|
Hi cronos, hier die daten von der mwav.log datei - teil 1 von 3 (zu viele daten, muss sie leider aufteilen - sorry)... vielen dank für deine hilfe... grüsse y. TUESDAY 31.05.2005 C:\WINDOWS\system32\hfadygd.dll infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken. c:\windows\system32\evzqjew.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\hfadygd.dll infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\qslos.dll infected by "not-a-virus:AdWare.Adstart.i" Virus. Action Taken: No Action Taken. c:\windows\system32\evzqjew.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. C:\WINDOWS\SYSTEM32\HDIDYEJ.SYS infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\hdimyas.exe infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken. System found infected with BookedSpace Spyware/Adware ({a85c4a1b-bd36-44e5-a70f-8ec347d9b24f})! Action taken: No Action Taken. Tue May 31 22:34:18 2005 => File System Found infected by "BookedSpace Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 31 22:34:19 2005 => System found infected with Bargain Buddy Spyware/Adware ({ce188402-6ee7-4022-8868-ab25173a3e14})! Action taken: No Action Taken. Tue May 31 22:34:19 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 31 22:34:19 2005 => System found infected with Bargain Buddy Spyware/Adware ({f4e04583-354e-4076-be7d-ed6a80fd66da})! Action taken: No Action Taken. Tue May 31 22:34:19 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 31 22:34:19 2005 => System found infected with AdRotator Spyware/Adware ({1cfb8b32-4053-4144-af6f-1540eec7f101})! Action taken: No Action Taken. Tue May 31 22:34:19 2005 => File System Found infected by "AdRotator Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 31 22:34:19 2005 => Offending value found in HKLM\Software\myway !!! Tue May 31 22:34:19 2005 => System found infected with myway Spyware/Adware! Action taken: No Action Taken. Tue May 31 22:34:19 2005 => File System Found infected by "myway Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 31 22:34:19 2005 => Offending value found in HKLM\Software\bookedspace !!! Tue May 31 22:34:19 2005 => System found infected with bookedspace Spyware/Adware! Action taken: No Action Taken. Tue May 31 22:34:19 2005 => File System Found infected by "bookedspace Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 31 22:34:41 2005 => System found infected with AdRotator Spyware/Adware (hiwinnager.dat)! Action taken: No Action Taken. Tue May 31 22:34:41 2005 => File System Found infected by "AdRotator Spyware/Adware" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\adstartup.exe infected by "not-a-virus:AdWare.Adstart.h" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\GSM3-0511.exe infected by "Trojan.Win32.Registrator.b" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\hoapefe.vxd infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\hpikeci.exe infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\htijebl.exe infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\install_ID6.exe infected by "not-a-virus:AdWare.Adstart.i" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\modgxyz.exe infected by "not-a-virus:AdWare.Adstart.d" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\qslosc.exe infected by "not-a-virus:AdWare.Adstart.h" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\qslosd.exe infected by "not-a-virus:AdWare.Adstart.b" Virus. Action Taken: No Action Taken. Tue May 31 22:36:32 2005 => Scanning File C:\WINDOWS\system32\qslose.xml Tue May 31 22:36:32 2005 => Scanning File C:\WINDOWS\system32\qslosf.exe Tue May 31 22:36:32 2005 => File C:\WINDOWS\system32\qslosf.exe infected by "not-a-virus:AdWare.Adstart.d" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\SWin32.dll infected by "not-a-virus:AdWare.Adstart.i" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\unpack.exe infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\York\LOKALE~1\Temp\bs52.tmpbsx32\bbrs2.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken. Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs53.tmp [**] Tue May 31 22:37:41 2005 => Scanning Folder: C:\DOKUME~1\York\LOKALE~1\Temp\bs53.tmpbsx32\*.* Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs53.tmpbsx32\bbrs2.exe Tue May 31 22:37:41 2005 => File C:\DOKUME~1\York\LOKALE~1\Temp\bs53.tmpbsx32\bbrs2.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken. Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs5319.tmp [**] Tue May 31 22:37:41 2005 => Scanning Folder: C:\DOKUME~1\York\LOKALE~1\Temp\bs5319.tmpbsx32\*.* Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs5319.tmpbsx32\bbrs2.exe Tue May 31 22:37:41 2005 => File C:\DOKUME~1\York\LOKALE~1\Temp\bs5319.tmpbsx32\bbrs2.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken. Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs54F.tmp [**] Tue May 31 22:37:41 2005 => Scanning Folder: C:\DOKUME~1\York\LOKALE~1\Temp\bs54F.tmpbsx32\*.* Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs54F.tmpbsx32\bbrs2.exe Tue May 31 22:37:41 2005 => File C:\DOKUME~1\York\LOKALE~1\Temp\bs54F.tmpbsx32\bbrs2.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\York\LOKALE~1\Temp\i8.tmp infected by "not-a-virus:AdWare.SurfSide.j" Virus. Action Taken: No Action Taken. Tue May 31 22:39:25 2005 => ***** Scanning complete. ***** Tue May 31 22:39:25 2005 => Total Objects Scanned: 5331 Tue May 31 22:39:25 2005 => Total Virus(es) Found: 31 Tue May 31 22:39:25 2005 => Total Disinfected Files: 0 Tue May 31 22:39:25 2005 => Total Files Renamed: 0 Tue May 31 22:39:25 2005 => Total Deleted Objects: 0 Tue May 31 22:39:25 2005 => Total Errors: 8 Tue May 31 22:39:25 2005 => Time Elapsed: 00:05:54 Tue May 31 22:39:25 2005 => Virus Database Date: 2005/04/25 Tue May 31 22:39:25 2005 => Virus Database Count: 127328 |
Teil 2 von 3... THURSDAY 02.06.2005 System found infected with BookedSpace Spyware/Adware ({a85c4a1b-bd36-44e5-a70f-8ec347d9b24f})! Action taken: No Action Taken. Thu Jun 02 23:39:47 2005 => File System Found infected by "BookedSpace Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Jun 02 23:39:47 2005 => System found infected with Bargain Buddy Spyware/Adware ({ce188402-6ee7-4022-8868-ab25173a3e14})! Action taken: No Action Taken. Thu Jun 02 23:39:47 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Jun 02 23:39:47 2005 => System found infected with Bargain Buddy Spyware/Adware ({f4e04583-354e-4076-be7d-ed6a80fd66da})! Action taken: No Action Taken. Thu Jun 02 23:39:47 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Jun 02 23:39:47 2005 => Offending value found in HKLM\Software\myway !!! Thu Jun 02 23:39:47 2005 => System found infected with myway Spyware/Adware! Action taken: No Action Taken. Thu Jun 02 23:39:47 2005 => File System Found infected by "myway Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Jun 02 23:39:47 2005 => Offending value found in HKLM\Software\bookedspace !!! Thu Jun 02 23:39:47 2005 => System found infected with bookedspace Spyware/Adware! Action taken: No Action Taken. Thu Jun 02 23:39:47 2005 => File System Found infected by "bookedspace Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Jun 02 23:40:06 2005 => ***** Scanning complete. ***** Thu Jun 02 23:40:06 2005 => Total Objects Scanned: 862 Thu Jun 02 23:40:06 2005 => Total Virus(es) Found: 5 Thu Jun 02 23:40:06 2005 => Total Disinfected Files: 0 Thu Jun 02 23:40:06 2005 => Total Files Renamed: 0 Thu Jun 02 23:40:06 2005 => Total Deleted Objects: 0 Thu Jun 02 23:40:06 2005 => Total Errors: 0 Thu Jun 02 23:40:06 2005 => Time Elapsed: 00:01:09 Thu Jun 02 23:40:06 2005 => Virus Database Date: 2005/04/25 Thu Jun 02 23:40:06 2005 => Virus Database Count: 127328 Thu Jun 02 23:40:06 2005 => Scan Completed. SATURDAY 04.06.2005 Sat Jun 04 19:34:54 2005 => ***** Scanning Registry and File system for Adware/Spyware ***** Sat Jun 04 19:34:54 2005 => System found infected with BookedSpace Spyware/Adware ({a85c4a1b-bd36-44e5-a70f-8ec347d9b24f})! Action taken: No Action Taken. Sat Jun 04 19:34:54 2005 => Object "BookedSpace Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:34:54 2005 => System found infected with Bargain Buddy Spyware/Adware ({ce188402-6ee7-4022-8868-ab25173a3e14})! Action taken: No Action Taken. Sat Jun 04 19:34:54 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:34:54 2005 => System found infected with Bargain Buddy Spyware/Adware ({f4e04583-354e-4076-be7d-ed6a80fd66da})! Action taken: No Action Taken. Sat Jun 04 19:34:54 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:34:58 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!! Sat Jun 04 19:34:58 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:34:58 2005 => Offending value found in HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\TopText iLookup !!! Sat Jun 04 19:34:58 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:34:59 2005 => Offending value found in HKLM\Software\myway !!! Sat Jun 04 19:34:59 2005 => Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:35:01 2005 => Offending value found in HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\addestroyer !!! Sat Jun 04 19:35:01 2005 => Object "AdDestroyer Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:35:01 2005 => Offending value found in HKLM\Software\bookedspace !!! Sat Jun 04 19:35:01 2005 => Object "BookedSpace Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:35:02 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\MediaLoads Enhanced !!! Sat Jun 04 19:35:02 2005 => Object "MediaLoads Enhanced Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:35:17 2005 => System found infected with farmmext Spyware/Adware (farmmext.ini)! Action taken: No Action Taken. Sat Jun 04 19:35:17 2005 => Object "farmmext Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:35:17 2005 => System found infected with farmmext Spyware/Adware (farmmext.inf)! Action taken: No Action Taken. Sat Jun 04 19:35:17 2005 => Object "farmmext Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:35:29 2005 => ***** Scanning complete. ***** Sat Jun 04 19:35:29 2005 => Total Objects Scanned: 11931 Sat Jun 04 19:35:29 2005 => Total Virus(es) Found: 13 Sat Jun 04 19:35:29 2005 => Total Disinfected Files: 0 Sat Jun 04 19:35:29 2005 => Total Files Renamed: 0 Sat Jun 04 19:35:29 2005 => Total Deleted Objects: 0 Sat Jun 04 19:35:29 2005 => Total Errors: 70 Sat Jun 04 19:35:29 2005 => Time Elapsed: 00:01:31 Sat Jun 04 19:35:29 2005 => Virus Database Date: 2005/05/29 Sat Jun 04 19:35:29 2005 => Virus Database Count: 132253 Sat Jun 04 19:35:29 2005 => Scan Completed. |
teil 3 von 3.... vielen dank... y. Virus Log Information vom 04.06.2005 File C:\WINDOWS\cfgmgr51.dll tagged as "not-a-virus:AdWare.BookedSpace.e". Action Taken: No Action Taken. File C:\WINDOWS\System32\psoft1.exe tagged as "not-a-virus:AdWare.Pacer.f". Action Taken: No Action Taken. Object "BookedSpace Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "AdDestroyer Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "BookedSpace Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "MediaLoads Enhanced Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "farmmext Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "farmmext Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HbInstIE.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstallationsAssistent.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\York\LOKALE~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USWebUncoated.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\AppleRGB.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\ColorMatchRGB.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\EuroscaleCoated.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\EuroscaleUncoated.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\JapanStandard.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\sRGB Color Space Profile.icm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USSheetfedCoated.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USSheetfedUncoated.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USWebCoatedSWOP.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\AdobeRGB1998.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\WideGamutRGB.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\NTSC1953.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\PAL_SECAM.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\SMPTE-C.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\CIERGB.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\Photoshop5DefaultCMYK.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\Photoshop4DefaultCMYK.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\DIMM.DLL". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstallationsAssistent.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HbInstIE.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Shell\psicon.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{22B9A67D-E689-44B6-B775-0E8FE84B4F9B}" refers to invalid object "C:\WINDOWS\system32\hfadygd.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{29FF67FF-8050-480f-9F30-CC41635F2F9D}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}" refers to invalid object "C:\WINDOWS\system32\PopOops2.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{43918f8f-f3be-4760-b4bb-6c89d9d91487}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{44b09a5f-5dee-4539-8001-d4b2d45c2876}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{63CCB35F-4B6C-11D2-BA18-00A024BF101B}" refers to invalid object "C:\Programme\Canon\PhotoRecord\OpPrintCom\OpPrintCom.