Trojaner TR/Swizzor.GFThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
28.08.2005, 19:56
Member
Themenstarter Beiträge: 16 |
||
|
||
30.08.2005, 23:07
...neu hier
Beiträge: 8 |
#32
Hallo!
Bin total verzweifelt. Mich hat ebenfalls dieser Trojaner befallen und ich bekomme das Teil ebenfalls nicht weg. Habe AntiVir mehrmals durchlaufen lassen und er findet nach dem löschen den Trojaner trotzdem immer wieder. Habe AntiVir auch im Abgesicherten Modus durchlaufen lassen, hat ebenfalls nichtsgebracht. Hier meine HighjackThis-Logfile. Hoffentlich könnt ihr mir auch helfen!!! Logfile of HijackThis v1.99.1 Scan saved at 23:10:16, on 30.08.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\mHotkey.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\tppaldr.exe C:\Programme\ICQLite\ICQLite.exe C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\Programme\QuickTime\qttask.exe C:\Programme\Winamp\winampa.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Programme\Sitecom\Sitecom WLAN\WLANUTL.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\cisvc.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\msiexec.exe C:\Dokumente und Einstellungen\Kunde\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msn.de/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {6291957C-8CE9-4c90-BEFF-12D9E68CFF30} - C:\Programme\MoreGoogle\MoreGoogle.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: Verknüpfung mit Erinnerungen.lnk = C:\Dokumente und Einstellungen\Kunde\Desktop\Erinnerungen.txt O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Service Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Sitecom WLAN Client Utility.lnk = ? O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0D481E1F-8C04-4E38-AEF2-3B280A6BFCFE} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0D481E1F-8C04-4E38-AEF2-3B280A6BFCFE} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O15 - Trusted Zone: www.chip.de O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing) |
|
|
||
30.08.2005, 23:17
Ehrenmitglied
Beiträge: 29434 |
#33
Hallo@Jannus
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren + Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten O2 - BHO: (no name) - {6291957C-8CE9-4c90-BEFF-12D9E68CFF30} - C:\Programme\MoreGoogle\MoreGoogle.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file) PC neustarten C:\Programme\MoreGoogle deinstallieren CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html escan (scannen und alles posten, bitte ) http://virus-protect.org/escan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
31.08.2005, 00:16
...neu hier
Beiträge: 8 |
#34
Hallo! Habe alles so gemacht, bis auf eScan. Das Programm sagt "Download-Seite nicht gefunden. Aktionen werden abgebrochen" oder "KAVUpd.exe nicht gefunden". Woran liegt das? Vielen Dank schon jetzt für deine Hilfe!
|
|
|
||
31.08.2005, 00:28
Ehrenmitglied
Beiträge: 29434 |
#35
Alternativ-Download: MicroWorld FREE AntiVirus Toolkit Utility /kein automatisches Löschen der infizierten Datein,es ist nur ein Erkennungstool
Nach dem Download, muss das Archiv mittels WinRAR entpackt werden. http://www.mwti.net/antivirus/free_utilities.asp __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
31.08.2005, 17:27
...neu hier
Beiträge: 8 |
#36
Hallo! Die komplette LogFile von Microworld AntiVirus & Spyware Tolkit Utility wäre 21.5 MB groß. Ist das normal? Hier ist die Logfile von den Meldungen, ich hoffe das hilft weiter!
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "StyleXP Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Limewire Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe\Photoshop Album\Kataloge\My Catalog.psa". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ICSI.exe" refers to invalid object "C:\Programme\ICSI\Multi-Card Reader & Flash Disk\ICSI.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe" refers to invalid object "C:\Programme\EA GAMES\Battlefield Vietnam\YourApp.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PrintMe Internet Printing\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\InstantCDDVD\Projects\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\InstantCDDVD\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\InstantCDDVD\Labels\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Pinnacle\InstantCDDVD\InstantAudio\Group\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Pinnacle Expression\Captured Video\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Pinnacle Expression\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\DOKUME~1\Besitzer\LOKALE~1\Temp\SqlSetup\Temp\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\DOKUME~1\Besitzer\LOKALE~1\Temp\SqlSetup\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Common Client\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton Internet Security\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton Internet Security\Norton AntiVirus\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".000". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".002". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dnl". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".hex". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mpga". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PQI". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sdp". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ssm". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xpl". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AdSupport_153". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Connectivity Services". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810243". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB820291". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821253". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825116". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB832418". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833998". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837272". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveReg". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveUpdate". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.0)". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.0.1)". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.0.2)". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q322011". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331695". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331958". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815485". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{026873C3-DBAD-488F-A8D4-1379EE0CA8AB}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{34957B51-9676-41CE-9E52-44AE91B73F1C}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{457791C5-D702-4143-A7B2-2744BE9573F2}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{64FC0C98-B035-4530-B15D-3D30610B6DF1}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1031-7646-000000000001}". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0006F03A-0000-0000-C000-000000000046}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\ScrBlock.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{000F6D87-05DD-11D4-B451-002018521F9B}" refers to invalid object "C:\Programme\HTML-Kit\Bin\HTMLKit.exe /Automation". Action Taken: No Action Taken. Entry "HKCR\CLSID\{00e0313F-8627-45db-863d-fd41083c3d32}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken. Entry "HKCR\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}" refers to invalid object "C:\Programme\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{14DB4DBD-FB4A-458e-8699-F9EB4BDAFEBC}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken. Entry "HKCR\CLSID\{19038319-D799-4819-94C0-1A115A590BF8}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken. Entry "HKCR\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}" refers to invalid object "C:\Programme\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{1B1AB619-0961-11D4-87D8-00104B33150F}" refers to invalid object "C:\Programme\PowerArchiver\DZGTACTX.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{1B1AB61C-0961-11D4-87D8-00104B33150F}" refers to invalid object "C:\Programme\PowerArchiver\DZGTACTX.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{225789FB-CCA8-11D2-A719-0060B0B41584}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken. Entry "HKCR\CLSID\{5AE27C1B-171A-4CF3-8693-EEA47C577614}" refers to invalid object "C:\Programme\Namo\WebEditor 6 Trial\bin\NamoUtil.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{5C4C8078-24CF-4c71-B05E-8B1D935DB5AC}" refers to invalid object "C:\Programme\MSN Messenger\msnmsgr.exe". Action Taken: No Action Taken. Entry "HKCR\CLSID\{602DB47D-DFE2-4553-8C54-0522A9DC74AC}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken. Entry "HKCR\CLSID\{752B9690-7A0B-4c67-8A09-AE3885CFCDF4}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken. Entry "HKCR\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}" refers to invalid object "C:\Programme\AOL 9.0\axtrack.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{762DAFB9-15BD-4b41-B919-F3D5023D1E78}" refers to invalid object "C:\Programme\MSN Messenger\msnmsgr.exe". Action Taken: No Action Taken. Entry "HKCR\CLSID\{79498D83-FEFE-4e36-8B7E-E9CF79F010B0}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken. Entry "HKCR\CLSID\{7BD901A3-39BA-419b-AF57-EAA3145420DF}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken. Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{8FC6A820-6BFC-11d6-A10D-0010A49A288A}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken. Entry "HKCR\CLSID\{9482BC28-EAA5-4b6e-82E9-C6832320936E}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken. Entry "HKCR\CLSID\{9BC1DF15-0290-11D5-BD0E-00C04F0E0588}" refers to invalid object "C:\Programme\CA\eTrust Antivirus\OemComNA.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A1D4C083-9DC1-11D3-A0E5-EE8CC3DFDF35}" refers to invalid object "G:\TOOLS\Winflash\WinFlash.exe". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A3E84F97-4A68-4e42-9976-DA8DF946B571}" refers to invalid object "C:\Programme\MSN Messenger\msnmsgr.exe". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A4D78B20-6E05-1069-8758-4E73FD83DEAD}" refers to invalid object "dropcpyr.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{AC44023F-D183-4397-9D02-27D34F120CB2}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken. Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken. Entry "HKCR\CLSID\{BB4AEB43-D0AB-11D2-A719-0060B0B41584}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken. Entry "HKCR\CLSID\{BBDA76FB-B05C-4A30-8E75-A96499A840D1}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C689CA08-726F-4676-8876-99F163685B32}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C8A7FDAD-94D1-4da6-8D95-75888FB12DD4}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken. Entry "HKCR\CLSID\{CF6C0D98-B3D9-475e-A0A0-9478000FE0B7}" refers to invalid object "C:\Programme\Namo\WebEditor 6 Trial\bin\NamoWEMIME.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{DCED20BE-3645-11D4-BC95-00C04F0E0588}" refers to invalid object "C:\Programme\CA\eTrust Antivirus\InoShell.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{E1E1BDF0-2B5F-11D4-B6BC-00902766C0E3}" refers to invalid object "C:\Programme\Corel\CorelDRAW ESSENTIALS 2\PROGRAMS\CorelDRAW110.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{E3393F8F-B0C2-4103-A9E6-E0EB74645770}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{000F6D84-05DD-11D4-B451-002018521F9B}" refers to invalid object "C:\Programme\HTML-Kit\Bin\HTMLKit.exe". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{1B1AB603-0961-11D4-87D8-00104B33150F}" refers to invalid object "C:\Programme\PowerArchiver\DZGTACTX.DLL". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{443D4EEA-F15D-4F52-A2D4-3AA6FB2D52DE}" refers to invalid object "C:\Programme\Namo\WebEditor 6 Trial\bin\NamoUtil.dll". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{51F9241C-CB5F-408E-8FE9-82889CC77B13}" refers to invalid object "C:\DOKUME~1\Kunde\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{834CC82A-7677-42C1-9F93-90BBFA6CF197}" refers to invalid object "C:\DOKUME~1\Kunde\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{D5F0F0BA-BC69-446E-9EB1-4F2333651740}" refers to invalid object "C:\DOKUME~1\Kunde\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}" refers to invalid object "C:\Programme\NetPumper\NetPumperNNProxy.dll". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{FD2A6709-9AC7-468E-8E5E-357809376B76}" refers to invalid object "C:\Programme\Namo\WebEditor 6 Trial\bin\NamoWEMIME.dll". Action Taken: No Action Taken. Entry "HKCR\.001" refers to invalid object "PARAR". Action Taken: No Action Taken. Entry "HKCR\.psp" refers to invalid object "PaintShopPro8.Image". Action Taken: No Action Taken. Entry "HKCR\.sdp" refers to invalid object "soffice.StarStorageDocument.5". Action Taken: No Action Taken. Entry "HKCR\.tub" refers to invalid object "PaintShopPro8.PictureTube". Action Taken: No Action Taken. Entry "HKCR\.xpi" refers to invalid object "PAZIP". Action Taken: No Action Taken. Entry "HKCR\ABUI.ABUI.1" refers to invalid object "{61E15DE7-D229-4eb3-A460-40DCDDA60DA7}". Action Taken: No Action Taken. Entry "HKCR\AccAOL.AccessAOL" refers to invalid object "{1B28020D-9DE7-11D4-A2D4-001083025146}". Action Taken: No Action Taken. Entry "HKCR\AccAOL.AccessAOL.1" refers to invalid object "{1B28020D-9DE7-11D4-A2D4-001083025146}". Action Taken: No Action Taken. Entry "HKCR\ACHtmfu.HtmlFunctions" refers to invalid object "{756A2CB8-EC02-4DC8-8588-296C611A5365}". Action Taken: No Action Taken. Entry "HKCR\ACHtmfu.HtmlFunctions.1" refers to invalid object "{756A2CB8-EC02-4DC8-8588-296C611A5365}". Action Taken: No Action Taken. Entry "HKCR\air2mp3.Document\shell\open\command" refers to invalid object "C:\PROGRA~1\air2mp3\air2mp3.exe "%1"". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\AOL.MemExpWz" refers to invalid object "{18477169-4752-41DC-AB0F-C50EBA75641D}". Action Taken: No Action Taken. Entry "HKCR\AOL.MemExpWz.1" refers to invalid object "{18477169-4752-41DC-AB0F-C50EBA75641D}". Action Taken: No Action Taken. Entry "HKCR\AOL.MimeController" refers to invalid object "{E9DD2392-EF9B-4963-BEDF-F86C0A2B762A}". Action Taken: No Action Taken. Entry "HKCR\AOL.MimeController.1" refers to invalid object "{E9DD2392-EF9B-4963-BEDF-F86C0A2B762A}". Action Taken: No Action Taken. Entry "HKCR\AOL.PicDownloadCtrl" refers to invalid object "{D670D0B3-05AB-4115-9F87-D983EF1AC747}". Action Taken: No Action Taken. Entry "HKCR\AOL.PicDownloadCtrl.1" refers to invalid object "{D670D0B3-05AB-4115-9F87-D983EF1AC747}". Action Taken: No Action Taken. Entry "HKCR\AOL.PicEditCtrl" refers to invalid object "{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}". Action Taken: No Action Taken. Entry "HKCR\AOL.PicEditCtrl.1" refers to invalid object "{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}". Action Taken: No Action Taken. Entry "HKCR\AOL.PicSsvrCtrl" refers to invalid object "{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}". Action Taken: No Action Taken. Entry "HKCR\AOL.PicSsvrCtrl.1" refers to invalid object "{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}". Action Taken: No Action Taken. Entry "HKCR\AOL.UPFCtrl" refers to invalid object "{98BFD494-F6AD-4794-9038-832C0654CC43}". Action Taken: No Action Taken. Entry "HKCR\AOL.UPFCtrl.1" refers to invalid object "{98BFD494-F6AD-4794-9038-832C0654CC43}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACCalendarDCtrl" refers to invalid object "{63435828-E10D-42d5-8859-C94796B7C22D}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACCalendarDCtrl.4" refers to invalid object "{63435828-E10D-42d5-8859-C94796B7C22D}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACCalendarListCtrl" refers to invalid object "{A8ABE123-FAC4-41c1-ABA3-051B6F112B83}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACCalendarListCtrl.5" refers to invalid object "{A8ABE123-FAC4-41c1-ABA3-051B6F112B83}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACDayBoxViewCtrl" refers to invalid object "{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACDayBoxViewCtrl.5" refers to invalid object "{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACDictionary" refers to invalid object "{9F62797E-1249-4596-9FF7-AC6D851A542A}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACDictionary.5" refers to invalid object "{9F62797E-1249-4596-9FF7-AC6D851A542A}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACEventConflictCtrl" refers to invalid object "{B3E7BCF9-05C8-4233-BA88-37FDA4AD3147}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACEventConflictCtrl.5" refers to invalid object "{B3E7BCF9-05C8-4233-BA88-37FDA4AD3147}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACMonthViewCtrl" refers to invalid object "{0FE9096F-7F7A-4e40-857C-E48A53440DFE}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACMonthViewCtrl.5" refers to invalid object "{0FE9096F-7F7A-4e40-857C-E48A53440DFE}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACMPickerCtrl" refers to invalid object "{DA3C177A-D1DA-47f2-BBF0-E9710CA7253F}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACMPickerCtrl.5" refers to invalid object "{DA3C177A-D1DA-47f2-BBF0-E9710CA7253F}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACToolBarCtrl" refers