00-5f31-11d1-b1c9-0020af351f6f}" refers to invalid object ".\sldtrans.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:07 2005 => Entry "HKCR\CLSID\{62845280-4FE2-11D1-8EAC-00805FD26FAA}" refers to invalid object "lipref32.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:07 2005 => Entry "HKCR\CLSID\{6B8FE721-A25A-11d3-B45B-0008C7B2ECD7}" refers to invalid object ".\sldinventor.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:07 2005 => Entry "HKCR\CLSID\{700D36FB-3889-11D4-AF00-00C04F61025C}" refers to invalid object ".\sldxgl.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:08 2005 => Entry "HKCR\CLSID\{744C3DF0-DFAE-11D1-826B-00805F2AB103}" refers to invalid object "brpref32.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:08 2005 => Entry "HKCR\CLSID\{7EFD5D24-CB58-11d4-88F5-00B0D0239602}" refers to invalid object ".\sldjpeg.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:09 2005 => Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:11 2005 => Entry "HKCR\CLSID\{BBEF802E-1021-11d4-BD57-00C04F019809}" refers to invalid object ".\sldcollab.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:11 2005 => Entry "HKCR\CLSID\{C0A97BDB-3080-11D3-B908-00C04F8EF738}" refers to invalid object ".\sldcgr.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:12 2005 => Entry "HKCR\CLSID\{C90DF1A7-4DEF-11D4-AF15-00C04F61025C}" refers to invalid object ".\sldhsf.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:13 2005 => Entry "HKCR\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}" refers to invalid object ".\sldmts.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:13 2005 => Entry "HKCR\CLSID\{E98938F2-BA4F-80A6-9A4E-A97DA5F29FB7}" refers to invalid object "sound64.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:14 2005 => Entry "HKCR\CLSID\{EA320F72-9CFB-11D3-B931-00C04F8EF738}" refers to invalid object ".\slddxf3d.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:14 2005 => Entry "HKCR\CLSID\{F335158C-A691-11D3-B934-00C04F8EF738}" refers to invalid object ".\sldhcg.dll". Action Taken: No Action Taken. Wed Aug 24 06:36:17 2005 => Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken. Wed Aug 24 06:36:17 2005 => Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken. Wed Aug 24 06:36:17 2005 => Entry "HKCR\.det" refers to invalid object "DETFile". Action Taken: No Action Taken. Wed Aug 24 06:36:17 2005 => Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken. Wed Aug 24 06:36:17 2005 => Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken. Wed Aug 24 06:36:17 2005 => Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken. Wed Aug 24 06:36:17 2005 => Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken. Wed Aug 24 06:36:17 2005 => Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken. Wed Aug 24 06:36:17 2005 => Entry "HKCR\.gst" refers to invalid object "MSMap.Datainst.8". Action Taken: No Action Taken. Wed Aug 24 06:36:17 2005 => Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken. Wed Aug 24 06:36:17 2005 => Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken. Wed Aug 24 06:36:18 2005 => Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken. Wed Aug 24 06:36:18 2005 => Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken. Wed Aug 24 06:36:18 2005 => Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken. Wed Aug 24 06:36:18 2005 => Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken. Wed Aug 24 06:36:18 2005 => Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken. Wed Aug 24 06:36:20 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Wed Aug 24 06:36:20 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Wed Aug 24 06:36:21 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken. Wed Aug 24 06:36:22 2005 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken. Wed Aug 24 06:36:22 2005 => Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken. Wed Aug 24 06:36:24 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Wed Aug 24 06:36:24 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Wed Aug 24 06:36:24 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Wed Aug 24 06:36:30 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken. Wed Aug 24 06:36:32 2005 => ***** Checking for specific ITW Viruses ***** Wed Aug 24 06:36:32 2005 => Checking for Welchia Virus... Wed Aug 24 06:36:32 2005 => Checking for LovGate Virus... Wed Aug 24 06:36:32 2005 => Checking for CodeRed Virus... Wed Aug 24 06:36:32 2005 => Checking for OpaServ Virus... Wed Aug 24 06:36:32 2005 => Checking for Sobig.e Virus... Wed Aug 24 06:36:32 2005 => Checking for Winupie Virus... Wed Aug 24 06:36:33 2005 => Checking for Swen Virus... Wed Aug 24 06:36:33 2005 => Checking for JS.Fortnight Virus... Wed Aug 24 06:36:33 2005 => Checking for Novarg Virus... Wed Aug 24 06:36:33 2005 => Checking for Pagabot Virus... Wed Aug 24 06:36:33 2005 => Checking for Parite.b Virus... Wed Aug 24 06:36:33 2005 => Checking for Parite.a Virus... Wed Aug 24 06:36:33 2005 => Checking for Adware.SeekSeek Virus... Wed Aug 24 06:36:33 2005 => ***** Scanning complete. ***** Wed Aug 24 06:36:33 2005 => Total Objects Scanned: 20863 Wed Aug 24 06:36:33 2005 => Total Virus(es) Found: 3 Wed Aug 24 06:36:33 2005 => Total Disinfected Files: 0 Wed Aug 24 06:36:33 2005 => Total Files Renamed: 0 Wed Aug 24 06:36:33 2005 => Total Deleted Objects: 0 Wed Aug 24 06:36:33 2005 => Total Errors: 115 Wed Aug 24 06:36:33 2005 => Time Elapsed: 00:02:30 Wed Aug 24 06:36:33 2005 => Virus Database Date: 2005/08/22 Wed Aug 24 06:36:33 2005 => Virus Database Count: 144970 Wed Aug 24 06:36:34 2005 => Scan Completed. Wed Aug 24 06:39:36 2005 => Virus Database Date: 2005/08/22 Wed Aug 24 06:39:36 2005 => Virus Database Count: 144970 Wed Aug 24 06:39:37 2005 => Virus Database Date: 2005/08/22 Wed Aug 24 06:39:37 2005 => Virus Database Count: 144970 Wed Aug 24 06:39:39 2005 => Virus Database Date: 2005/08/22 Wed Aug 24 06:39:39 2005 => Virus Database Count: 144970 Wed Aug 24 06:39:40 2005 => Virus Database Date: 2005/08/22 Wed Aug 24 06:39:40 2005 => Virus Database Count: 144970 Wed Aug 24 06:39:41 2005 => Virus Database Date: 2005/08/22 Wed Aug 24 06:39:41 2005 => Virus Database Count: 144970 Wed Aug 24 06:39:42 2005 => Virus Database Date: 2005/08/22 Wed Aug 24 06:39:42 2005 => Virus Database Count: 144970 Wed Aug 24 06:39:43 2005 => Virus Database Date: 2005/08/22 Wed Aug 24 06:39:43 2005 => Virus Database Count: 144970 Wed Aug 24 06:39:45 2005 => Virus Database Date: 2005/08/22 Wed Aug 24 06:39:45 2005 => Virus Database Count: 144970 Wed Aug 24 06:39:45 2005 => AV Library Unloaded (3)... |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 05:11 Uhr. |
Copyright ©2000-2025, Trojaner-Board