Home » Spyware & Browser Hijacker Support Forum » PC träge und blockiert. 2mal IEXPLORE im Taskmanager » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

PC träge und blockiert. 2mal IEXPLORE im Taskmanager

06.09.2005, 16:13

wolf210245

Member

Beiträge: 25

#1 Wahrscheinlich etwas eingefangen. Im Taskmanager erscheint 2mal IEXPLORE. Beim Löschen eines der beiden wird sofort wieder (wahrscheinlich durch das andere) ein neues IEXPLORE gestartet. Spybot, Spyblaster und McAfee haben nicht geholfen. Suche Unterstützung bei der Lösung des Problems. Bin nicht so fit in solchen Sachen, habe aber trotzdem ein HijackThis Logfile zusammengekreigt.

Logfile of HijackThis v1.99.1
Scan saved at 15:15:17, on 6/09/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\Windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\PROGRAM FILES\TELENET EASYCARE\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\SYMANTEC\WINFAX\WFXCTL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\TELENET EASYCARE\BIN\MPBTN.EXE
C:\PROGRAM FILES\SYMANTEC\WINFAX\WFXMOD32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yucom.be/NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {96A498D2-497C-95AA-0774-F337162AECCC} - C:\WINDOWS\APPLICATION DATA\EACH MIX\BIND CAKE.EXE
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\Windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\Windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [deaf spam corn first] C:\WINDOWS\All Users\Application Data\Pingcreativedeafspam\1 bike.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\Windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [blahrdr] C:\WINDOWS\APPLIC~1\AXIS1C~1\bits time.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yucom.be/NL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://www.telenet.be/sites/epgweb/setup.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

Im vorhinein Danke für die Hilfe.

06.09.2005, 17:20

raman

Moderator

Beiträge: 7805

#2 Nutze bitte folgenden Cleaner, um den newdotnet loszuwerden:
http://www.newdotnet.com/removal.html

Danach aktualisiere dein Spybot (Du nutzt version 1.4?) und auch Adaware(1.06)

Da sieht mir nach eine Lop Variante aus:
O2 - BHO: (no name) - {96A498D2-497C-95AA-0774-F337162AECCC} - C:\WINDOWS\APPLICATION DATA\EACH MIX\BIND CAKE.EXE
O4 - HKLM\..\Run: [deaf spam corn first] C:\WINDOWS\All Users\Application Data\Pingcreativedeafspam\1 bike.exe
O4 - HKCU\..\Run: [blahrdr] C:\WINDOWS\APPLIC~1\AXIS1C~1\bits time.exe

Du kannst es fixen, aber ich hofe eigntlich das Spybot oder Adaware das problem fuer dich loeschen koennen.

Poste nach der ganz aktion bitte ein neues aktuelles Hijackthis log.[/b]
__________
MfG Ralf
SEO-Spam Hunter

06.09.2005, 21:49

wolf210245

Member

Themenstarter

Beiträge: 25

#3 Danke Raman,
Habe erst newdotnet entfernt (mit einiger Mühe) und dann erst mit Spybot 1.4 upgedated gescannt: nichts gefunden. Dann mit adaware 1.6, der fand einiges, das habe ich gelöscht. Es war jedoch nicht einfach soweit zu gelangen. Das system ist nämlich sehr instabil und hängt regelmässig, dann bleibt nur rebooten. Deshalb hats etwas gedauert. Insgesamt hat sich also nicht viel geändert: es laufen immer noch 2 (falsche) processe IEXPLORE die mir regelmässig Popups usw. besorgen. Hier nochmal ein Logfile.

Logfile of HijackThis v1.99.1
Scan saved at 21:40:15, on 6/09/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\Windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TELENET EASYCARE\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SYMANTEC\WINFAX\WFXCTL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\TELENET EASYCARE\BIN\MPBTN.EXE
C:\PROGRAM FILES\SYMANTEC\WINFAX\WFXMOD32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yucom.be/NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {96A498D2-497C-95AA-0774-F337162AECCC} - C:\WINDOWS\APPLICATION DATA\EACH MIX\BIND CAKE.EXE
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\Windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\Windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [deaf spam corn first] C:\WINDOWS\All Users\Application Data\Pingcreativedeafspam\1 bike.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\Windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [blahrdr] C:\WINDOWS\APPLIC~1\AXIS1C~1\bits time.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yucom.be/NL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://www.telenet.be/sites/epgweb/setup.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

Hoffentlich könnt ihr mir weiterhelfen.