to invalid object "{F4F30C01-A7B4-492e-943E-58A7CF2D9DD6}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACToolBarCtrl.5" refers to invalid object "{F4F30C01-A7B4-492e-943E-58A7CF2D9DD6}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACTopToolBarCtrl" refers to invalid object "{09E6F477-C3C3-4636-8BFD-2DDB36147FEC}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACTopToolBarCtrl.5" refers to invalid object "{09E6F477-C3C3-4636-8BFD-2DDB36147FEC}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACWebDlgHelper" refers to invalid object "{6AD3B5BD-9A96-4ca2-9455-2034D05EB134}". Action Taken: No Action Taken. Entry "HKCR\AolCalSvr.ACWebDlgHelper.5" refers to invalid object "{6AD3B5BD-9A96-4ca2-9455-2034D05EB134}". Action Taken: No Action Taken. Entry "HKCR\AOLCoach.TrainerOCXCtrl.10" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken. Entry "HKCR\Ares.AresPlayer" refers to invalid object "{4E97BE17-3300-4A4F-B380-5988DD771F1F}". Action Taken: No Action Taken. Entry "HKCR\Ares.AresPlayer.1" refers to invalid object "{4E97BE17-3300-4A4F-B380-5988DD771F1F}". Action Taken: No Action Taken. Entry "HKCR\ATLPlugin.ATL3DPage_d2.1" refers to invalid object "{cc10ddda-2452-4598-a6c4-f9f2f0b6a758 }". Action Taken: No Action Taken. Entry "HKCR\AxTrack" refers to invalid object "{5145942E-41DF-4658-B7C4-089F48E84A75}". Action Taken: No Action Taken. Entry "HKCR\AxTrack.CoAxTrack" refers to invalid object "{B9F3009B-976B-41C4-A992-229DCCF3367C}". Action Taken: No Action Taken. Entry "HKCR\AxTrack.CoAxTrack.1" refers to invalid object "{B9F3009B-976B-41C4-A992-229DCCF3367C}". Action Taken: No Action Taken. Entry "HKCR\AxTrack.CoAxTrackMk" refers to invalid object "{5145942E-41DF-4658-B7C4-089F48E84A75}". Action Taken: No Action Taken. Entry "HKCR\AxTrack.CoAxTrackMk.1" refers to invalid object "{5145942E-41DF-4658-B7C4-089F48E84A75}". Action Taken: No Action Taken. Entry "HKCR\CDDBControl.CddbTrackManager" refers to invalid object "{00014C0D-B007-4448-B89B-4EC3E857961D}". Action Taken: No Action Taken. Entry "HKCR\CDDBControl.CddbTrackManager.1" refers to invalid object "{00014C0D-B007-4448-B89B-4EC3E857961D}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CDDBAOLControl.1" refers to invalid object "{229b78d5-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CDDBControl" refers to invalid object "{229b78d5-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbCredit" refers to invalid object "{229b78e2-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbCredit.1" refers to invalid object "{229b78e2-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbDisc" refers to invalid object "{229b78d5-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbDisc.1" refers to invalid object "{229b78d5-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbFullName.1" refers to invalid object "{229b78e1-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbID3Tag" refers to invalid object "{bc8a96c6-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbID3Tag.1" refers to invalid object "{bc8a96c6-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbID3TagManager" refers to invalid object "{bc8a96c5-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbID3TagManager.1" refers to invalid object "{bc8a96c5-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbInfoWindow" refers to invalid object "{bc8a96c7-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbInfoWindow.1" refers to invalid object "{bc8a96c7-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbSegment" refers to invalid object "{229b78df-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbSegment.1" refers to invalid object "{229b78df-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbUIOptions" refers to invalid object "{bc8a96c8-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbUIOptions.1" refers to invalid object "{bc8a96c8-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbURL" refers to invalid object "{229b78e0-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbURL.1" refers to invalid object "{229b78e0-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbURLManager" refers to invalid object "{bc8a96c4-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.CddbURLManager.1" refers to invalid object "{bc8a96c4-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlAOL.FullName" refers to invalid object "{229b78e1-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken. Entry "HKCR\Cerberus.CerberusCDPlayer" refers to invalid object "{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}". Action Taken: No Action Taken. Entry "HKCR\Cerberus.CerberusCDPlayer.1" refers to invalid object "{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}". Action Taken: No Action Taken. Entry "HKCR\CmdLineExt.CmdLineContextMenu" refers to invalid object "{9869EFB4-18E9-11D3-A837-00104B9E30B5}". Action Taken: No Action Taken. Entry "HKCR\CmdLineExt.CmdLineContextMenu.1" refers to invalid object "{9869EFB4-18E9-11D3-A837-00104B9E30B5}". Action Taken: No Action Taken. Entry "HKCR\CoachDM.WebCoachDownload" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken. Entry "HKCR\CoachDM.WebCoachDownload.1" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken. Entry "HKCR\FE.FlashEngine" refers to invalid object "{2BAE89B0-68EF-4fab-AFF7-1E486D93F9EB}". Action Taken: No Action Taken. Entry "HKCR\FE.FlashEngine.1" refers to invalid object "{2BAE89B0-68EF-4fab-AFF7-1E486D93F9EB}". Action Taken: No Action Taken. Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\MIMEHook.CoMIMEHook" refers to invalid object "{8BBDA254-CE76-11D3-A2CE-00108335731F}". Action Taken: No Action Taken. Entry "HKCR\MIMEHook.CoMIMEHook.1" refers to invalid object "{8BBDA254-CE76-11D3-A2CE-00108335731F}". Action Taken: No Action Taken. Entry "HKCR\MIMEHook.CoMIMESink" refers to invalid object "{80373D03-D993-11D3-A2CE-00108335731F}". Action Taken: No Action Taken. Entry "HKCR\MIMEHook.CoMIMESink.1" refers to invalid object "{80373D03-D993-11D3-A2CE-00108335731F}". Action Taken: No Action Taken. Entry "HKCR\MMFWCTRL.ComboBoxCtrl.1" refers to invalid object "{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}". Action Taken: No Action Taken. Entry "HKCR\MMFWCTRL.PushBtnCtrl.1" refers to invalid object "{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}". Action Taken: No Action Taken. Entry "HKCR\MMFWCTRL.RadBtnCtrl.1" refers to invalid object "{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}". Action Taken: No Action Taken. Entry "HKCR\MMFWCTRL.SpaceBarCtrl.1" refers to invalid object "{27855D52-0913-4F88-A8CC-343D374E7CC9}". Action Taken: No Action Taken. Entry "HKCR\MMFWCTRL.TextCtrl.1" refers to invalid object "{FB215E25-F536-4B36-8262-ECF59601FAC1}". Action Taken: No Action Taken. Entry "HKCR\mmtask.MMAutoPlay" refers to invalid object "{2AF30D99-133E-421F-895A-150C432F46AC}". Action Taken: No Action Taken. Entry "HKCR\mmtask.MMAutoPlay.1" refers to invalid object "{2AF30D99-133E-421F-895A-150C432F46AC}". Action Taken: No Action Taken. Entry "HKCR\NvCpl.DesktopContext" refers to invalid object "{A70C977A-BF00-412C-90B7-034C51DA2439}". Action Taken: No Action Taken. Entry "HKCR\NvCpl.DesktopContext.1" refers to invalid object "{A70C977A-BF00-412C-90B7-034C51DA2439}". Action Taken: No Action Taken. Entry "HKCR\Pathfinder.PathfinderDownload" refers to invalid object "{1167C47F-01F9-4C08-8564-1D6C9BAAFB60}". Action Taken: No Action Taken. Entry "HKCR\Pathfinder.PathfinderDownload.1" refers to invalid object "{1167C47F-01F9-4C08-8564-1D6C9BAAFB60}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Engine_Ares" refers to invalid object "{E981D791-F499-4837-A483-5AB22F1C548F}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Engine_Ares.1" refers to invalid object "{E981D791-F499-4837-A483-5AB22F1C548F}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Engine_Cerberus" refers to invalid object "{EB511AE4-87FE-4EFB-91A3-428B2F2601F7}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Engine_Cerberus.1" refers to invalid object "{EB511AE4-87FE-4EFB-91A3-428B2F2601F7}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Engine_QuickTime" refers to invalid object "{57C368A7-F2E9-48C6-B0E2-C201751383C1}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Engine_QuickTime.1" refers to invalid object "{57C368A7-F2E9-48C6-B0E2-C201751383C1}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Engine_Real" refers to invalid object "{205D2DFB-BBAD-4DC4-A0BB-CDA12A1639CE}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Engine_Real.1" refers to invalid object "{205D2DFB-BBAD-4DC4-A0BB-CDA12A1639CE}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Engine_Winamp" refers to invalid object "{AED456C4-4866-4420-863F-35767EBED514}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Engine_Winamp.1" refers to invalid object "{AED456C4-4866-4420-863F-35767EBED514}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Engine_WMP" refers to invalid object "{D465B936-C361-4417-9AC5-35167066F84B}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Engine_WMP.1" refers to invalid object "{D465B936-C361-4417-9AC5-35167066F84B}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Phobos" refers to invalid object "{D9F99C6B-A3A6-11D4-AF64-444553546170}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Phobos.1" refers to invalid object "{D9F99C6B-A3A6-11D4-AF64-444553546170}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Player" refers to invalid object "{7C9688C3-7279-474D-ABA5-A632373D2CDB}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Player.1" refers to invalid object "{7C9688C3-7279-474D-ABA5-A632373D2CDB}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Playlist" refers to invalid object "{A105BD70-BF56-4D10-BC91-41C88321F47C}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Playlist.1" refers to invalid object "{A105BD70-BF56-4D10-BC91-41C88321F47C}". Action Taken: No Action Taken. Entry "HKCR\Phobos.SupportedType" refers to invalid object "{639A19DD-1D97-4A6E-A0D1-01E04FED563F}". Action Taken: No Action Taken. Entry "HKCR\Phobos.SupportedType.1" refers to invalid object "{639A19DD-1D97-4A6E-A0D1-01E04FED563F}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Track" refers to invalid object "{B4F80028-5714-4B7B-B9B1-5748B204799A}". Action Taken: No Action Taken. Entry "HKCR\Phobos.Track.1" refers to invalid object "{B4F80028-5714-4B7B-B9B1-5748B204799A}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken. Entry "HKCR\RealDownloadExpress.InfoWindow" refers to invalid object "{56336BCA-3D8A-11d6-A00B-0050DA18DE71}". Action Taken: No Action Taken. Entry "HKCR\RealDownloadExpress.InfoWindow.1" refers to invalid object "{56336BCA-3D8A-11d6-A00B-0050DA18DE71}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\RTCIMSP.RTCIMService" refers to invalid object "{83D4679F-B6D7-11D2-BF36-00C04FB90A03}". Action Taken: No Action Taken. Entry "HKCR\RTCIMSP.RTCIMService.1" refers to invalid object "{83D4679F-B6D7-11D2-BF36-00C04FB90A03}". Action Taken: No Action Taken. Entry "HKCR\SA.DataCache" refers to invalid object "{10F34E64-BBB2-11D6-8A17-00E029570A3E}". Action Taken: No Action Taken. Entry "HKCR\SA.DataCache.1" refers to invalid object "{10F34E64-BBB2-11D6-8A17-00E029570A3E}". Action Taken: No Action Taken. Entry "HKCR\SA.SATBMgr" refers to invalid object "{8AB5F344-B600-11D6-8A15-00E029570A3E}". Action Taken: No Action Taken. Entry "HKCR\SA.SATBMgr.1" refers to invalid object "{8AB5F344-B600-11D6-8A15-00E029570A3E}". Action Taken: No Action Taken. Entry "HKCR\Sb.SuperBuddy" refers to invalid object "{189504B8-50D1-4AA8-B4D6-95C8F58A6414}". Action Taken: No Action Taken. Entry "HKCR\Sb.SuperBuddy.1" refers to invalid object "{189504B8-50D1-4AA8-B4D6-95C8F58A6414}". Action Taken: No Action Taken. Entry "HKCR\Sb.SuperBuddyData" refers to invalid object "{A98ABF1C-107C-44E7-9254-2C3FF435D0C2}". Action Taken: No Action Taken. Entry "HKCR\Sb.SuperBuddyData.1" refers to invalid object "{A98ABF1C-107C-44E7-9254-2C3FF435D0C2}". Action Taken: No Action Taken. Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken. Entry "HKCR\WinAmpX.IWinAmpActiveX" refers to invalid object "{C28BC286-884C-4a63-8A9C-6F7F5711034F}". Action Taken: No Action Taken. Entry "HKCR\WinAmpX.IWinAmpActiveX.1" refers to invalid object "{C28BC286-884C-4a63-8A9C-6F7F5711034F}". Action Taken: No Action Taken. Entry "HKCR\WinAmpXChat.IWinAmpActiveXChat" refers to invalid object "{E3852604-B619-11d6-94EC-00047521F020}". Action Taken: No Action Taken. Entry "HKCR\WinAmpXChat.IWinAmpActiveXChat.1" refers to invalid object "{E3852604-B619-11d6-94EC-00047521F020}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\X10net.X10Control" refers to invalid object "{001000AF-2DEF-0001-10B6-DC5BA692C858}". Action Taken: No Action Taken. Entry "HKCR\X10net.X10Control.1" refers to invalid object "{001000AF-2DEF-0001-10B6-DC5BA692C858}". Action Taken: No Action Taken. Entry "HKCR\X10net.X10Interface" refers to invalid object "{001000AF-2DEF-0002-10B6-DC5BA692C858}". Action Taken: No Action Taken. Entry "HKCR\X10net.X10Interface.1" refers to invalid object "{001000AF-2DEF-0002-10B6-DC5BA692C858}". Action Taken: No Action Taken. Entry "HKCR\X10net.XButton" refers to invalid object "{001000AF-2DEF-0105-10B6-DC5BA692C858}". Action Taken: No Action Taken. Entry "HKCR\X10net.XButton.1" refers to invalid object "{001000AF-2DEF-0105-10B6-DC5BA692C858}". Action Taken: No Action Taken. Entry "HKCR\Xanthe.XantheQuickTimePlayer" refers to invalid object "{1CB749C0-81EC-484E-B82C-ADD141FC6415}". Action Taken: No Action Taken. Entry "HKCR\Xanthe.XantheQuickTimePlayer.1" refers to invalid object "{1CB749C0-81EC-484E-B82C-ADD141FC6415}". Action Taken: No Action Taken. Entry "HKCR\YGPPicInfo.IImageInfo" refers to invalid object "{AD41621C-A2DD-487D-A24B-8BE40116A5A3}". Action Taken: No Action Taken. Entry "HKCR\YGPPicInfo.IImageInfo.1" refers to invalid object "{AD41621C-A2DD-487D-A24B-8BE40116A5A3}". Action Taken: No Action Taken. Entry "HKCR\YGPPicInfo.PictureInfo" refers to invalid object "{943742F6-3A40-43FF-97F4-A1750D97B200}". Action Taken: No Action Taken. Entry "HKCR\YGPPicInfo.PictureInfo.1" refers to invalid object "{943742F6-3A40-43FF-97F4-A1750D97B200}". Action Taken: No Action Taken. Entry "HKCR\YGPPicInfo.PictureInfos" refers to invalid object "{84CBABC2-D3BE-4EEF-8394-121FAC215CEF}". Action Taken: No Action Taken. Entry "HKCR\YGPPicInfo.PictureInfos.1" refers to invalid object "{84CBABC2-D3BE-4EEF-8394-121FAC215CEF}". Action Taken: No Action Taken. Datei C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\this acid exit bolt\grey else.exe infiziert von "Trojan-Downloader.Win32.Swizzor.ds" Virus. Aktion vorgenommen: No Action Taken. Datei C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\1 copy book\kyulliwo.exe infiziert von "Trojan-Downloader.Win32.Swizzor.ds" Virus. Aktion vorgenommen: No Action Taken. Datei C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\1 copy book\phonemanageruser.exe infiziert von "Trojan-Downloader.Win32.Swizzor.cb" Virus. Aktion vorgenommen: No Action Taken. Datei C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Software bias ping\Clock bike.exe infiziert von "Trojan-Downloader.Win32.Swizzor.bo" Virus. Aktion vorgenommen: No Action Taken. Datei C:\Dokumente und Einstellungen\Kunde\Desktop\backups\backup-20050830-230853-992.dll infiziert von "Trojan-Downloader.Win32.Swizzor.bo" Virus. Aktion vorgenommen: No Action Taken. File C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\DOWNLOADS\CD Cover\CD Box Labeler Pro_s151.zip tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\Eigene Bilder\Bilder---Sonstiges\Local Narcotix-Cover\LN\cdboxlabelerpro.zip tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken. Datei C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\netpumper-1.24-setup.exe infiziert von "Trojan-Downloader.Win32.Swizzor.do" Virus. Aktion vorgenommen: No Action Taken. Datei C:\Programme\AVPersonal\INFECTED\BendPoke.VIR infiziert von "Trojan-Downloader.Win32.Swizzor.co" Virus. Aktion vorgenommen: No Action Taken. |
|
|
||
31.08.2005, 23:06
Ehrenmitglied
Beiträge: 29434 |
#37
Hallo@Jannus
schau noch mal das log vom escan durch (die registryeintraege interessieren nicht so sehr, mehr, was " infiziert von" ist. das musst du loeschen Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren + Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren deinstalliere: netpumper loesche im abgesicherten modus :+ alle Unterordner: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\this acid exit bolt C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\1 copy book C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Software bias ping C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\DOWNLOADS\CD Cover\CD Box Labeler Pro_s151.zip C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\Eigene Bilder\Bilder---Sonstiges\Local Narcotix-Cover\LN\cdboxlabelerpro.zip C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\netpumper-1.24-setup.exe CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html wenn das erledigt ist: Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein: dir %Windir%\tasks /a h > files.txt notepad files.txt - Speichern als: findjobs.bat - abspeichern unter : Dateityp: alle Dateien - speichere auf dem Desktop - Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.09.2005, 17:40
...neu hier
Beiträge: 8 |
#38
Hi Sabina!