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{6b177e4f-2743-4a6d-8f31-d2efa4636bee}" refers to invalid object "C:\WINDOWS\system32\qqark.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{70B51430-B6CA-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{73381E35-92F2-B604-12D0-26B9BA6ACAEE}" refers to invalid object "C:\WINDOWS\System32\vrggv\atgvdxr.exe". Action Taken: No Action Taken. Entry "HKCR\CLSID\{8298d101-f992-43b7-8eca-5052d885b995}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{8C875948-9C60-4381-9248-0DF180542D53}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HbInstIE.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{96632d1e-f3eb-4f54-ba79-9969692db659}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbuiwinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F}" refers to invalid object "C:\WINDOWS\bs3.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A9E69612-B80D-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}" refers to invalid object "C:\WINDOWS\System32\nvms.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{B5DEAC82-1997-4EE0-8C8A-1C2DCCE145B0}" refers to invalid object "C:\WINDOWS\system32\qslos.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{B6E2506C-3B9C-5B43-3671-A098AB5402C4}" refers to invalid object "C:\WINDOWS\System32\yndal\fvyqadsv.exe". Action Taken: No Action Taken. Entry "HKCR\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}" refers to invalid object "C:\WINDOWS\System32\mscb.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D0E02707-7B4A-3104-AFED-807117DD1052}" refers to invalid object "C:\WINDOWS\System32\oaxdeg\wqnko.exe". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D2C9BFF8-DD93-483C-AFCB-3F910EB3AF9D}" refers to invalid object "C:\WINDOWS\system32\Kceji.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{d4387178-98ca-4929-b8e3-a11cd2f333a6}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}" refers to invalid object "C:\WINDOWS\system32\SWLAD1.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F0BC061F-DAF9-4533-8011-53BCB4C10307}" refers to invalid object "C:\WINDOWS\DOWNLO~1\INSTAL~1.OCX". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}" refers to invalid object "C:\WINDOWS\System32\msbe.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{f612954d-3b0b-4c56-9563-227b7be624b4}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{fba38bcf-e23d-4979-811e-1326bbadb8c8}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlApple.CddbFullName.1" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlApple.FullName" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken. Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken. Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Entry "HKCR\MakeCab.DirectSoundFXGarglePage.3" refers to invalid object "{527CCD03-918D-43D1-0A47-7570B345E1E8}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. |
hallo alle zusammen, da cronos derzeit nicht mehr online ist - vielleicht kann ein anderer mir bitte helfen.... ich habe probleme mit verschiedenen trojaner und droppern... (siehe erster eintrag) -> hier mein hijackthis logfile... mein log file von escan findet weiter unten(eintrag 16-18)... würde mich freuen, wenn mir einer weiterhelfen könnte... vielen dank an euch alle im vorraus... york Logfile of HijackThis v1.99.1 Scan saved at 20:11:05, on 02.06.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe C:\WINDOWS\system32\atiptaxx.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\Hcontrol.exe C:\WINDOWS\system32\WLANSTA.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system\grcprpv.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.ex e C:\Programme\Kodak\KODAK Bildübertragungssoftware\pts.exe C:\WINDOWS\ATKOSD.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Programme\iPod\bin\iPodService.exe E:\downloads\hijackthis\HijackThis.exe O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\system32\hfadygd.dll (file missing) O2 - BHO: (no name) - {E022E241-CD5D-A89C-E000-1A87C01EC4F0} - C:\WINDOWS\system32\cdapp\qyobofgjhw.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [ServiceLayer] C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\Hcontrol.exe O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\System32\psoft1.exe O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.ex e O4 - Global Startup: KODAK Bildübertragungssoftware.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - h**p://install.sms-bereich.de/InstallationsAssistent.ocx O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 09:03 Uhr. |
Copyright ©2000-2024, Trojaner-Board