Home » Spyware & Browser Hijacker Support Forum » Trojaner - Opopdo, Tcom-rechnung.pdf.exe » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Trojaner - Opopdo, Tcom-rechnung.pdf.exe

15.08.2005, 14:41

Manja

...neu hier

Beiträge: 5

#1 Hi, ich war so dämlich und hab mir diesen Virus eingefangen.

Könnt Ihr mir bitte sagen, ob ich alle infizierte Dateien losgeworden bin, oder ob es bei mir noch Probleme gibt?

Anbei die HIJACKTHIS-Logdatei.

Vielen Dank für Eure Unterstützung.

Logfile of HijackThis v1.99.0
Scan saved at 14:33:28, on 15.08.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Netscape\Netscape\Netscp.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programme\Nikon\PictureProject\NkbMonitor.exe
C:\Programme\Nikon\NkView5\NkvMon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\Norton Personal Firewall\ISSVC.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Ingrid\virus\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://de.docs.yahoo.com/info/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] "C:\Programme\T-Online\Dialerschutz-Software\Defender.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB003" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programme\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Programme\Nikon\NkView5\NkvMon.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Dokumente und Einstellungen\eberhard\Eigene Dateien\Download\iview350g\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/307cd1f98cabd5f80805/netzip/RdxIE601_de.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42A3FE49-2792-4195-AABB-FD942F172D1E}: NameServer = 217.237.150.141 217.237.151.161
O17 - HKLM\System\CS1\Services\Tcpip\..\{42A3FE49-2792-4195-AABB-FD942F172D1E}: NameServer = 217.237.150.141 217.237.151.161
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Dialerschutz Dienst - Unknown - C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
O23 - Service: Symantec Licensing Detect Internet Connection - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: ISSvc - Symantec Corporation - C:\Programme\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

15.08.2005, 15:03

Gool

Member

Beiträge: 4730

#2 Nein, hast Du anscheiend nicht. Du hast evtl. den Virus über ein Mail-Programm heruntergeladen, aber ausgeführt wurde er nicht.

Die typischen Prozesse fehlen - überhaupt sind gar keine verdächtigen Prozesse zu erkennen.

Siehe: http://board.protecus.de/t18796.htm
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

15.08.2005, 15:26

Manja

...neu hier

Themenstarter

Beiträge: 5

#3 Hmm, ich glaube schon, daß er zur Ausführung gekommen ist, Informationen in dieser Richtung hatte ich. Immerhin bin ich seit freitag abend am rumbasteln und hab alle mögliche Cleaner über meinen PC laufen lassen - bin überhaupt froh, daß er jetzt immer noch läuft.
Ich wollte mir nur ganz sicher sein und hab Euch noch mal gefragt.

Vielen Dank für die Info - jetzt fällt mir ein Stein vom Herzen.

15.08.2005, 15:35

Sabina

Ehrenmitglied

Beiträge: 29434

#4 Hallo@Manja

Info:
http://virus-protect.org/phishing1.html

scanne noch mal mit escan , bitte (zur Ueberpruefung)
http://virus-protect.org/escan.html
__________
MfG Sabina

rund um die PC-Sicherheit

15.08.2005, 19:55

Manja

...neu hier

Themenstarter

Beiträge: 5

#5 hi sabina, anbei der output zu escan:

--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Mon Aug 15 18:36:30 2005 => System found infected with WindUpdate Spyware/Adware (ide21201.vxd)! Action taken: No Action Taken.
2: Mon Aug 15 19:01:15 2005 => File C:\System Volume Information\_restore{BA671CE2-35CE-4E1A-8BF0-F5F3A9D000F9}\RP801\A0123723.exe infected by "not-virus:BadJoke.Win32.Delf.m" Virus! Action Taken: No Action Taken.
3: Mon Aug 15 19:01:15 2005 => File C:\System Volume Information\_restore{BA671CE2-35CE-4E1A-8BF0-F5F3A9D000F9}\RP801\A0123724.exe infected by "Trojan.Win32.Dialer.e" Virus! Action Taken: No Action Taken.

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Mon Aug 15 18:45:45 2005 => File C:\Ingrid\spiele\FroggiesSetup-dm.exe tagged as "not-a-virus:AdWare.Trymedia.a". Action Taken: No Action Taken.
2: Mon Aug 15 18:57:55 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5CD75BF3.exe tagged as "not-a-virus