Bin deinen Anweisungen gefolgt. eScan LogFile kann ich aus den genannten Gründen leider nicht erstellen, dafür hier der text aus der findjobs.bat im abgesicherten Modus: Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: E017-21B3 Verzeichnis von C:\WINDOWS\tasks 29.08.2005 22:06 <DIR> . 29.08.2005 22:06 <DIR> .. 31.08.2005 22:00 268 AA81236D9186DDD1.job 29.08.2002 14:00 65 desktop.ini 01.09.2005 17:27 6 SA.DAT 3 Datei(en) 339 Bytes Verzeichnis von C:\Dokumente und Einstellungen\Administrator\Desktop Grüße und ich hoffe das es weiterhilft! |
|
|
||
01.09.2005, 17:49
Ehrenmitglied
Beiträge: 29434 |
#39
Hallo@Jannus
Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein: %systemdrive% cd C:\WINDOWS\Tasks attrib -r -s -h AA81236D9186DDD1.job del AA81236D9186DDD1.job - Speichern als: remjob.bat - abspeichern unter : Dateityp: alle Dateien - speichere auf dem Desktop - Locate remjob.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich kurz ist normal Poste nochmals findjobs.bat __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.09.2005, 18:19
...neu hier
Beiträge: 8 |
#40
Hallo! Hier der Text aus der Datei:
Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: E017-21B3 Verzeichnis von C:\WINDOWS\tasks 01.09.2005 18:23 <DIR> . 01.09.2005 18:23 <DIR> .. 29.08.2002 14:00 65 desktop.ini 01.09.2005 17:42 6 SA.DAT 2 Datei(en) 71 Bytes Verzeichnis von C:\Dokumente und Einstellungen\Kunde\Desktop |
|
|
||
01.09.2005, 20:27
Ehrenmitglied
Beiträge: 29434 |
#41
Hallo Jannus
bitte abarbeiten + alle Pfade mitposten http://virus-protect.org/datfindbat.html #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein + das neue Log vom HijackTHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.09.2005, 20:51
...neu hier
Beiträge: 8 |
#42
Hallo! Ok, hier die ca. 20 Tage!
Erstens: Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: E017-21B3 Verzeichnis von C:\WINDOWS\system32 01.09.2005 19:40 890 vsconfig.xml 29.08.2005 22:10 4.212 zllictbl.dat 29.08.2005 21:43 100 LuResult.txt 29.08.2005 08:00 396.750 perfh009.dat 29.08.2005 08:00 60.274 perfc009.dat 29.08.2005 08:00 71.212 perfc007.dat 29.08.2005 08:00 407.668 perfh007.dat 29.08.2005 08:00 947.618 PerfStringBackup.INI 28.08.2005 22:10 1.158 wpa.dbl 05.08.2005 03:31 1.457.496 MRT.exe 29.07.2005 20:49 840.920 FNTCACHE.DAT 20.07.2005 04:04 3.012.096 mshtml.dll 08.07.2005 18:28 76.800 remotesp.tsp 08.07.2005 18:28 249.344 tapisrv.dll 03.07.2005 04:15 664.064 wininet.dll 03.07.2005 04:15 1.484.288 shdocvw.dll 03.07.2005 04:15 605.696 urlmon.dll 03.07.2005 04:15 474.112 shlwapi.dll 03.07.2005 04:15 39.424 pngfilt.dll 03.07.2005 04:15 146.432 msrating.dll 03.07.2005 04:15 448.512 mshtmled.dll 03.07.2005 04:15 251.392 iepeers.dll 03.07.2005 04:15 96.768 inseng.dll 03.07.2005 04:15 1.019.904 browseui.dll 03.07.2005 04:15 152.064 cdfview.dll 01.07.2005 15:47 4.754 qtplugin.log 30.06.2005 04:05 119.296 umpnpmgr.dll 29.06.2005 03:49 254.976 icm32.dll 29.06.2005 03:49 74.240 mscms.dll 20.06.2005 12:44 16.832 amcompat.tlb 20.06.2005 12:44 23.392 nscompat.tlb 15.06.2005 19:49 295.936 kerberos.dll 13.06.2005 19:05 42.982 PDDSLADP.DLL 13.06.2005 19:05 9.728 rnaph.dll 11.06.2005 01:53 57.856 spoolsv.exe 03.06.2005 05:44 67.336 zlcommdb.dll 03.06.2005 05:44 75.528 zlcomm.dll 03.06.2005 05:43 100.096 vsxml.dll 03.06.2005 05:43 354.056 vsutil.dll 03.06.2005 05:43 71.432 vsregexp.dll 03.06.2005 05:43 198.408 vspubapi.dll 03.06.2005 05:43 108.296 vsmonapi.dll 03.06.2005 05:43 124.680 vsinit.dll 03.06.2005 05:42 279.656 vsdatant.sys 03.06.2005 05:42 75.528 vsdata.dll 03.06.2005 05:16 50.864 vsutil_loc0407.dll 27.05.2005 15:13 4.970 nmwcdlog.dll 27.05.2005 15:13 53.050 nmwcdcls.dll 27.05.2005 04:04 41.472 hhsetup.dll 27.05.2005 04:04 137.216 itss.dll 27.05.2005 04:04 546.304 hhctrl.ocx 27.05.2005 04:04 155.136 itircl.dll 26.05.2005 04:16 173.536 wuweb.dll 26.05.2005 04:16 1.343.768 wuaueng.dll 26.05.2005 04:16 41.240 wups.dll 26.05.2005 04:16 18.200 wups2.dll 26.05.2005 04:16 75.544 cdm.dll 26.05.2005 04:16 198.424 iuengine.dll 26.05.2005 04:16 466.200 wuapi.dll 26.05.2005 04:16 124.696 wuauclt.exe 26.05.2005 04:16 194.840 wuaueng1.dll 26.05.2005 04:16 174.872 wuaucpl.cpl 26.05.2005 04:16 128.280 wucltui.dll 26.05.2005 04:16 174.872 wuauclt1.exe 17.05.2005 02:42 17.408 xpsp3res.dll 11.05.2005 04:30 78.336 telnet.exe 04.05.2005 14:45 2.890.240 msi.dll Zweitens: Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: E017-21B3 Verzeichnis von C:\DOKUME~1\Kunde\LOKALE~1\Temp 01.09.2005 19:39 16.384 ~DFC9FF.tmp 01.09.2005 18:34 16.384 ~DFBBF7.tmp 01.09.2005 17:42 16.384 ~DFBD6F.tmp 01.09.2005 17:16 