Trojaner TR/Swizzor.GF

#31 Herzlichsten Dank liebe Sabina!

Super, jetzt sind wir echt Happy und vor allem die Rechner müßtest Du mal sehen, die flippen fast aus mit der neuen Freiheit!

Mal im Ernst, wie machen wir dass nun mit der Runde? Ich will nicht, dass es heißt, erst hatte der ne große Klappe und dann kommt nichts!

Sag mir wie und wann und dann lässt sich bestimmt was einrichten!!!

Viele Grüße aus dem in der Abenddämmerung versinkendem Städtchen in Brandenburg....

Danny

#32 Hallo!

Bin total verzweifelt. Mich hat ebenfalls dieser Trojaner befallen und ich bekomme das Teil ebenfalls nicht weg. Habe AntiVir mehrmals durchlaufen lassen und er findet nach dem löschen den Trojaner trotzdem immer wieder. Habe AntiVir auch im Abgesicherten Modus durchlaufen lassen, hat ebenfalls nichtsgebracht. Hier meine HighjackThis-Logfile. Hoffentlich könnt ihr mir auch helfen!!!

Logfile of HijackThis v1.99.1
Scan saved at 23:10:16, on 30.08.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\tppaldr.exe
C:\Programme\ICQLite\ICQLite.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AVPersonal\AVSched32.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programme\Sitecom\Sitecom WLAN\WLANUTL.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Dokumente und Einstellungen\Kunde\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msn.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6291957C-8CE9-4c90-BEFF-12D9E68CFF30} - C:\Programme\MoreGoogle\MoreGoogle.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Verknüpfung mit Erinnerungen.lnk = C:\Dokumente und Einstellungen\Kunde\Desktop\Erinnerungen.txt
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Sitecom WLAN Client Utility.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0D481E1F-8C04-4E38-AEF2-3B280A6BFCFE} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0D481E1F-8C04-4E38-AEF2-3B280A6BFCFE} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O15 - Trusted Zone: www.chip.de
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing)

#33 Hallo@Jannus

Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren
+
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

O2 - BHO: (no name) - {6291957C-8CE9-4c90-BEFF-12D9E68CFF30} - C:\Programme\MoreGoogle\MoreGoogle.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)

PC neustarten

C:\Programme\MoreGoogle deinstallieren

CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html

escan (scannen und alles posten, bitte )
http://virus-protect.org/escan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#34 Hallo! Habe alles so gemacht, bis auf eScan. Das Programm sagt "Download-Seite nicht gefunden. Aktionen werden abgebrochen" oder "KAVUpd.exe nicht gefunden". Woran liegt das? Vielen Dank schon jetzt für deine Hilfe!

#35 Alternativ-Download: MicroWorld FREE AntiVirus Toolkit Utility /kein automatisches Löschen der infizierten Datein,es ist nur ein Erkennungstool
Nach dem Download, muss das Archiv mittels WinRAR entpackt werden.
http://www.mwti.net/antivirus/free_utilities.asp
__________
MfG Sabina

rund um die PC-Sicherheit

#36 Hallo! Die komplette LogFile von Microworld AntiVirus & Spyware Tolkit Utility wäre 21.5 MB groß. Ist das normal? Hier ist die Logfile von den Meldungen, ich hoffe das hilft weiter!

Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "StyleXP Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe\Photoshop Album\Kataloge\My Catalog.psa". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ICSI.exe" refers to invalid object "C:\Programme\ICSI\Multi-Card Reader & Flash Disk\ICSI.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe" refers to invalid object "C:\Programme\EA GAMES\Battlefield Vietnam\YourApp.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PrintMe Internet Printing\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\InstantCDDVD\Projects\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\InstantCDDVD\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\InstantCDDVD\Labels\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Pinnacle\InstantCDDVD\InstantAudio\Group\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Pinnacle Expression\Captured Video\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Pinnacle Expression\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\DOKUME~1\Besitzer\LOKALE~1\Temp\SqlSetup\Temp\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\DOKUME~1\Besitzer\LOKALE~1\Temp\SqlSetup\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Common Client\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton Internet Security\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton Internet Security\Norton AntiVirus\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".000". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".002". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dnl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".hex". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mpga". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PQI". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sdp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ssm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xpl". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AdSupport_153". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Connectivity Services". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810243". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB820291". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821253". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825116". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB832418". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833998". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837272". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveReg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveUpdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.0)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.0.1)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.0.2)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q322011". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331695". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331958". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815485". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{026873C3-DBAD-488F-A8D4-1379EE0CA8AB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{34957B51-9676-41CE-9E52-44AE91B73F1C}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{457791C5-D702-4143-A7B2-2744BE9573F2}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{64FC0C98-B035-4530-B15D-3D30610B6DF1}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1031-7646-000000000001}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0006F03A-0000-0000-C000-000000000046}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\ScrBlock.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{000F6D87-05DD-11D4-B451-002018521F9B}" refers to invalid object "C:\Programme\HTML-Kit\Bin\HTMLKit.exe /Automation". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00e0313F-8627-45db-863d-fd41083c3d32}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}" refers to invalid object "C:\Programme\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{14DB4DBD-FB4A-458e-8699-F9EB4BDAFEBC}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{19038319-D799-4819-94C0-1A115A590BF8}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}" refers to invalid object "C:\Programme\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B1AB619-0961-11D4-87D8-00104B33150F}" refers to invalid object "C:\Programme\PowerArchiver\DZGTACTX.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B1AB61C-0961-11D4-87D8-00104B33150F}" refers to invalid object "C:\Programme\PowerArchiver\DZGTACTX.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{225789FB-CCA8-11D2-A719-0060B0B41584}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5AE27C1B-171A-4CF3-8693-EEA47C577614}" refers to invalid object "C:\Programme\Namo\WebEditor 6 Trial\bin\NamoUtil.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5C4C8078-24CF-4c71-B05E-8B1D935DB5AC}" refers to invalid object "C:\Programme\MSN Messenger\msnmsgr.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{602DB47D-DFE2-4553-8C54-0522A9DC74AC}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{752B9690-7A0B-4c67-8A09-AE3885CFCDF4}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}" refers to invalid object "C:\Programme\AOL 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{762DAFB9-15BD-4b41-B919-F3D5023D1E78}" refers to invalid object "C:\Programme\MSN Messenger\msnmsgr.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{79498D83-FEFE-4e36-8B7E-E9CF79F010B0}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7BD901A3-39BA-419b-AF57-EAA3145420DF}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8FC6A820-6BFC-11d6-A10D-0010A49A288A}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9482BC28-EAA5-4b6e-82E9-C6832320936E}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9BC1DF15-0290-11D5-BD0E-00C04F0E0588}" refers to invalid object "C:\Programme\CA\eTrust Antivirus\OemComNA.