orn-Dialer.Win32.ALifeDialer". Action Taken: No Action Taken.
3: Mon Aug 15 18:57:55 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7CA62867.dll tagged as "not-a-virus:AdWare.WinAD.be". Action Taken: No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Mon Aug 15 18:36:02 2005 => ERROR!!! Invalid Entry Symantec Network Driver Update Warning = C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
2: Mon Aug 15 18:36:07 2005 => ERROR!!! Invalid Entry \SystemRoot\System32\DRIVERS\aic78u2.sys in SYSTEM\CurrentControlSet\Services\aic78u2...
3: Mon Aug 15 18:36:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken.
4: Mon Aug 15 18:36:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
5: Mon Aug 15 18:36:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
6: Mon Aug 15 18:36:39 2005 => Entry "HKCR\CLSID\{00000000-0000-0000-0000-000000000010}" refers to invalid object "c:\programme\steganos trace destructor 4\shredderse.dll". Action Taken: No Action Taken.
7: Mon Aug 15 18:36:39 2005 => Entry "HKCR\CLSID\{00000000-0000-0000-0000-000000000054}" refers to invalid object "blank". Action Taken: No Action Taken.
8: Mon Aug 15 18:36:39 2005 => Entry "HKCR\CLSID\{000287CC-0000-0000-C000-000000000046}" refers to invalid object "apprclip.dll". Action Taken: No Action Taken.
9: Mon Aug 15 18:36:39 2005 => Entry "HKCR\CLSID\{02808F47-5D49-11D4-968F-0050043E7019}" refers to invalid object "blank". Action Taken: No Action Taken.
10: Mon Aug 15 18:36:40 2005 => Entry "HKCR\CLSID\{04A65120-53BC-11D3-AB65-0050040B11C1}" refers to invalid object "blank". Action Taken: No Action Taken.
11: Mon Aug 15 18:36:40 2005 => Entry "HKCR\CLSID\{04A65122-53BC-11D3-AB65-0050040B11C1}" refers to invalid object "blank". Action Taken: No Action Taken.
12: Mon Aug 15 18:36:40 2005 => Entry "HKCR\CLSID\{060676AF-344A-11D3-958B-0050043E7019}" refers to invalid object "blank". Action Taken: No Action Taken.
13: Mon Aug 15 18:36:40 2005 => Entry "HKCR\CLSID\{07E7FA23-21F7-11D2-8A0A-0020AFD4AC22}" refers to invalid object "blank". Action Taken: No Action Taken.
14: Mon Aug 15 18:36:40 2005 => Entry "HKCR\CLSID\{08AF7303-8B35-47B3-BFA6-DA5A16C6661E}" refers to invalid object "blank". Action Taken: No Action Taken.
15: Mon Aug 15 18:36:40 2005 => Entry "HKCR\CLSID\{09CED015-9183-11D1-83F4-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
16: Mon Aug 15 18:36:40 2005 => Entry "HKCR\CLSID\{0B4E8CC5-B1BB-11D1-8416-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
17: Mon Aug 15 18:36:40 2005 => Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "blank". Action Taken: No Action Taken.
18: Mon Aug 15 18:36:40 2005 => Entry "HKCR\CLSID\{0BEF29F8-75F8-4D3A-B7EB-07880F26BB78}" refers to invalid object "blank". Action Taken: No Action Taken.
19: Mon Aug 15 18:36:40 2005 => Entry "HKCR\CLSID\{0C5B0CED-206B-4c39-B615-0EB23C824612}" refers to invalid object "blank". Action Taken: No Action Taken.
20: Mon Aug 15 18:36:41 2005 => Entry "HKCR\CLSID\{0F8FC365-1137-11D4-B6AA-005004421F66}" refers to invalid object "blank". Action Taken: No Action Taken.
21: Mon Aug 15 18:36:41 2005 => Entry "HKCR\CLSID\{0FB57EE1-5534-11D3-ABBD-005004476A72}" refers to invalid object "blank". Action Taken: No Action Taken.
22: Mon Aug 15 18:36:41 2005 => Entry "HKCR\CLSID\{0FB57EE3-5534-11D3-ABBD-005004476A72}" refers to invalid object "blank". Action Taken: No Action Taken.
23: Mon Aug 15 18:36:41 2005 => Entry "HKCR\CLSID\{0FB57EE5-5534-11D3-ABBD-005004476A72}" refers to invalid object "blank". Action Taken: No Action Taken.
24: Mon Aug 15 18:36:41 2005 => Entry "HKCR\CLSID\{11C778C8-6B45-11D1-83D7-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
25: Mon Aug 15 18:36:41 2005 => Entry "HKCR\CLSID\{11C778CB-6B45-11D1-83D7-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
26: Mon Aug 15 18:36:41 2005 => Entry "HKCR\CLSID\{11C778CD-6B45-11D1-83D7-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
27: Mon Aug 15 18:36:41 2005 => Entry "HKCR\CLSID\{170B3CB0-FE6E-11d3-9C33-00E0290CD0E3}" refers to invalid object "blank". Action Taken: No Action Taken.
28: Mon Aug 15 18:36:41 2005 => Entry "HKCR\CLSID\{177A2E23-282D-11D1-83A2-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
29: Mon Aug 15 18:36:41 2005 => Entry "HKCR\CLSID\{183F22A0-B20D-11d3-87AA-00104B484A18}" refers to invalid object "blank". Action Taken: No Action Taken.
30: Mon Aug 15 18:36:41 2005 => Entry "HKCR\CLSID\{1B86C849-7BFE-4DA5-9067-1E09834A7D28}" refers to invalid object "blank". Action Taken: No Action Taken.
31: Mon Aug 15 18:36:41 2005 => Entry "HKCR\CLSID\{1DD02726-012D-48e7-80E1-BA8E00A20ECB}" refers to invalid object "blank". Action Taken: No Action Taken.
32: Mon Aug 15 18:36:41 2005 => Entry "HKCR\CLSID\{1E3FE20B-5E5B-11D4-9690-0050043E7019}" refers to invalid object "blank". Action Taken: No Action Taken.
33: Mon Aug 15 18:36:41 2005 => Entry "HKCR\CLSID\{1E3FE20C-5E5B-11D4-9690-0050043E7019}" refers to invalid object "blank". Action Taken: No Action Taken.