16.384 ~DFCB7A.tmp 01.09.2005 08:26 16.384 ~DFC650.tmp 01.09.2005 08:08 16.384 ~DFB605.tmp 31.08.2005 18:58 16.384 ~DFC9BA.tmp 31.08.2005 17:52 5.762 MWAV.LOG 31.08.2005 17:28 44.809.594 clipboardcache 31.08.2005 17:26 2.127 mwXface.log 31.08.2005 17:24 16.384 ~DFC2A5.tmp 31.08.2005 08:12 16.384 ~DFD986.tmp 31.08.2005 00:01 81.920 ~DF6423.tmp 30.08.2005 23:58 16.384 ~DFC39E.tmp 24.08.2005 13:01 32.710 daily.avc 24.08.2005 13:01 18.372 worm006.avc 24.08.2005 13:01 11.402 avp.klb 24.08.2005 13:01 11.869 daily-ex.avc Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: E017-21B3 Verzeichnis von C:\WINDOWS 01.09.2005 19:55 1.125 winamp.ini 01.09.2005 19:40 0 0.log 01.09.2005 19:39 159 wiadebug.log 01.09.2005 19:39 50 wiaservc.log 01.09.2005 19:39 2.048 bootstat.dat 01.09.2005 19:15 1.304 SchedLgU.Txt 01.09.2005 19:15 1.800 WindowsUpdate.log 01.09.2005 18:33 787 win.ini 01.09.2005 18:33 289 system.ini 01.09.2005 17:42 0 Sti_Trace.log 21.08.2005 23:52 1.049.920 setupapi.log.0.old 17.08.2005 17:29 2.446 wininit.ini 17.08.2005 17:28 283 awprotoc.txt 17.08.2005 17:28 61 awerror.txt 30.07.2005 17:05 265 nokiaimageconverter.INI 30.07.2005 13:37 0 nokiacontentcopier.INI 22.07.2005 12:18 24.037 cdplayer.ini 07.07.2005 12:09 2.518 my.ini 07.07.2005 10:11 3.854 ModemLog_Nokia 6230 USB.txt 06.07.2005 14:30 99.970 UninstallFirefox.exe 06.07.2005 14:22 5.448 mozver.dat 03.07.2005 22:38 720.896 iun6002.exe 03.07.2005 22:05 549 eReg.dat 18.06.2005 14:35 316.640 WMSysPr9.prx |
|
|
||
01.09.2005, 21:55
Ehrenmitglied
Beiträge: 29434 |
#43
#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein + das neue Log vom HijackTHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.09.2005, 22:38
...neu hier
Beiträge: 8 |
#44
Wenn ich die Webeinstellungen wie beschrieben zurücksetzen will, dann erhalte ich die Fehlermeldung "Die Webeinstellungen konnten nicht zurückgesetzt werden". Komisch. Funktioniert auf jeden Fall nicht. Hier die HighjackThis-LogFile:
Logfile of HijackThis v1.99.1 Scan saved at 21:00:42, on 01.09.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\mHotkey.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\tppaldr.exe C:\Programme\ICQLite\ICQLite.exe C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Winamp\winampa.exe C:\Programme\AVPersonal\AVGNT.EXE C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Pinnacle\MediaCenter\Remote\Remoterm.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Programme\Sitecom\Sitecom WLAN\WLANUTL.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\cisvc.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Kunde\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msn.de/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2FD43A23-F189-BD71-B3C2-8D2AF302B5C8} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [PMCRemote] C:\Programme\Pinnacle\MediaCenter\Remote\Remoterm.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: Verknüpfung mit Erinnerungen.lnk = C:\Dokumente und Einstellungen\Kunde\Desktop\Erinnerungen.txt O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Service Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Sitecom WLAN Client Utility.lnk = ? O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0D481E1F-8C04-4E38-AEF2-3B280A6BFCFE} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0D481E1F-8C04-4E38-AEF2-3B280A6BFCFE} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O15 - Trusted Zone: www.chip.de O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing) |
|
|
||
02.09.2005, 13:27
Ehrenmitglied
Beiträge: 29434 |
#45
Hallo@Jannus
fixe mit dem hijackThis: O2 - BHO: (no name) - {2FD43A23-F189-BD71-B3C2-8D2AF302B5C8} - (no file) O2 - BHO: (no name) - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0D481E1F-8C04-4E38-AEF2-3B280A6BFCFE} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0D481E1F-8C04-4E38-AEF2-3B280A6BFCFE} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) und ansonsten: Alles Gute fuer dich + PC Das mit den Webeinstellungen zuruecksetzen, ...warum es nicht funktioniert, ist mir ebenfalls schleierhaft....Vielleicht, weil der Firefox der Standartbrowser ist ???? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Super, jetzt sind wir echt Happy und vor allem die Rechner müßtest Du mal sehen, die flippen fast aus mit der neuen Freiheit!
Mal im Ernst, wie machen wir dass nun mit der Runde? Ich will nicht, dass es heißt, erst hatte der ne große Klappe und dann kommt nichts!
Sag mir wie und wann und dann lässt sich bestimmt was einrichten!!!
Viele Grüße aus dem in der Abenddämmerung versinkendem Städtchen in Brandenburg....
Danny