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A1D4C083-9DC1-11D3-A0E5-EE8CC3DFDF35}" refers to invalid object "G:\TOOLS\Winflash\WinFlash.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A3E84F97-4A68-4e42-9976-DA8DF946B571}" refers to invalid object "C:\Programme\MSN Messenger\msnmsgr.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A4D78B20-6E05-1069-8758-4E73FD83DEAD}" refers to invalid object "dropcpyr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AC44023F-D183-4397-9D02-27D34F120CB2}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB4AEB43-D0AB-11D2-A719-0060B0B41584}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BBDA76FB-B05C-4A30-8E75-A96499A840D1}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C689CA08-726F-4676-8876-99F163685B32}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C8A7FDAD-94D1-4da6-8D95-75888FB12DD4}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CF6C0D98-B3D9-475e-A0A0-9478000FE0B7}" refers to invalid object "C:\Programme\Namo\WebEditor 6 Trial\bin\NamoWEMIME.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DCED20BE-3645-11D4-BC95-00C04F0E0588}" refers to invalid object "C:\Programme\CA\eTrust Antivirus\InoShell.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E1E1BDF0-2B5F-11D4-B6BC-00902766C0E3}" refers to invalid object "C:\Programme\Corel\CorelDRAW ESSENTIALS 2\PROGRAMS\CorelDRAW110.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E3393F8F-B0C2-4103-A9E6-E0EB74645770}" refers to invalid object ""C:\Programme\AOL 9.0\waol.exe"". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{000F6D84-05DD-11D4-B451-002018521F9B}" refers to invalid object "C:\Programme\HTML-Kit\Bin\HTMLKit.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1B1AB603-0961-11D4-87D8-00104B33150F}" refers to invalid object "C:\Programme\PowerArchiver\DZGTACTX.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{443D4EEA-F15D-4F52-A2D4-3AA6FB2D52DE}" refers to invalid object "C:\Programme\Namo\WebEditor 6 Trial\bin\NamoUtil.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{51F9241C-CB5F-408E-8FE9-82889CC77B13}" refers to invalid object "C:\DOKUME~1\Kunde\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{834CC82A-7677-42C1-9F93-90BBFA6CF197}" refers to invalid object "C:\DOKUME~1\Kunde\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D5F0F0BA-BC69-446E-9EB1-4F2333651740}" refers to invalid object "C:\DOKUME~1\Kunde\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}" refers to invalid object "C:\Programme\NetPumper\NetPumperNNProxy.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FD2A6709-9AC7-468E-8E5E-357809376B76}" refers to invalid object "C:\Programme\Namo\WebEditor 6 Trial\bin\NamoWEMIME.dll". Action Taken: No Action Taken.
Entry "HKCR\.001" refers to invalid object "PARAR". Action Taken: No Action Taken.
Entry "HKCR\.psp" refers to invalid object "PaintShopPro8.Image". Action Taken: No Action Taken.
Entry "HKCR\.sdp" refers to invalid object "soffice.StarStorageDocument.5". Action Taken: No Action Taken.
Entry "HKCR\.tub" refers to invalid object "PaintShopPro8.PictureTube". Action Taken: No Action Taken.
Entry "HKCR\.xpi" refers to invalid object "PAZIP". Action Taken: No Action Taken.
Entry "HKCR\ABUI.ABUI.1" refers to invalid object "{61E15DE7-D229-4eb3-A460-40DCDDA60DA7}". Action Taken: No Action Taken.
Entry "HKCR\AccAOL.AccessAOL" refers to invalid object "{1B28020D-9DE7-11D4-A2D4-001083025146}". Action Taken: No Action Taken.
Entry "HKCR\AccAOL.AccessAOL.1" refers to invalid object "{1B28020D-9DE7-11D4-A2D4-001083025146}". Action Taken: No Action Taken.
Entry "HKCR\ACHtmfu.HtmlFunctions" refers to invalid object "{756A2CB8-EC02-4DC8-8588-296C611A5365}". Action Taken: No Action Taken.
Entry "HKCR\ACHtmfu.HtmlFunctions.1" refers to invalid object "{756A2CB8-EC02-4DC8-8588-296C611A5365}". Action Taken: No Action Taken.
Entry "HKCR\air2mp3.Document\shell\open\command" refers to invalid object "C:\PROGRA~1\air2mp3\air2mp3.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\AOL.MemExpWz" refers to invalid object "{18477169-4752-41DC-AB0F-C50EBA75641D}". Action Taken: No Action Taken.
Entry "HKCR\AOL.MemExpWz.1" refers to invalid object "{18477169-4752-41DC-AB0F-C50EBA75641D}". Action Taken: No Action Taken.
Entry "HKCR\AOL.MimeController" refers to invalid object "{E9DD2392-EF9B-4963-BEDF-F86C0A2B762A}". Action Taken: No Action Taken.
Entry "HKCR\AOL.MimeController.1" refers to invalid object "{E9DD2392-EF9B-4963-BEDF-F86C0A2B762A}". Action Taken: No Action Taken.
Entry "HKCR\AOL.PicDownloadCtrl" refers to invalid object "{D670D0B3-05AB-4115-9F87-D983EF1AC747}". Action Taken: No Action Taken.
Entry "HKCR\AOL.PicDownloadCtrl.1" refers to invalid object "{D670D0B3-05AB-4115-9F87-D983EF1AC747}". Action Taken: No Action Taken.
Entry "HKCR\AOL.PicEditCtrl" refers to invalid object "{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}". Action Taken: No Action Taken.
Entry "HKCR\AOL.PicEditCtrl.1" refers to invalid object "{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}". Action Taken: No Action Taken.
Entry "HKCR\AOL.PicSsvrCtrl" refers to invalid object "{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}". Action Taken: No Action Taken.
Entry "HKCR\AOL.PicSsvrCtrl.1" refers to invalid object "{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}". Action Taken: No Action Taken.
Entry "HKCR\AOL.UPFCtrl" refers to invalid object "{98BFD494-F6AD-4794-9038-832C0654CC43}". Action Taken: No Action Taken.