34: Mon Aug 15 18:36:41 2005 => Entry "HKCR\CLSID\{1E3FE20D-5E5B-11D4-9690-0050043E7019}" refers to invalid object "blank". Action Taken: No Action Taken.
35: Mon Aug 15 18:36:42 2005 => Entry "HKCR\CLSID\{216B0FBD-5ECA-11D4-9691-0050043E7019}" refers to invalid object "blank". Action Taken: No Action Taken.
36: Mon Aug 15 18:36:42 2005 => Entry "HKCR\CLSID\{216B0FBF-5ECA-11D4-9691-0050043E7019}" refers to invalid object "blank". Action Taken: No Action Taken.
37: Mon Aug 15 18:36:42 2005 => Entry "HKCR\CLSID\{2171BA65-D5C8-11D1-8430-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
38: Mon Aug 15 18:36:42 2005 => Entry "HKCR\CLSID\{228906F1-3320-11d5-9777-0004760D5ED5}" refers to invalid object "blank". Action Taken: No Action Taken.
39: Mon Aug 15 18:36:42 2005 => Entry "HKCR\CLSID\{259A9A2B-7754-11D4-8FCA-00E029443205}" refers to invalid object "blank". Action Taken: No Action Taken.
40: Mon Aug 15 18:36:42 2005 => Entry "HKCR\CLSID\{259A9A2C-7754-11D4-8FCA-00E029443205}" refers to invalid object "blank". Action Taken: No Action Taken.
41: Mon Aug 15 18:36:42 2005 => Entry "HKCR\CLSID\{259A9A2D-7754-11D4-8FCA-00E029443205}" refers to invalid object "blank". Action Taken: No Action Taken.
42: Mon Aug 15 18:36:43 2005 => Entry "HKCR\CLSID\{29225AF3-5883-11D4-ACF7-005004476A72}" refers to invalid object "blank". Action Taken: No Action Taken.
43: Mon Aug 15 18:36:43 2005 => Entry "HKCR\CLSID\{2B012A00-53CF-11D3-AB65-0050040B11C1}" refers to invalid object "blank". Action Taken: No Action Taken.
44: Mon Aug 15 18:36:43 2005 => Entry "HKCR\CLSID\{2B012A02-53CF-11D3-AB65-0050040B11C1}" refers to invalid object "blank". Action Taken: No Action Taken.
45: Mon Aug 15 18:36:43 2005 => Entry "HKCR\CLSID\{2DD22D42-3DF0-11d4-966B-0050043E7019}" refers to invalid object "blank". Action Taken: No Action Taken.
46: Mon Aug 15 18:36:43 2005 => Entry "HKCR\CLSID\{2ED32C03-1132-11D4-B6AA-005004421F66}" refers to invalid object "blank". Action Taken: No Action Taken.
47: Mon Aug 15 18:36:43 2005 => Entry "HKCR\CLSID\{37083329-23CA-11D3-8E63-00104B48D0F6}" refers to invalid object "blank". Action Taken: No Action Taken.
48: Mon Aug 15 18:36:43 2005 => Entry "HKCR\CLSID\{37D18931-D2EC-11D3-8F21-00104B48D0F6}" refers to invalid object "blank". Action Taken: No Action Taken.
49: Mon Aug 15 18:36:43 2005 => Entry "HKCR\CLSID\{38B83DB3-113A-11D4-B6AA-005004421F66}" refers to invalid object "blank". Action Taken: No Action Taken.
50: Mon Aug 15 18:36:43 2005 => Entry "HKCR\CLSID\{39139F11-04BB-11D4-BCFC-00105AF65260}" refers to invalid object "blank". Action Taken: No Action Taken.
51: Mon Aug 15 18:36:44 2005 => Entry "HKCR\CLSID\{3D1F3600-89F5-11D2-867B-00104B484A18}" refers to invalid object "blank". Action Taken: No Action Taken.
52: Mon Aug 15 18:36:44 2005 => Entry "HKCR\CLSID\{3DC94623-F705-4E59-A502-D04534467968}" refers to invalid object "blank". Action Taken: No Action Taken.
53: Mon Aug 15 18:36:44 2005 => Entry "HKCR\CLSID\{40CE7770-C9A4-11d3-87BB-00104B484A18}" refers to invalid object "blank". Action Taken: No Action Taken.
54: Mon Aug 15 18:36:44 2005 => Entry "HKCR\CLSID\{412EEE72-3C10-11D2-BF8D-0020AFC9B1C6}" refers to invalid object "blank". Action Taken: No Action Taken.
55: Mon Aug 15 18:36:44 2005 => Entry "HKCR\CLSID\{412EEE91-3C10-11D2-BF8D-0020AFC9B1C6}" refers to invalid object "blank". Action Taken: No Action Taken.
56: Mon Aug 15 18:36:44 2005 => Entry "HKCR\CLSID\{4320AFD3-E668-49B1-86D4-D46A8D1BA998}" refers to invalid object "blank". Action Taken: No Action Taken.
57: Mon Aug 15 18:36:44 2005 => Entry "HKCR\CLSID\{43561C41-2AB2-11D2-8ADE-00609711C5FA}" refers to invalid object "blank". Action Taken: No Action Taken.
58: Mon Aug 15 18:36:44 2005 => Entry "HKCR\CLSID\{4421FEDE-A45D-11D3-9F7C-005004AE6818}" refers to invalid object "blank". Action Taken: No Action Taken.
59: Mon Aug 15 18:36:44 2005 => Entry "HKCR\CLSID\{4421FEE2-A45D-11D3-9F7C-005004AE6818}" refers to invalid object "blank". Action Taken: No Action Taken.
60: Mon Aug 15 18:36:44 2005 => Entry "HKCR\CLSID\{4421FEE3-A45D-11D3-9F7C-005004AE6818}" refers to invalid object "blank". Action Taken: No Action Taken.
61: Mon Aug 15 18:36:44 2005 => Entry "HKCR\CLSID\{4421FEE4-A45D-11D3-9F7C-005004AE6818}" refers to invalid object "blank". Action Taken: No Action Taken.
62: Mon Aug 15 18:36:44 2005 => Entry "HKCR\CLSID\{4602755D-95CA-11D3-95EA-0050043E7019}" refers to invalid object "blank". Action Taken: No Action Taken.
63: Mon Aug 15 18:36:44 2005 => Entry "HKCR\CLSID\{46816230-46E3-11D3-8D01-005004838617}" refers to invalid object "blank". Action Taken: No Action Taken.
64: Mon Aug 15 18:36:45 2005 => Entry "HKCR\CLSID\{4CA42B9F-C4F4-4572-BFA5-74C9CEC64D6C}" refers to invalid object "blank". Action Taken: No Action Taken.
65: Mon Aug 15 18:36:45 2005 => Entry "HKCR\CLSID\{4E0071CF-76DB-11D1-83E0-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