Vielen Dank

06.09.2005, 22:04

raman

Moderator

Beiträge: 7805

#4 Okay, starte den Rechner bitte im abgesicherten Mous und fixe das:

1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yucom.be/NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {96A498D2-497C-95AA-0774-F337162AECCC} - C:\WINDOWS\APPLICATION DATA\EACH MIX\BIND CAKE.EXE
O4 - HKLM\..\Run: [deaf spam corn first] C:\WINDOWS\All Users\Application Data\Pingcreativedeafspam\1 bike.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\RunServices: [KB891711] C:\Windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [blahrdr] C:\WINDOWS\APPLIC~1\AXIS1C~1\bits time.exe

dann bitte folgende Dateien und Ordner loeschen:

C:\WINDOWS\APPLIC~1\AXIS1C~1
C:\PROGRA~1\NEWDOT~1\
C:\WINDOWS\All Users\Application Data\Pingcreativedeafspam
C:\WINDOWS\APPLICATION DATA\EACH MIX

und neu starten Eine ueberpruefung mit Escan http://virus-protect.org/escan.html kann nicht schaden. Poste danach bitte ein neues Hijackthis log und das wa escancheck unter "infected" und "tagged as" anzeigt. Denke bitte daran, das Escancheck derzeit nur englischsprachige Escan logs auswerten kann.
__________
MfG Ralf
SEO-Spam Hunter

07.09.2005, 01:26

wolf210245

Member

Themenstarter

Beiträge: 25

#5 Hallo Raman,

Habe alles ausgeführt wie vorgegeben, ausser dass die dateien C:\WINDOWS\APPLIC~1\AXIS1C~1
C:\PROGRA~1\NEWDOT~1\
nicht unter diesen namen zu finden sind. Die gleichen Dateien mit dem kopletten namen (ohne tilde) habe ich jedoch schon gelöscht.

Das neue Hijackthis-Logfile gibt folgendes:

Logfile of HijackThis v1.99.1
Scan saved at 1:21:24, on 7/09/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\PROGRAM FILES\TELENET EASYCARE\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\SYMANTEC\WINFAX\WFXCTL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE
C:\PROGRAM FILES\TELENET EASYCARE\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\SYMANTEC\WINFAX\WFXMOD32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {96A498D2-497C-95AA-0774-F337162AECCC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\Windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\Windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yucom.be/NL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://www.telenet.be/sites/epgweb/setup.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

Der escan gibt folgendes:

--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Wed Sep 07 00:34:55 2005 => Offending file found: C:\WINDOWS\TEMP\insthelp.dll
2: Wed Sep 07 00:34:55 2005 => System found infected with RedV Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.
3: Wed Sep 07 00:35:07 2005 => Offending file found: C:\WINDOWS\STARTM~1\PROGRA~1\OPSTAR~1\controller.lnk
4: Wed Sep 07 00:35:07 2005 => System found infected with ABetterInternet Spyware/Adware (controller.lnk)! Action taken: No Action Taken.
5: Wed Sep 07 00:40:12 2005 => File C:\WINDOWS\TEMP\bemnoquf.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.
6: Wed Sep 07 00:40:13 2005 => File C:\WINDOWS\TEMP\167cd4d8.exe infected by "Trojan-Downloader.Win32.Swizzor.dr" Virus! Action Taken: No Action Taken.
7: Wed Sep 07 00:40:13 2005 => File C:\WINDOWS\TEMP\162eceac.exe infected by "Trojan-Downloader.Win32.Swizzor.dr" Virus! Action Taken: No Action Taken.
8: Wed Sep 07 00:40:13 2005 => File C:\WINDOWS\TEMP\165ead7a.exe infected by "Trojan-Downloader.Win32.Swizzor.dr" Virus! Action Taken: No Action Taken.
9: Wed Sep 07 00:40:14 2005 => File C:\WINDOWS\TEMP\etlhjbmm.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.
10: Wed Sep 07 00:40:14 2005 => File C:\WINDOWS\TEMP\rjltrogp.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.
11: Wed Sep 07 00:40:15 2005 => File C:\WINDOWS\TEMP\nhvdfzve.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.
12: Wed Sep 07 00:40:16 2005 => File C:\WINDOWS\TEMP\oailscqc.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.
13: Wed Sep 07 00:40:16 2005 => File C:\WINDOWS\TEMP\faxmkpfg.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.
14: Wed Sep 07 00:40:17 2005 => File C:\WINDOWS\TEMP\wukrzuly.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.
15: Wed Sep 07 00:40:17 2005 => File C:\WINDOWS\TEMP\lpitpkpk.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.
16: Wed Sep 07 00:40:18 2005 => File C:\WINDOWS\TEMP\ugjgthtr.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Wed Sep 07 00:38:00 2005 => File C:\WINDOWS\NDNuninstall4_34.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
2: Wed Sep 07 00:38:01 2005 => File C:\WINDOWS\NDNuninstall4_80.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
3: Wed Sep 07 00:38:01 2005 => File C:\WINDOWS\NDNuninstall4_88.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
4: Wed Sep 07 00:38:01 2005 => File C:\WINDOWS\NDNuninstall4_94.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
5: Wed Sep 07 00:38:01 2005 => File C:\WINDOWS\NDNuninstall5_40.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
6: Wed Sep 07 00:38:01 2005 => File C:\WINDOWS\NDNuninstall5_48-1.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
7: Wed Sep 07 00:38:05 2005 => File C:\WINDOWS\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\GDIFONT3.HDI". Action Taken: No Action Taken.
2: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\table30.exe" refers to invalid object "". Action Taken: No Action Taken.
3: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MsoHtmEd.exe" refers to invalid object "". Action Taken: No Action Taken.
4: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\C-ZAM PC Driver" refers to invalid object "". Action Taken: No Action Taken.
5: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\banxafe Wallet" refers to invalid object "". Action Taken: No Action Taken.
6: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\msworld6.exe" refers to invalid object "". Action Taken: No Action Taken.
7: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\PSUITE.EXE" refers to invalid object "C:\Program Files\MGI\PhotoSuite 8.1". Action Taken: No Action Taken.
8: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MotiveSB.exe" refers to invalid object "C:\PROGRA~1\TELENE~1\SMARTB~1". Action Taken: No Action Taken.
9: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SmartBridge.exe" refers to invalid object "C:\PROGRA~1\TELENE~1\SMARTB~1". Action Taken: No Action Taken.
10: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\PowerQuest\PartitionMagic 8.0\DOCS\". Action Taken: No Action Taken.
11: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\PowerQuest\PartitionMagic 8.0\". Action Taken: No Action Taken.
12: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\PowerQuest\". Action Taken: No Action Taken.
13: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\". Action Taken: No Action Taken.
14: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\". Action Taken: No Action Taken.
15: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\". Action Taken: No Action Taken.
16: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\PowerQuest\PartitionMagic 8.0\VFD\". Action Taken: No Action Taken.
17: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\PowerQuest\PartitionMagic 8.0\VFDSETUP\". Action Taken: No Action Taken.
18: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\Start Menu\Programma's\Bureau-accessoires\PartitionMagic 8.0 Tools\". Action Taken: No Action Taken.
19: Wed Sep 07 00:35:26 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\Start Menu\Programma's\Bureau-accessoires\PartitionMagic 8.0 Documentation\". Action Taken: No Action Taken.
20: Wed Sep 07 00:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpg". Action Taken: No Action Taken.
21: Wed Sep 07 00:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dat". Action Taken: No Action Taken.
22: Wed Sep 07 00:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DIR". Action Taken: No Action Taken.
23: Wed Sep 07 00:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dwg". Action Taken: No Action Taken.
24: Wed Sep 07 00:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cnt". Action Taken: No Action Taken.
25: Wed Sep 07 00:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".GID". Action Taken: No Action Taken.
26: Wed Sep 07 00:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LEX". Action Taken: No Action Taken.
27: Wed Sep 07 00:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/pub/ASUSCOM/BIOS/BIOS_FLASH_UTILS/DOS/". Action Taken: No Action Taken.
28: Wed Sep 07 00:35:27 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".torrent". Action Taken: No Action Taken.