Entry "HKCR\AOL.UPFCtrl.1" refers to invalid object "{98BFD494-F6AD-4794-9038-832C0654CC43}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACCalendarDCtrl" refers to invalid object "{63435828-E10D-42d5-8859-C94796B7C22D}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACCalendarDCtrl.4" refers to invalid object "{63435828-E10D-42d5-8859-C94796B7C22D}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACCalendarListCtrl" refers to invalid object "{A8ABE123-FAC4-41c1-ABA3-051B6F112B83}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACCalendarListCtrl.5" refers to invalid object "{A8ABE123-FAC4-41c1-ABA3-051B6F112B83}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACDayBoxViewCtrl" refers to invalid object "{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACDayBoxViewCtrl.5" refers to invalid object "{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACDictionary" refers to invalid object "{9F62797E-1249-4596-9FF7-AC6D851A542A}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACDictionary.5" refers to invalid object "{9F62797E-1249-4596-9FF7-AC6D851A542A}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACEventConflictCtrl" refers to invalid object "{B3E7BCF9-05C8-4233-BA88-37FDA4AD3147}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACEventConflictCtrl.5" refers to invalid object "{B3E7BCF9-05C8-4233-BA88-37FDA4AD3147}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACMonthViewCtrl" refers to invalid object "{0FE9096F-7F7A-4e40-857C-E48A53440DFE}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACMonthViewCtrl.5" refers to invalid object "{0FE9096F-7F7A-4e40-857C-E48A53440DFE}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACMPickerCtrl" refers to invalid object "{DA3C177A-D1DA-47f2-BBF0-E9710CA7253F}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACMPickerCtrl.5" refers to invalid object "{DA3C177A-D1DA-47f2-BBF0-E9710CA7253F}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACToolBarCtrl" refers to invalid object "{F4F30C01-A7B4-492e-943E-58A7CF2D9DD6}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACToolBarCtrl.5" refers to invalid object "{F4F30C01-A7B4-492e-943E-58A7CF2D9DD6}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACTopToolBarCtrl" refers to invalid object "{09E6F477-C3C3-4636-8BFD-2DDB36147FEC}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACTopToolBarCtrl.5" refers to invalid object "{09E6F477-C3C3-4636-8BFD-2DDB36147FEC}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACWebDlgHelper" refers to invalid object "{6AD3B5BD-9A96-4ca2-9455-2034D05EB134}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACWebDlgHelper.5" refers to invalid object "{6AD3B5BD-9A96-4ca2-9455-2034D05EB134}". Action Taken: No Action Taken.
Entry "HKCR\AOLCoach.TrainerOCXCtrl.10" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\Ares.AresPlayer" refers to invalid object "{4E97BE17-3300-4A4F-B380-5988DD771F1F}". Action Taken: No Action Taken.
Entry "HKCR\Ares.AresPlayer.1" refers to invalid object "{4E97BE17-3300-4A4F-B380-5988DD771F1F}". Action Taken: No Action Taken.
Entry "HKCR\ATLPlugin.ATL3DPage_d2.1" refers to invalid object "{cc10ddda-2452-4598-a6c4-f9f2f0b6a758
}". Action Taken: No Action Taken.
Entry "HKCR\AxTrack" refers to invalid object "{5145942E-41DF-4658-B7C4-089F48E84A75}". Action Taken: No Action Taken.
Entry "HKCR\AxTrack.CoAxTrack" refers to invalid object "{B9F3009B-976B-41C4-A992-229DCCF3367C}". Action Taken: No Action Taken.
Entry "HKCR\AxTrack.CoAxTrack.1" refers to invalid object "{B9F3009B-976B-41C4-A992-229DCCF3367C}". Action Taken: No Action Taken.
Entry "HKCR\AxTrack.CoAxTrackMk" refers to invalid object "{5145942E-41DF-4658-B7C4-089F48E84A75}". Action Taken: No Action Taken.
Entry "HKCR\AxTrack.CoAxTrackMk.1" refers to invalid object "{5145942E-41DF-4658-B7C4-089F48E84A75}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControl.CddbTrackManager" refers to invalid object "{00014C0D-B007-4448-B89B-4EC3E857961D}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControl.CddbTrackManager.1" refers to invalid object "{00014C0D-B007-4448-B89B-4EC3E857961D}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CDDBAOLControl.1" refers to invalid object "{229b78d5-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CDDBControl" refers to invalid object "{229b78d5-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbCredit" refers to invalid object "{229b78e2-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbCredit.1" refers to invalid object "{229b78e2-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbDisc" refers to invalid object "{229b78d5-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbDisc.1" refers to invalid object "{229b78d5-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbFullName.1" refers to invalid object "{229b78e1-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbID3Tag" refers to invalid object "{bc8a96c6-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbID3Tag.1" refers to invalid object "{bc8a96c6-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbID3TagManager" refers to invalid object "{bc8a96c5-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbID3TagManager.1" refers to invalid object "{bc8a96c5-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbInfoWindow" refers to invalid object "{bc8a96c7-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbInfoWindow.1" refers to invalid object "{bc8a96c7-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbSegment" refers to invalid object "{229b78df-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbSegment.1" refers to invalid object "{229b78df-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbUIOptions" refers to invalid object "{bc8a96c8-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbUIOptions.1" refers to invalid object "{bc8a96c8-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbURL" refers to invalid object "{229b78e0-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbURL.1" refers to invalid object "{229b78e0-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbURLManager" refers to invalid object "{bc8a96c4-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbURLManager.1" refers to invalid object "{bc8a96c4-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.FullName" refers to invalid object "{229b78e1-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\Cerberus.CerberusCDPlayer" refers to invalid object "{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}". Action Taken: No Action Taken.