66: Mon Aug 15 18:36:45 2005 => Entry "HKCR\CLSID\{4E0071D1-76DB-11D1-83E0-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
67: Mon Aug 15 18:36:45 2005 => Entry "HKCR\CLSID\{4E0071D3-76DB-11D1-83E0-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
68: Mon Aug 15 18:36:45 2005 => Entry "HKCR\CLSID\{50315D77-C5EB-43D8-9BD8-D8ACC0D03AAE}" refers to invalid object "blank". Action Taken: No Action Taken.
69: Mon Aug 15 18:36:45 2005 => Entry "HKCR\CLSID\{5343BF7E-2FF6-4102-A311-826EB00846BB}" refers to invalid object "blank". Action Taken: No Action Taken.
70: Mon Aug 15 18:36:45 2005 => Entry "HKCR\CLSID\{53FB8F70-2D8E-11D5-ADE8-005004476A72}" refers to invalid object "blank". Action Taken: No Action Taken.
71: Mon Aug 15 18:36:45 2005 => Entry "HKCR\CLSID\{55190940-CDE3-4215-A378-1B6CB340E513}" refers to invalid object "blank". Action Taken: No Action Taken.
72: Mon Aug 15 18:36:45 2005 => Entry "HKCR\CLSID\{55CDBDF1-9978-11D1-83F7-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
73: Mon Aug 15 18:36:45 2005 => Entry "HKCR\CLSID\{55E9C1C3-436A-11D4-9189-005004493738}" refers to invalid object "blank". Action Taken: No Action Taken.
74: Mon Aug 15 18:36:45 2005 => Entry "HKCR\CLSID\{572649CE-7759-11D4-8FCA-00E029443205}" refers to invalid object "blank". Action Taken: No Action Taken.
75: Mon Aug 15 18:36:45 2005 => Entry "HKCR\CLSID\{572649D0-7759-11D4-8FCA-00E029443205}" refers to invalid object "blank". Action Taken: No Action Taken.
76: Mon Aug 15 18:36:46 2005 => Entry "HKCR\CLSID\{572649D2-7759-11D4-8FCA-00E029443205}" refers to invalid object "blank". Action Taken: No Action Taken.
77: Mon Aug 15 18:36:46 2005 => Entry "HKCR\CLSID\{59049080-EEE1-11D3-9F8B-005004AE6818}" refers to invalid object "blank". Action Taken: No Action Taken.
78: Mon Aug 15 18:36:46 2005 => Entry "HKCR\CLSID\{59977064-1051-11D4-B6A9-005004421F66}" refers to invalid object "blank". Action Taken: No Action Taken.
79: Mon Aug 15 18:36:46 2005 => Entry "HKCR\CLSID\{5A02E9C0-AE48-11d3-87A8-00104B484A18}" refers to invalid object "blank". Action Taken: No Action Taken.
80: Mon Aug 15 18:36:46 2005 => Entry "HKCR\CLSID\{5C2790B5-7261-11D2-8B43-00609711C5FA}" refers to invalid object "blank". Action Taken: No Action Taken.
81: Mon Aug 15 18:36:46 2005 => Entry "HKCR\CLSID\{5E6ADBC3-56D7-11D3-BA4C-00E0292E5812}" refers to invalid object "blank". Action Taken: No Action Taken.
82: Mon Aug 15 18:36:46 2005 => Entry "HKCR\CLSID\{6A3DC2E5-2F5A-11D5-B7FC-005004421F66}" refers to invalid object "blank". Action Taken: No Action Taken.
83: Mon Aug 15 18:36:47 2005 => Entry "HKCR\CLSID\{6EE00BAA-6746-11D3-93A9-0050043DB5D9}" refers to invalid object "blank". Action Taken: No Action Taken.
84: Mon Aug 15 18:36:47 2005 => Entry "HKCR\CLSID\{6EF15100-79DC-11D5-A6F5-0004760D5ED4}" refers to invalid object "blank". Action Taken: No Action Taken.
85: Mon Aug 15 18:36:47 2005 => Entry "HKCR\CLSID\{6FB54800-5492-11D3-9B83-00E0290CD0E3}" refers to invalid object "blank". Action Taken: No Action Taken.
86: Mon Aug 15 18:36:47 2005 => Entry "HKCR\CLSID\{73A16DAF-91FA-11D3-8E62-0060970AD60B}" refers to invalid object "blank". Action Taken: No Action Taken.
87: Mon Aug 15 18:36:47 2005 => Entry "HKCR\CLSID\{73A16DB3-91FA-11D3-8E62-0060970AD60B}" refers to invalid object "blank". Action Taken: No Action Taken.
88: Mon Aug 15 18:36:47 2005 => Entry "HKCR\CLSID\{73A16DB5-91FA-11D3-8E62-0060970AD60B}" refers to invalid object "blank". Action Taken: No Action Taken.
89: Mon Aug 15 18:36:47 2005 => Entry "HKCR\CLSID\{76317FB5-6F16-11D2-84B1-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
90: Mon Aug 15 18:36:47 2005 => Entry "HKCR\CLSID\{77E9A595-460F-11D5-ADFD-005004476A72}" refers to invalid object "blank". Action Taken: No Action Taken.
91: Mon Aug 15 18:36:47 2005 => Entry "HKCR\CLSID\{79780EA3-113A-11D4-ACAD-005004476A72}" refers to invalid object "blank". Action Taken: No Action Taken.
92: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{7D24C26B-0E37-4E21-BA4C-2F14117DDF35}" refers to invalid object "blank". Action Taken: No Action Taken.
93: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{7E2562BF-9E48-11D1-83FC-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
94: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{7F05D6DE-938E-11D4-9033-00E029373D62}" refers to invalid object "blank". Action Taken: No Action Taken.
95: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
96: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{859E0832-4733-11D2-8B0D-00609711C5FA}" refers to invalid object "blank". Action Taken: No Action Taken.
97: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
98: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{89354BA4-1FFA-11D4-ACBE-005004476A72}" refers to invalid object "blank". Action Taken: No Action Taken.
99: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{8A234800-F30B-11D2-A48B-00105AD93E9E}" refers to invalid object "blank". Action Taken: No Action Taken.
