|
Hier ein Teil da steht so weit ich das sehn kann was von gelöscht... ich kann leider nicht den gesamten log posten weil sonst alles abstürzt :( Mon Jan 08 15:57:56 2007 => ***** Scanning Registry and File system for Adware/Spyware ***** Mon Jan 08 15:57:56 2007 => Loading Spyware Signatures from new External Database (Size: 197410). Mon Jan 08 15:57:56 2007 => Indexed Spyware Databases Successfully Created... Mon Jan 08 15:58:00 2007 => Deleting Registry Key: HKLM\Software\magnet Mon Jan 08 15:58:00 2007 => Offending Key found: HKLM\Software\magnet !!! Mon Jan 08 15:58:00 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed. Mon Jan 08 15:58:00 2007 => Deleting Registry Key: HKCU\\magnet Mon Jan 08 15:58:00 2007 => Offending Key found: HKCU\\magnet !!! Mon Jan 08 15:58:00 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed. Mon Jan 08 15:58:01 2007 => Deleting Registry Key: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusave Mon Jan 08 15:58:01 2007 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusave !!! Mon Jan 08 15:58:01 2007 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: Entries Removed. Mon Jan 08 15:58:01 2007 => Deleting Registry Key: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusearch Mon Jan 08 15:58:01 2007 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusearch !!! Mon Jan 08 15:58:01 2007 => Object "whenu/search Spyware/Adware" found in File System! Action Taken: Entries Removed. Mon Jan 08 15:58:01 2007 => Deleting Registry Key: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusearchwhse Mon Jan 08 15:58:01 2007 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusearchwhse !!! Mon Jan 08 15:58:01 2007 => Object "whenu/search Spyware/Adware" found in File System! Action Taken: Entries Removed. Mon Jan 08 15:59:15 2007 => Offending file found: C:\DOKUME~1\ALLUSE~1\STARTM~1\PROGRA~1\yahoo!\spiele\poker.url Mon Jan 08 15:59:15 2007 => System found infected with smitfraud Browser Hijacker (poker.url)! Action taken: Entries Removed. Mon Jan 08 15:59:15 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: Entries Removed. Mon Jan 08 15:59:20 2007 => Checking CLSID Reference Entries... Mon Jan 08 15:59:21 2007 => Entry "HKCR\DirectAnimation.PathControl" refers to invalid object "{D7A7D7C3-D47F-11D0-89D3-00A0C90833E6}". Action Taken: Entries Removed. Mon Jan 08 15:59:21 2007 => Entry "HKCR\DirectAnimation.Sequence" refers to invalid object "{4F241DB1-EE9F-11D0-9824-006097C99E51}". Action Taken: Entries Removed. Mon Jan 08 15:59:21 2007 => Entry "HKCR\DirectAnimation.SequencerControl" refers to invalid object "{B0A6BAE2-AAF0-11D0-A152-00A0C908DB96}". Action Taken: Entries Removed. Mon Jan 08 15:59:21 2007 => Entry "HKCR\DirectAnimation.SpriteControl" refers to invalid object "{FD179533-D86E-11D0-89D6-00A0C90833E6}". Action Taken: Entries Removed. Mon Jan 08 15:59:21 2007 => Entry "HKCR\DirectAnimation.StructuredGraphicsControl" refers to invalid object "{369303C2-D7AC-11D0-89D5-00A0C90833E6}". Action Taken: Entries Removed. Mon Jan 08 15:59:22 2007 => Entry "HKCR\Microsoft.XMLHTTP.1" refers to invalid object "{ED8C108E-4349-11D2-91A4-00C04F7969E8}". Action Taken: Entries Removed. Mon Jan 08 15:59:23 2007 => Checking Module Usage Entries... Mon Jan 08 15:59:23 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx". Action Taken: Entries Removed. Mon Jan 08 15:59:23 2007 => Checking User Trusted External App Entries... Mon Jan 08 15:59:23 2007 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""C:\Programme\Java\jre1.5.0_04\bin\javaws.exe"". Action Taken: Entries Removed. Mon Jan 08 15:59:23 2007 => Checking Shared DLL Entries... Mon Jan 08 15:59:24 2007 => Checking Installer Entries... Mon Jan 08 15:59:24 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Common Client\". Action Taken: Entries Removed. Mon Jan 08 15:59:24 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton Internet Security\". Action Taken: Entries Removed. Mon Jan 08 15:59:24 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton Internet Security\". Action Taken: Entries Removed. Mon Jan 08 15:59:24 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\". Action Taken: Entries Removed. Mon Jan 08 15:59:24 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton Internet Security\Norton AntiVirus\". Action Taken: Entries Removed. Mon Jan 08 15:59:24 2007 => Checking Shared Tools Entries... Mon Jan 08 15:59:24 2007 => Checking File Extension Entries... Mon Jan 08 15:59:24 2007 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".98". Action Taken: Entries Removed. Mon Jan 08 15:59:24 2007 => Checking Application Cache Entries... Mon Jan 08 15:59:24 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ZoneAlarm". Action Taken: Entries Removed. Mon Jan 08 15:59:24 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0496D9E8-224B-4AFA-8F37-23B98D52F1EB}". Action Taken: Entries Removed. Mon Jan 08 15:59:24 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2318C2B1-4965-11d4-9B18-009027A5CD4F}". Action Taken: Entries Removed. Mon Jan 08 15:59:24 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3248F0A8-6813-11D6-A77B-00B0D0150040}". Action Taken: Entries Removed. Mon Jan 08 15:59:24 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000702}". Action Taken: Entries Removed. Mon Jan 08 15:59:24 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000703}". Action Taken: Entries Removed. Mon Jan 08 15:59:24 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000704}". Action Taken: Entries Removed. Mon Jan 08 15:59:24 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1031-7B44-A70000000000}". Action Taken: Entries Removed. Mon Jan 08 15:59:24 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B005394D-5A4D-6AE4-CB08-F59CDC9A255C}". Action Taken: Entries Removed. |
Deswegen ist die Anleitung auch so ausführlich, weils da ne Menge zu beachten gilt. Schau dir den unteren Teil der Anleitung nochmal genau an. Da gibt es die Datei FIND.BAT! |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 06:00 Uhr. |
Copyright ©2000-2025, Trojaner-Board