Entry "HKCR\Cerberus.CerberusCDPlayer.1" refers to invalid object "{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}". Action Taken: No Action Taken.
Entry "HKCR\CmdLineExt.CmdLineContextMenu" refers to invalid object "{9869EFB4-18E9-11D3-A837-00104B9E30B5}". Action Taken: No Action Taken.
Entry "HKCR\CmdLineExt.CmdLineContextMenu.1" refers to invalid object "{9869EFB4-18E9-11D3-A837-00104B9E30B5}". Action Taken: No Action Taken.
Entry "HKCR\CoachDM.WebCoachDownload" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\CoachDM.WebCoachDownload.1" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\FE.FlashEngine" refers to invalid object "{2BAE89B0-68EF-4fab-AFF7-1E486D93F9EB}". Action Taken: No Action Taken.
Entry "HKCR\FE.FlashEngine.1" refers to invalid object "{2BAE89B0-68EF-4fab-AFF7-1E486D93F9EB}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\MIMEHook.CoMIMEHook" refers to invalid object "{8BBDA254-CE76-11D3-A2CE-00108335731F}". Action Taken: No Action Taken.
Entry "HKCR\MIMEHook.CoMIMEHook.1" refers to invalid object "{8BBDA254-CE76-11D3-A2CE-00108335731F}". Action Taken: No Action Taken.
Entry "HKCR\MIMEHook.CoMIMESink" refers to invalid object "{80373D03-D993-11D3-A2CE-00108335731F}". Action Taken: No Action Taken.
Entry "HKCR\MIMEHook.CoMIMESink.1" refers to invalid object "{80373D03-D993-11D3-A2CE-00108335731F}". Action Taken: No Action Taken.
Entry "HKCR\MMFWCTRL.ComboBoxCtrl.1" refers to invalid object "{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}". Action Taken: No Action Taken.
Entry "HKCR\MMFWCTRL.PushBtnCtrl.1" refers to invalid object "{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}". Action Taken: No Action Taken.
Entry "HKCR\MMFWCTRL.RadBtnCtrl.1" refers to invalid object "{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}". Action Taken: No Action Taken.
Entry "HKCR\MMFWCTRL.SpaceBarCtrl.1" refers to invalid object "{27855D52-0913-4F88-A8CC-343D374E7CC9}". Action Taken: No Action Taken.
Entry "HKCR\MMFWCTRL.TextCtrl.1" refers to invalid object "{FB215E25-F536-4B36-8262-ECF59601FAC1}". Action Taken: No Action Taken.
Entry "HKCR\mmtask.MMAutoPlay" refers to invalid object "{2AF30D99-133E-421F-895A-150C432F46AC}". Action Taken: No Action Taken.
Entry "HKCR\mmtask.MMAutoPlay.1" refers to invalid object "{2AF30D99-133E-421F-895A-150C432F46AC}". Action Taken: No Action Taken.
Entry "HKCR\NvCpl.DesktopContext" refers to invalid object "{A70C977A-BF00-412C-90B7-034C51DA2439}". Action Taken: No Action Taken.
Entry "HKCR\NvCpl.DesktopContext.1" refers to invalid object "{A70C977A-BF00-412C-90B7-034C51DA2439}". Action Taken: No Action Taken.
Entry "HKCR\Pathfinder.PathfinderDownload" refers to invalid object "{1167C47F-01F9-4C08-8564-1D6C9BAAFB60}". Action Taken: No Action Taken.
Entry "HKCR\Pathfinder.PathfinderDownload.1" refers to invalid object "{1167C47F-01F9-4C08-8564-1D6C9BAAFB60}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_Ares" refers to invalid object "{E981D791-F499-4837-A483-5AB22F1C548F}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_Ares.1" refers to invalid object "{E981D791-F499-4837-A483-5AB22F1C548F}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_Cerberus" refers to invalid object "{EB511AE4-87FE-4EFB-91A3-428B2F2601F7}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_Cerberus.1" refers to invalid object "{EB511AE4-87FE-4EFB-91A3-428B2F2601F7}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_QuickTime" refers to invalid object "{57C368A7-F2E9-48C6-B0E2-C201751383C1}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_QuickTime.1" refers to invalid object "{57C368A7-F2E9-48C6-B0E2-C201751383C1}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_Real" refers to invalid object "{205D2DFB-BBAD-4DC4-A0BB-CDA12A1639CE}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_Real.1" refers to invalid object "{205D2DFB-BBAD-4DC4-A0BB-CDA12A1639CE}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_Winamp" refers to invalid object "{AED456C4-4866-4420-863F-35767EBED514}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_Winamp.1" refers to invalid object "{AED456C4-4866-4420-863F-35767EBED514}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_WMP" refers to invalid object "{D465B936-C361-4417-9AC5-35167066F84B}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_WMP.1" refers to invalid object "{D465B936-C361-4417-9AC5-35167066F84B}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Phobos" refers to invalid object "{D9F99C6B-A3A6-11D4-AF64-444553546170}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Phobos.1" refers to invalid object "{D9F99C6B-A3A6-11D4-AF64-444553546170}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Player" refers to invalid object "{7C9688C3-7279-474D-ABA5-A632373D2CDB}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Player.1" refers to invalid object "{7C9688C3-7279-474D-ABA5-A632373D2CDB}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Playlist" refers to invalid object "{A105BD70-BF56-4D10-BC91-41C88321F47C}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Playlist.1" refers to invalid object "{A105BD70-BF56-4D10-BC91-41C88321F47C}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.SupportedType" refers to invalid object "{639A19DD-1D97-4A6E-A0D1-01E04FED563F}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.SupportedType.1" refers to invalid object "{639A19DD-1D97-4A6E-A0D1-01E04FED563F}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Track" refers to invalid object "{B4F80028-5714-4B7B-B9B1-5748B204799A}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Track.1" refers to invalid object "{B4F80028-5714-4B7B-B9B1-5748B204799A}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