100: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{8AAEA7D4-5628-11D3-8E97-00104B48D0F6}" refers to invalid object "blank". Action Taken: No Action Taken.
101: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{8ADE63B6-45DA-11D4-918A-005004493738}" refers to invalid object "blank". Action Taken: No Action Taken.
102: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{8CD8F701-8ACF-11d3-BC90-00105AF65260}" refers to invalid object "blank". Action Taken: No Action Taken.
103: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{8CE16783-3385-11D3-8B47-0050040B11C1}" refers to invalid object "blank". Action Taken: No Action Taken.
104: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{8D4B52F4-003F-11D2-843F-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
105: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{8D7EC511-6305-11D4-9696-0050043E7019}" refers to invalid object "blank". Action Taken: No Action Taken.
106: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{8D7EC512-6305-11D4-9696-0050043E7019}" refers to invalid object "blank". Action Taken: No Action Taken.
107: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{8E207A4F-22B5-11D1-B21C-0000C0275AC8}" refers to invalid object "blank". Action Taken: No Action Taken.
108: Mon Aug 15 18:36:48 2005 => Entry "HKCR\CLSID\{8E207A62-22B5-11D1-B21C-0000C0275AC8}" refers to invalid object "blank". Action Taken: No Action Taken.
109: Mon Aug 15 18:36:49 2005 => Entry "HKCR\CLSID\{90E03198-1E34-11D3-8706-00104B484A18}" refers to invalid object "blank". Action Taken: No Action Taken.
110: Mon Aug 15 18:36:49 2005 => Entry "HKCR\CLSID\{91D1B6A5-83DE-11D4-B740-005004421F66}" refers to invalid object "blank". Action Taken: No Action Taken.
111: Mon Aug 15 18:36:50 2005 => Entry "HKCR\CLSID\{9F38E2C5-0FE9-11D2-8449-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
112: Mon Aug 15 18:36:50 2005 => Entry "HKCR\CLSID\{9F594F54-DE5A-11D1-BEEF-0020AFC9B1C6}" refers to invalid object "blank". Action Taken: No Action Taken.
113: Mon Aug 15 18:36:50 2005 => Entry "HKCR\CLSID\{9F594F78-DE5A-11D1-BEEF-0020AFC9B1C6}" refers to invalid object "blank". Action Taken: No Action Taken.
114: Mon Aug 15 18:36:50 2005 => Entry "HKCR\CLSID\{A2A8D5B4-106A-11D4-B6A9-005004421F66}" refers to invalid object "blank". Action Taken: No Action Taken.
115: Mon Aug 15 18:36:50 2005 => Entry "HKCR\CLSID\{A43B2283-4656-479F-8ED6-064FF4D1654F}" refers to invalid object "blank". Action Taken: No Action Taken.
116: Mon Aug 15 18:36:50 2005 => Entry "HKCR\CLSID\{A9398344-4321-11D3-8C84-00609711C5FA}" refers to invalid object "blank". Action Taken: No Action Taken.
117: Mon Aug 15 18:36:50 2005 => Entry "HKCR\CLSID\{A9933295-D264-11D3-9100-005004493738}" refers to invalid object "blank". Action Taken: No Action Taken.
118: Mon Aug 15 18:36:50 2005 => Entry "HKCR\CLSID\{AB3D1B01-B467-11D3-A12F-00500449374C}" refers to invalid object "blank". Action Taken: No Action Taken.
119: Mon Aug 15 18:36:50 2005 => Entry "HKCR\CLSID\{B0C5B0E4-DE15-42C1-8106-46CEDA736EC6}" refers to invalid object "blank". Action Taken: No Action Taken.
120: Mon Aug 15 18:36:50 2005 => Entry "HKCR\CLSID\{B0DD06C6-51DC-11D5-B82B-005004421F66}" refers to invalid object "blank". Action Taken: No Action Taken.
121: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{B491A415-7239-11D2-84B2-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
122: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{B491A417-7239-11D2-84B2-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
123: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{B75BF6C1-E8FC-11d3-87DF-00104B484A18}" refers to invalid object "blank". Action Taken: No Action Taken.
124: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BA20FC3F-433A-11D3-BA2E-00E0292E5812}" refers to invalid object "blank". Action Taken: No Action Taken.
125: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BACFAC0D-19E3-11D5-975B-0004760D5ED5}" refers to invalid object "blank". Action Taken: No Action Taken.
126: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BB838652-8918-11D2-867A-00104B484A18}" refers to invalid object "blank". Action Taken: No Action Taken.
127: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BBFFCF34-2D0E-11D2-8462-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
128: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BC5F1E50-5110-11D1-AFF5-006097C9A284}" refers to invalid object "blank". Action Taken: No Action Taken.
129: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BC5F1E51-5110-11D1-AFF5-006097C9A284}" refers to invalid object "blank". Action Taken: No Action Taken.
130: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BC5F1E53-5110-11D1-AFF5-006097C9A284}" refers to invalid object "blank". Action Taken: No Action Taken.
131: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADE3E-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
132: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADE3F-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