Entry "HKCR\RealDownloadExpress.InfoWindow" refers to invalid object "{56336BCA-3D8A-11d6-A00B-0050DA18DE71}". Action Taken: No Action Taken.
Entry "HKCR\RealDownloadExpress.InfoWindow.1" refers to invalid object "{56336BCA-3D8A-11d6-A00B-0050DA18DE71}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCIMSP.RTCIMService" refers to invalid object "{83D4679F-B6D7-11D2-BF36-00C04FB90A03}". Action Taken: No Action Taken.
Entry "HKCR\RTCIMSP.RTCIMService.1" refers to invalid object "{83D4679F-B6D7-11D2-BF36-00C04FB90A03}". Action Taken: No Action Taken.
Entry "HKCR\SA.DataCache" refers to invalid object "{10F34E64-BBB2-11D6-8A17-00E029570A3E}". Action Taken: No Action Taken.
Entry "HKCR\SA.DataCache.1" refers to invalid object "{10F34E64-BBB2-11D6-8A17-00E029570A3E}". Action Taken: No Action Taken.
Entry "HKCR\SA.SATBMgr" refers to invalid object "{8AB5F344-B600-11D6-8A15-00E029570A3E}". Action Taken: No Action Taken.
Entry "HKCR\SA.SATBMgr.1" refers to invalid object "{8AB5F344-B600-11D6-8A15-00E029570A3E}". Action Taken: No Action Taken.
Entry "HKCR\Sb.SuperBuddy" refers to invalid object "{189504B8-50D1-4AA8-B4D6-95C8F58A6414}". Action Taken: No Action Taken.
Entry "HKCR\Sb.SuperBuddy.1" refers to invalid object "{189504B8-50D1-4AA8-B4D6-95C8F58A6414}". Action Taken: No Action Taken.
Entry "HKCR\Sb.SuperBuddyData" refers to invalid object "{A98ABF1C-107C-44E7-9254-2C3FF435D0C2}". Action Taken: No Action Taken.
Entry "HKCR\Sb.SuperBuddyData.1" refers to invalid object "{A98ABF1C-107C-44E7-9254-2C3FF435D0C2}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\WinAmpX.IWinAmpActiveX" refers to invalid object "{C28BC286-884C-4a63-8A9C-6F7F5711034F}". Action Taken: No Action Taken.
Entry "HKCR\WinAmpX.IWinAmpActiveX.1" refers to invalid object "{C28BC286-884C-4a63-8A9C-6F7F5711034F}". Action Taken: No Action Taken.
Entry "HKCR\WinAmpXChat.IWinAmpActiveXChat" refers to invalid object "{E3852604-B619-11d6-94EC-00047521F020}". Action Taken: No Action Taken.
Entry "HKCR\WinAmpXChat.IWinAmpActiveXChat.1" refers to invalid object "{E3852604-B619-11d6-94EC-00047521F020}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\X10net.X10Control" refers to invalid object "{001000AF-2DEF-0001-10B6-DC5BA692C858}". Action Taken: No Action Taken.
Entry "HKCR\X10net.X10Control.1" refers to invalid object "{001000AF-2DEF-0001-10B6-DC5BA692C858}". Action Taken: No Action Taken.
Entry "HKCR\X10net.X10Interface" refers to invalid object "{001000AF-2DEF-0002-10B6-DC5BA692C858}". Action Taken: No Action Taken.
Entry "HKCR\X10net.X10Interface.1" refers to invalid object "{001000AF-2DEF-0002-10B6-DC5BA692C858}". Action Taken: No Action Taken.
Entry "HKCR\X10net.XButton" refers to invalid object "{001000AF-2DEF-0105-10B6-DC5BA692C858}". Action Taken: No Action Taken.
Entry "HKCR\X10net.XButton.1" refers to invalid object "{001000AF-2DEF-0105-10B6-DC5BA692C858}". Action Taken: No Action Taken.
Entry "HKCR\Xanthe.XantheQuickTimePlayer" refers to invalid object "{1CB749C0-81EC-484E-B82C-ADD141FC6415}". Action Taken: No Action Taken.
Entry "HKCR\Xanthe.XantheQuickTimePlayer.1" refers to invalid object "{1CB749C0-81EC-484E-B82C-ADD141FC6415}". Action Taken: No Action Taken.
Entry "HKCR\YGPPicInfo.IImageInfo" refers to invalid object "{AD41621C-A2DD-487D-A24B-8BE40116A5A3}". Action Taken: No Action Taken.
Entry "HKCR\YGPPicInfo.IImageInfo.1" refers to invalid object "{AD41621C-A2DD-487D-A24B-8BE40116A5A3}". Action Taken: No Action Taken.
Entry "HKCR\YGPPicInfo.PictureInfo" refers to invalid object "{943742F6-3A40-43FF-97F4-A1750D97B200}". Action Taken: No Action Taken.
Entry "HKCR\YGPPicInfo.PictureInfo.1" refers to invalid object "{943742F6-3A40-43FF-97F4-A1750D97B200}". Action Taken: No Action Taken.
Entry "HKCR\YGPPicInfo.PictureInfos" refers to invalid object "{84CBABC2-D3BE-4EEF-8394-121FAC215CEF}". Action Taken: No Action Taken.
Entry "HKCR\YGPPicInfo.PictureInfos.1" refers to invalid object "{84CBABC2-D3BE-4EEF-8394-121FAC215CEF}". Action Taken: No Action Taken.
Datei C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\this acid exit bolt\grey else.exe infiziert von "Trojan-Downloader.Win32.Swizzor.ds" Virus. Aktion vorgenommen: No Action Taken.
Datei C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\1 copy book\kyulliwo.exe infiziert von "Trojan-Downloader.Win32.Swizzor.ds" Virus. Aktion vorgenommen: No Action Taken.
Datei C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\1 copy book\phonemanageruser.exe infiziert von "Trojan-Downloader.Win32.Swizzor.cb" Virus. Aktion vorgenommen: No Action Taken.
Datei C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Software bias ping\Clock bike.exe infiziert von "Trojan-Downloader.Win32.Swizzor.bo" Virus. Aktion vorgenommen: No Action Taken.
Datei C:\Dokumente und Einstellungen\Kunde\Desktop\backups\backup-20050830-230853-992.dll infiziert von "Trojan-Downloader.Win32.Swizzor.bo" Virus. Aktion vorgenommen: No Action Taken.
File C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\DOWNLOADS\CD Cover\CD Box Labeler Pro_s151.zip tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\Eigene Bilder\Bilder---Sonstiges\Local Narcotix-Cover\LN\cdboxlabelerpro.zip tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken.
Datei C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\netpumper-1.24-setup.exe infiziert von "Trojan-Downloader.Win32.Swizzor.do" Virus. Aktion vorgenommen: No Action Taken.
Datei C:\Programme\AVPersonal\INFECTED\BendPoke.VIR infiziert von "Trojan-Downloader.Win32.Swizzor.co" Virus. Aktion vorgenommen: No Action Taken.