133: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADE40-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
134: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADE42-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
135: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADE43-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
136: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADE98-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
137: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADE9E-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
138: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADEB3-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
139: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADEB4-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
140: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADEB5-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
141: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADEB7-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
142: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADEB8-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
143: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADEDA-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
144: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADEDB-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
145: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADEDC-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
146: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADEDD-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
147: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADEDE-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
148: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADEE0-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
149: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{BDEADEF2-C265-11D0-BCED-00A0C90AB50F}" refers to invalid object "blank". Action Taken: No Action Taken.
150: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{C0031FA2-1F9B-11D2-8A05-0020AFD4AC22}" refers to invalid object "blank". Action Taken: No Action Taken.
151: Mon Aug 15 18:36:51 2005 => Entry "HKCR\CLSID\{C0E4F3B3-0FAF-11D4-B6A8-005004421F66}" refers to invalid object "blank". Action Taken: No Action Taken.
152: Mon Aug 15 18:36:52 2005 => Entry "HKCR\CLSID\{C3EB0394-1F58-11D5-A318-000102B168A8}" refers to invalid object "blank". Action Taken: No Action Taken.
153: Mon Aug 15 18:36:52 2005 => Entry "HKCR\CLSID\{C74986A4-D255-11D3-9100-005004493738}" refers to invalid object "blank". Action Taken: No Action Taken.
154: Mon Aug 15 18:36:52 2005 => Entry "HKCR\CLSID\{C9EFBB91-0E83-11D3-8E4E-00104B48D0F6}" refers to invalid object "blank". Action Taken: No Action Taken.
155: Mon Aug 15 18:36:52 2005 => Entry "HKCR\CLSID\{CC3D0210-9655-11d3-BA86-0000F80855E6}" refers to invalid object "blank". Action Taken: No Action Taken.
156: Mon Aug 15 18:36:52 2005 => Entry "HKCR\CLSID\{CC5BE085-1050-11D3-854F-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
157: Mon Aug 15 18:36:52 2005 => Entry "HKCR\CLSID\{CE098491-E8FF-11d3-87DF-00104B484A18}" refers to invalid object "blank". Action Taken: No Action Taken.
158: Mon Aug 15 18:36:53 2005 => Entry "HKCR\CLSID\{D058BFC5-55D4-11D3-9A62-00C04F8EFB70}" refers to invalid object "blank". Action Taken: No Action Taken.
159: Mon Aug 15 18:36:53 2005 => Entry "HKCR\CLSID\{D058BFC9-55D4-11D3-9A62-00C04F8EFB70}" refers to invalid object "blank". Action Taken: No Action Taken.
160: Mon Aug 15 18:36:53 2005 => Entry "HKCR\CLSID\{D6F14043-D000-11D3-90FF-005004493738}" refers to invalid object "blank". Action Taken: No Action Taken.
161: Mon Aug 15 18:36:53 2005 => Entry "HKCR\CLSID\{D79E1865-C771-11D4-96F5-0050043E7019}" refers to invalid object "blank". Action Taken: No Action Taken.
162: Mon Aug 15 18:36:53 2005 => Entry "HKCR\CLSID\{D79E1866-C771-11D4-96F5-0050043E7019}" refers to invalid object "blank". Action Taken: No Action Taken.
163: Mon Aug 15 18:36:53 2005 => Entry "HKCR\CLSID\{D79E1867-C771-11D4-96F5-0050043E7019}" refers to invalid object "blank". Action Taken: No Action Taken.
164: Mon Aug 15 18:36:53 2005 => Entry "HKCR\CLSID\{D8F98CD4-445F-11D5-ADFB-005004476A72}" refers to invalid object "blank". Action Taken: No Action Taken.
165: Mon Aug 15 18:36:53 2005 => Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
166: Mon Aug 15 18:36:53 2005 => Entry "HKCR\CLSID\{DAA34572-162D-11D2-89FE-0020AFD4AC22}" refers to invalid object "blank". Action Taken: No Action Taken.
167: Mon Aug 15 18:36:53 2005 => Entry "HKCR\CLSID\{DBAAA4E1-AD49-42BD-8B2C-B47C6FA50CB8}" refers to invalid object "blank". Action Taken: No Action Taken.
168: Mon Aug 15 18:36:53 2005 => Entry "HKCR\CLSID\{DC322D40-A8AE-11d3-87A2-00104B484A18}" refers to invalid object "blank". Action Taken: No Action Taken.