#37 Hallo@Jannus

schau noch mal das log vom escan durch (die registryeintraege interessieren nicht so sehr, mehr, was " infiziert von" ist.
das musst du loeschen

Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren
+
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren

deinstalliere: netpumper

loesche im abgesicherten modus :+ alle Unterordner:

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\this acid exit bolt
C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\1 copy book
C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Software bias ping

C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\DOWNLOADS\CD Cover\CD Box Labeler Pro_s151.zip

C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\Eigene Bilder\Bilder---Sonstiges\Local Narcotix-Cover\LN\cdboxlabelerpro.zip

C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\netpumper-1.24-setup.exe

CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html

wenn das erledigt ist:

Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein:


dir %Windir%\tasks /a h > files.txt
notepad files.txt


- Speichern als: findjobs.bat
- abspeichern unter : Dateityp: alle Dateien
- speichere auf dem Desktop
- Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text
__________
MfG Sabina

rund um die PC-Sicherheit

#38 Hi Sabina!

Bin deinen Anweisungen gefolgt. eScan LogFile kann ich aus den genannten Gründen leider nicht erstellen, dafür hier der text aus der findjobs.bat im abgesicherten Modus:

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: E017-21B3

Verzeichnis von C:\WINDOWS\tasks

29.08.2005 22:06 <DIR> .
29.08.2005 22:06 <DIR> ..
31.08.2005 22:00 268 AA81236D9186DDD1.job
29.08.2002 14:00 65 desktop.ini
01.09.2005 17:27 6 SA.DAT
3 Datei(en) 339 Bytes

Verzeichnis von C:\Dokumente und Einstellungen\Administrator\Desktop

Grüße und ich hoffe das es weiterhilft!

#39 Hallo@Jannus

Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein:

%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h AA81236D9186DDD1.job
del AA81236D9186DDD1.job


- Speichern als: remjob.bat
- abspeichern unter : Dateityp: alle Dateien
- speichere auf dem Desktop
- Locate remjob.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich kurz ist normal

Poste nochmals findjobs.bat
__________
MfG Sabina

rund um die PC-Sicherheit

#40 Hallo! Hier der Text aus der Datei:

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: E017-21B3

Verzeichnis von C:\WINDOWS\tasks

01.09.2005 18:23 <DIR> .
01.09.2005 18:23 <DIR> ..
29.08.2002 14:00 65 desktop.ini
01.09.2005 17:42 6 SA.DAT
2 Datei(en) 71 Bytes

Verzeichnis von C:\Dokumente und Einstellungen\Kunde\Desktop

#41 Hallo Jannus

bitte abarbeiten + alle Pfade mitposten
http://virus-protect.org/datfindbat.html

#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein
+
das neue Log vom HijackTHis
__________
MfG Sabina

rund um die PC-Sicherheit

#42 Hallo! Ok, hier die ca. 20 Tage!

Erstens:
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: E017-21B3

Verzeichnis von C:\WINDOWS\system32

01.09.2005 19:40 890 vsconfig.xml
29.08.2005 22:10 4.212 zllictbl.dat
29.08.2005 21:43 100 LuResult.txt
29.08.2005 08:00 396.750 perfh009.dat
29.08.2005 08:00 60.274 perfc009.dat
29.08.2005 08:00 71.212 perfc007.dat
29.08.2005 08:00 407.668 perfh007.dat
29.08.2005 08:00 947.618 PerfStringBackup.INI
28.08.2005 22:10 1.158 wpa.dbl
05.08.2005 03:31 1.457.496 MRT.exe
29.07.2005 20:49 840.920 FNTCACHE.DAT
20.07.2005 04:04 3.012.096 mshtml.dll
08.07.2005 18:28 76.800 remotesp.tsp
08.07.2005 18:28 249.344 tapisrv.dll
03.07.2005 04:15 664.064 wininet.dll
03.07.2005 04:15 1.484.288 shdocvw.dll
03.07.2005 04:15 605.696 urlmon.dll
03.07.2005 04:15 474.112 shlwapi.dll
03.07.2005 04:15 39.424 pngfilt.dll
03.07.2005 04:15 146.432 msrating.dll
03.07.2005 04:15 448.512 mshtmled.dll
03.07.2005 04:15 251.392 iepeers.dll
03.07.2005 04:15 96.768 inseng.dll
03.07.2005 04:15 1.019.904 browseui.dll
03.07.2005 04:15 152.064 cdfview.dll
01.07.2005 15:47 4.754 qtplugin.log
30.06.2005 04:05 119.296 umpnpmgr.dll
29.06.2005 03:49 254.976 icm32.dll
29.06.2005 03:49 74.240 mscms.dll
20.06.2005 12:44 16.832 amcompat.tlb
20.06.2005 12:44 23.392 nscompat.tlb
15.06.2005 19:49 295.936 kerberos.dll
13.06.2005 19:05 42.982 PDDSLADP.DLL
13.06.2005 19:05 9.728 rnaph.dll
11.06.2005 01:53 57.856 spoolsv.exe
03.06.2005 05:44 67.336 zlcommdb.dll
03.06.2005 05:44 75.528 zlcomm.dll
03.06.2005 05:43 100.096 vsxml.dll
03.06.2005 05:43 354.056 vsutil.dll
03.06.2005 05:43 71.432 vsregexp.dll
03.06.2005 05:43 198.408 vspubapi.dll
03.06.2005 05:43 108.296 vsmonapi.dll
03.06.2005 05:43 124.680 vsinit.dll
03.06.2005 05:42 279.656 vsdatant.sys
03.06.2005 05:42 75.528 vsdata.dll
03.06.2005 05:16 50.864 vsutil_loc0407.dll
27.05.2005 15:13 4.970 nmwcdlog.dll
27.05.2005 15:13 53.050 nmwcdcls.dll
27.05.2005 04:04 41.472 hhsetup.dll
27.05.2005 04:04 137.216 itss.dll
27.05.2005 04:04 546.304 hhctrl.ocx
27.05.2005 04:04 155.136 itircl.dll
26.05.2005 04:16 173.536 wuweb.dll
26.05.2005 04:16 1.343.768 wuaueng.dll
26.05.2005 04:16 41.240 wups.dll
26.05.2005 04:16 18.200 wups2.dll
26.05.2005 04:16 75.544 cdm.dll
26.05.2005 04:16 198.424 iuengine.dll
26.05.2005 04:16 466.200 wuapi.dll
26.05.2005 04:16 124.696 wuauclt.exe
26.05.2005 04:16 194.840 wuaueng1.dll
26.05.2005 04:16 174.872 wuaucpl.cpl
26.05.2005 04:16 128.280 wucltui.dll
26.05.2005 04:16 174.872 wuauclt1.exe
17.05.2005 02:42 17.408 xpsp3res.dll
11.05.2005 04:30 78.336 telnet.exe
04.05.2005 14:45 2.890.240 msi.dll