169: Mon Aug 15 18:36:53 2005 => Entry "HKCR\CLSID\{DE2DC820-F046-11D4-A2D1-000102B168A8}" refers to invalid object "blank". Action Taken: No Action Taken.
170: Mon Aug 15 18:36:53 2005 => Entry "HKCR\CLSID\{E1B9C765-6CC0-11D2-865A-00104B484A18}" refers to invalid object "blank". Action Taken: No Action Taken.
171: Mon Aug 15 18:36:54 2005 => Entry "HKCR\CLSID\{E5B01F65-D004-11D3-90FF-005004493738}" refers to invalid object "blank". Action Taken: No Action Taken.
172: Mon Aug 15 18:36:54 2005 => Entry "HKCR\CLSID\{E9EBE174-2209-11D2-8A0A-0020AFD4AC22}" refers to invalid object "blank". Action Taken: No Action Taken.
173: Mon Aug 15 18:36:54 2005 => Entry "HKCR\CLSID\{EA99D39C-1C3A-11D5-975C-0004760D5ED5}" refers to invalid object "blank". Action Taken: No Action Taken.
174: Mon Aug 15 18:36:54 2005 => Entry "HKCR\CLSID\{EAB99CC2-077C-11D3-8AD5-0050040B11C1}" refers to invalid object "blank". Action Taken: No Action Taken.
175: Mon Aug 15 18:36:54 2005 => Entry "HKCR\CLSID\{EC484C48-D8F9-11D3-8D33-0050048385D4}" refers to invalid object "blank". Action Taken: No Action Taken.
176: Mon Aug 15 18:36:54 2005 => Entry "HKCR\CLSID\{ECC46477-D3A4-11D1-842F-00A024830414}" refers to invalid object "blank". Action Taken: No Action Taken.
177: Mon Aug 15 18:36:54 2005 => Entry "HKCR\CLSID\{EDA581F1-0EB8-11D3-8E4E-00104B48D0F6}" refers to invalid object "blank". Action Taken: No Action Taken.
178: Mon Aug 15 18:36:54 2005 => Entry "HKCR\CLSID\{EDA581F3-0EB8-11D3-8E4E-00104B48D0F6}" refers to invalid object "blank". Action Taken: No Action Taken.
179: Mon Aug 15 18:36:54 2005 => Entry "HKCR\CLSID\{EE87426D-B841-47CD-9F97-A62F70F10C96}" refers to invalid object "blank". Action Taken: No Action Taken.
180: Mon Aug 15 18:36:54 2005 => Entry "HKCR\CLSID\{F047B8E4-D84C-11D1-8A91-00609711C5FA}" refers to invalid object "blank". Action Taken: No Action Taken.
181: Mon Aug 15 18:36:54 2005 => Entry "HKCR\CLSID\{F12F0293-4866-11D5-ADFE-005004476A72}" refers to invalid object "blank". Action Taken: No Action Taken.
182: Mon Aug 15 18:36:54 2005 => Entry "HKCR\CLSID\{F27CE930-4CA3-11D1-AFF2-006097C9A284}" refers to invalid object "blank". Action Taken: No Action Taken.
183: Mon Aug 15 18:36:54 2005 => Entry "HKCR\CLSID\{F3A5F83D-70EB-4CF6-8254-F45028EE83A9}" refers to invalid object "blank". Action Taken: No Action Taken.
184: Mon Aug 15 18:36:55 2005 => Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
185: Mon Aug 15 18:36:55 2005 => Entry "HKCR\CLSID\{F53731A5-0FB4-11D4-B6A8-005004421F66}" refers to invalid object "blank". Action Taken: No Action Taken.
186: Mon Aug 15 18:36:55 2005 => Entry "HKCR\CLSID\{F8994575-1243-11D5-ADCF-005004476A72}" refers to invalid object "blank". Action Taken: No Action Taken.
187: Mon Aug 15 18:36:55 2005 => Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
188: Mon Aug 15 18:36:55 2005 => Entry "HKCR\CLSID\{FC2AAD0F-D03A-453b-91A6-77CADEE26282}" refers to invalid object "blank". Action Taken: No Action Taken.
189: Mon Aug 15 18:36:55 2005 => Entry "HKCR\CLSID\{FDA3E631-C99E-11d3-87BB-00104B484A18}" refers to invalid object "blank". Action Taken: No Action Taken.
190: Mon Aug 15 18:36:55 2005 => Entry "HKCR\CLSID\{FF9A4CCF-5C79-11D4-968D-0050043E7019}" refers to invalid object "blank". Action Taken: No Action Taken.
191: Mon Aug 15 18:36:58 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
192: Mon Aug 15 18:36:58 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
193: Mon Aug 15 18:36:58 2005 => Entry "HKCR\Automatische Zuordnung.Map.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
194: Mon Aug 15 18:36:58 2005 => Entry "HKCR\Automatische Zuordnung.Template.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
195: Mon Aug 15 18:37:09 2005 => Entry "HKCR\RealDownloadExpress.InfoWindow" refers to invalid object "{56336BCA-3D8A-11d6-A00B-0050DA18DE71}". Action Taken: No Action Taken.
196: Mon Aug 15 18:37:09 2005 => Entry "HKCR\RealDownloadExpress.InfoWindow.1" refers to invalid object "{56336BCA-3D8A-11d6-A00B-0050DA18DE71}". Action Taken: No Action Taken.
197: Mon Aug 15 18:37:09 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
198: Mon Aug 15 18:37:09 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
199: Mon Aug 15 18:40:04 2005 => ERROR!!! MS_ScanAndClean return ffffffff
200: Mon Aug 15 18:40:04 2005 => ERROR!!! ScanFile fails for C:\DOKUME~1\eberhard\LOKALE~1\Temp\Temporary Internet Files\~28985..tmp\~28985..tmp\Type=click&FlightID=98642&AdID=234251&TargetID=40254&Segments=6,7,348,396,1737,1739,2093,2099,2104,2325,3232,3759,4001,4063,4873,5230,5269,5728,7706,8966,9254,9884,10956[1].htm
201: Mon Aug 15 18:42:55 2005 => ERROR!!! MS_ScanAndClean return ffffffff
202: Mon Aug 15 18:42:55 2005 => ERROR!!! ScanFile fails for C:\Dokumente und Einstellungen\eberhard\Lokale Einstellungen\Temp\Temporary Internet Files\~28985..tmp\~28985..tmp\Type=click&FlightID=98642&AdID=234251&TargetID=40254&Segments=6,7,348,396,1737,1739,2093,2099,2104,2325,3232,3759,4001,4063,4873,5230,5269,5728,7

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\System Volume Information\_restore{BA671CE2-35CE-4E1A-8BF0-F5F3A9D000F9}\RP801\A0123723.exe => not-virus:BadJoke.Win32.Delf.m
2: C:\System Volume Information\_restore{BA671CE2-35CE-4E1A-8BF0-F5F3A9D000F9}\RP801\A0123724.exe => Trojan.Win32.Dialer.e

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Mon Aug 15 19:36:09 2005 => Total Objects Scanned: 69433
Mon Aug 15 19:36:09 2005 => Total Virus(es) Found: 7
Mon Aug 15 19:36:09 2005 => Total Errors: 200
Mon Aug 15 19:36:09 2005 => Virus Database Date: 2005/08/09
Mon Aug 15 19:36:09 2005 => Virus Database Count: 142843
Mon Aug 15 19:39:30 2005 => Total Objects Scanned: 69433
Mon Aug 15 19:39:30 2005 => Total Virus(es) Found: 7
Mon Aug 15 19:39:30 2005 => Total Errors: 200

15.08.2005, 23:17

Gool

Member

Beiträge: 4730

#6 Start -> Systemsteuerung -> System -> Systemwiederherstellung -> Systemwiederherstellung deaktivieren -> Übernehmen -> Systemwiederherstellung wieder aktivieren (und ggf. die Größe des dafür zugeordneten Speichers korrigieren - mehr als 1GB braucht Windows auf jeden Fall nicht zu bekommen).

Lösche ggf. noch C:\Ingrid\spiele\FroggiesSetup-dm.exe

Und scanne Deinen PC mit Spybot S&D (vor dem Scan das Programm updaten!).

Den Trojaner hast Du aber definitiv nicht drauf. Ich denke mal, Norton hat Dich davor bewahrt

Und in Zukunft genau überlegen, wo Du drauf klickst.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

16.08.2005, 20:34

Manja

...neu hier

Themenstarter

Beiträge: 5

#7 hallo managor,
habe file gelöscht und scan laufen lassen - alles okay.

ich hatte mich schon mit dem virus infiziert, aber ich habe bevor ich ins board gegangen bin, schon selbst reinigungsaktionen durchgeführt, die offenbar erfolgreich waren.

ich wollte mich nur noch einmal vergewissern, ob mein PC wirklich "clean" ist.

vielen dank für eure unterstützung.
manja

16.08.2005, 20:56

Gool

Member

Beiträge: 4730

#8 Prüfe nach, ob die folgenden Dateien da sind. Wenn ja, löschen!

c:\windows\system32\winldr.ini
c:\windows\system32\dllsys.dll
c:\windows\url.dat
c:\windows\cmdid.dat
c:\windows\netdx.dat

und nachschauen, ob in der hosts-Date (unter c:\windows\system32\drivers\etc\) nur de folgende Zeile steht:

127.0.0.1 localhost

falls da mehr Einträge sind (bspw. 127.0.0.1 symantec.com) lösche diese Zeilen!

Nachtrag: ggf. hat Spybot S&D selbst ein paar Einträge hinzugefügt. Die befinden sich zwischen
# start of entries inserted by spybot - search & destroy

und

# this list is copyright 2000-2004 patrick m. kolla / safer networking limited
# end of entries inserted by spybot - search & destroy

Das kannst Du stehen lassen.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

Dieser Beitrag wurde am 16.08.2005 um 21:01 Uhr von Managor editiert.

17.08.2005, 00:06

Manja

...neu hier

Themenstarter

Beiträge: 5

#9 also, die oben erwähnten dateien waren alle nicht vorhanden.

unter windows\system32\drivers\etc\ gibt es bei mir mehrere dateien:

hosts
imhosts
networks
protocoll
services

ich habe mir die mal mit eigenschaften anzeigen lassen und die wurden alle am
1. juli 2002 erstellt.

ist das okay?

17.08.2005, 00:53

Gool

Member

Beiträge: 4730

#10 Ja. Diese Dateien sind wichtig und dürfen nicht gelöscht werden.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1