Zweitens:

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: E017-21B3

Verzeichnis von C:\DOKUME~1\Kunde\LOKALE~1\Temp

01.09.2005 19:39 16.384 ~DFC9FF.tmp
01.09.2005 18:34 16.384 ~DFBBF7.tmp
01.09.2005 17:42 16.384 ~DFBD6F.tmp
01.09.2005 17:16 16.384 ~DFCB7A.tmp
01.09.2005 08:26 16.384 ~DFC650.tmp
01.09.2005 08:08 16.384 ~DFB605.tmp
31.08.2005 18:58 16.384 ~DFC9BA.tmp
31.08.2005 17:52 5.762 MWAV.LOG
31.08.2005 17:28 44.809.594 clipboardcache
31.08.2005 17:26 2.127 mwXface.log
31.08.2005 17:24 16.384 ~DFC2A5.tmp
31.08.2005 08:12 16.384 ~DFD986.tmp
31.08.2005 00:01 81.920 ~DF6423.tmp
30.08.2005 23:58 16.384 ~DFC39E.tmp
24.08.2005 13:01 32.710 daily.avc
24.08.2005 13:01 18.372 worm006.avc
24.08.2005 13:01 11.402 avp.klb
24.08.2005 13:01 11.869 daily-ex.avc


Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: E017-21B3

Verzeichnis von C:\WINDOWS

01.09.2005 19:55 1.125 winamp.ini
01.09.2005 19:40 0 0.log
01.09.2005 19:39 159 wiadebug.log
01.09.2005 19:39 50 wiaservc.log
01.09.2005 19:39 2.048 bootstat.dat
01.09.2005 19:15 1.304 SchedLgU.Txt
01.09.2005 19:15 1.800 WindowsUpdate.log
01.09.2005 18:33 787 win.ini
01.09.2005 18:33 289 system.ini
01.09.2005 17:42 0 Sti_Trace.log
21.08.2005 23:52 1.049.920 setupapi.log.0.old
17.08.2005 17:29 2.446 wininit.ini
17.08.2005 17:28 283 awprotoc.txt
17.08.2005 17:28 61 awerror.txt
30.07.2005 17:05 265 nokiaimageconverter.INI
30.07.2005 13:37 0 nokiacontentcopier.INI
22.07.2005 12:18 24.037 cdplayer.ini
07.07.2005 12:09 2.518 my.ini
07.07.2005 10:11 3.854 ModemLog_Nokia 6230 USB.txt
06.07.2005 14:30 99.970 UninstallFirefox.exe
06.07.2005 14:22 5.448 mozver.dat
03.07.2005 22:38 720.896 iun6002.exe
03.07.2005 22:05 549 eReg.dat
18.06.2005 14:35 316.640 WMSysPr9.prx

#43 #neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein
+
das neue Log vom HijackTHis
__________
MfG Sabina

rund um die PC-Sicherheit

#44 Wenn ich die Webeinstellungen wie beschrieben zurücksetzen will, dann erhalte ich die Fehlermeldung "Die Webeinstellungen konnten nicht zurückgesetzt werden". Komisch. Funktioniert auf jeden Fall nicht. Hier die HighjackThis-LogFile:

Logfile of HijackThis v1.99.1
Scan saved at 21:00:42, on 01.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\tppaldr.exe
C:\Programme\ICQLite\ICQLite.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Pinnacle\MediaCenter\Remote\Remoterm.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programme\Sitecom\Sitecom WLAN\WLANUTL.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Kunde\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msn.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2FD43A23-F189-BD71-B3C2-8D2AF302B5C8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PMCRemote] C:\Programme\Pinnacle\MediaCenter\Remote\Remoterm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Verknüpfung mit Erinnerungen.lnk = C:\Dokumente und Einstellungen\Kunde\Desktop\Erinnerungen.txt
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Sitecom WLAN Client Utility.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0D481E1F-8C04-4E38-AEF2-3B280A6BFCFE} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0D481E1F-8C04-4E38-AEF2-3B280A6BFCFE} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O15 - Trusted Zone: www.chip.de
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} -
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing)

#45 Hallo@Jannus

fixe mit dem hijackThis:

O2 - BHO: (no name) - {2FD43A23-F189-BD71-B3C2-8D2AF302B5C8} - (no file)
O2 - BHO: (no name) - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} -
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0D481E1F-8C04-4E38-AEF2-3B280A6BFCFE} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0D481E1F-8C04-4E38-AEF2-3B280A6BFCFE} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)

und ansonsten: Alles Gute fuer dich + PC
Das mit den Webeinstellungen zuruecksetzen, ...warum es nicht funktioniert, ist mir ebenfalls schleierhaft....Vielleicht, weil der Firefox der Standartbrowser ist ????
__________
MfG Sabina

rund um die PC-Sicherheit