29: Wed Sep 07 00:35:29 2005 => Entry "HKCR\CLSID\{BB7DF450-F119-11CD-8465-00AA00425D90}" refers to invalid object "C:\Program Files\Microsoft Office\Office\". Action Taken: No Action Taken.
30: Wed Sep 07 00:35:31 2005 => Entry "HKCR\TypeLib\{E3723B86-AED0-11D1-A61E-00805F4905DE}" refers to invalid object "??????????????????????Bm?m??". Action Taken: No Action Taken.
31: Wed Sep 07 00:35:31 2005 => Entry "HKCR\TypeLib\{4028F6C6-98B5-11CF-BB82-00AA00BDCE0B}" refers to invalid object "C:\PROGRAM FILES\MSN\MSNCOREFILES\MSNSPELL.DLL". Action Taken: No Action Taken.
32: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{5C5D478A-085F-4C8C-9B60-825BB9F463E2}" refers to invalid object "C:\PROGRAM FILES\REAL\REALARCADE\IEGCPLUG.DLL". Action Taken: No Action Taken.
33: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{00CEDBF1-864D-11D3-908D-00C0F03B3EDC}" refers to invalid object "C:\PROGRAM FILES\REAL\REALJUKEBOX\IERJPLUG.DLL". Action Taken: No Action Taken.
34: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{622ED7A6-EF6E-11D2-8062-0060B0C3FE0A}" refers to invalid object "C:\Program Files\AutoCAD LT 2002\AcHelpDisplay.dll". Action Taken: No Action Taken.
35: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{2ff280b0-fbf2-11d2-8056-0080c703929c}" refers to invalid object "C:\PROGRAM FILES\AUTOCAD LT 2002\AXAUTO15.TLB". Action Taken: No Action Taken.
36: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{4D3263E1-CAB7-11d2-802A-0080C703929C}" refers to invalid object "C:\Program Files\AutoCAD LT 2002\aclt.tlb". Action Taken: No Action Taken.
37: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{F281A597-7B65-11D3-8617-0010830243BD}" refers to invalid object "C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACPREVIEW.OCX". Action Taken: No Action Taken.
38: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{78AF2F21-A9C3-11D3-BF8C-0060B0FCC122}" refers to invalid object "C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACDCTODAY.OCX". Action Taken: No Action Taken.
39: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{23E164FF-C7FE-4712-9973-4FE9AADA149F}" refers to invalid object "C:\PROGRAM FILES\AUTOCAD LT 2002\ACDIMDYNPROP.ARX". Action Taken: No Action Taken.
40: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{527A3370-71F1-443A-AAD2-C6CF63AF7706}" refers to invalid object "C:\WINDOWS\DOWNLOADED PROGRAM FILES\IMLOADER.EXE". Action Taken: No Action Taken.
41: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{B5534636-E461-11D3-BBB2-0050DA276194}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMANIM.DLL". Action Taken: No Action Taken.
42: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{BFCA32B2-E917-11D3-B720-005004C0C6BA}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMBOOK.DLL". Action Taken: No Action Taken.
43: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{1D8A5091-B869-11D3-BB7F-0050DA276194}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMFOLDRS.DLL". Action Taken: No Action Taken.
44: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{EC8717A6-F660-11D3-ADE2-0050DA744DF1}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMIMPRT.DLL". Action Taken: No Action Taken.
45: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{CB073674-BD1F-11D3-BB90-0050DA276194}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMMANGR.DLL". Action Taken: No Action Taken.
46: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{72E0FA03-C103-11D3-BB95-0050DA276194}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMNOTFY.DLL". Action Taken: No Action Taken.
47: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{07A52AE8-B6F0-11D3-BB7E-0050DA276194}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMPARSER.DLL". Action Taken: No Action Taken.
48: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{64C3E4A6-E463-11D3-857A-005004BE235E}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSERV.DLL". Action Taken: No Action Taken.
49: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{03203896-B655-11D3-BB7D-0050DA276194}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSPOOL.DLL". Action Taken: No Action Taken.
50: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{6D293D13-C375-11D3-BB98-0050DA276194}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSUPP.DLL". Action Taken: No Action Taken.
51: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{7E58CC01-BC50-11D3-855B-0050DA2761C4}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMVIEW.DLL". Action Taken: No Action Taken.
52: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{0B9A0841-1EC3-11D5-B75C-005004C0C6BA}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMFEAT.DLL". Action Taken: No Action Taken.
53: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{0B9A0833-1EC3-11D5-B75C-005004C0C6BA}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMTOOLS.DLL". Action Taken: No Action Taken.
54: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{F8984103-38B6-11D5-8725-0050DA2761C4}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSHEXT.DLL". Action Taken: No Action Taken.
55: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{1FE3C1B4-89E9-4991-AD47-FBA01E92EFAF}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMCOMUTL.DLL". Action Taken: No Action Taken.
56: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{85C5139A-BEDD-4BCF-B7F2-7A4A54EB8D0B}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE". Action Taken: No Action Taken.
57: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{60BE6CEF-036C-4440-9847-7A32006DCF4B}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\IMNOTFY.EXE". Action Taken: No Action Taken.
58: Wed Sep 07 00:35:32 2005 => Entry "HKCR\TypeLib\{00E677A7-A7A5-4819-9580-1681BE30E28E}" refers to invalid object "C:\PROGRAM FILES\INCREDIMAIL\BIN\INCMAIL.EXE". Action Taken: No Action Taken.
59: Wed Sep 07 00:35:33 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
60: Wed Sep 07 00:35:33 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
61: Wed Sep 07 00:35:34 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
62: Wed Sep 07 00:35:34 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
63: Wed Sep 07 00:35:34 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
64: Wed Sep 07 00:35:34 2005 => Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.
65: Wed Sep 07 00:35:35 2005 => Entry "HKCR\tel\shell\open\command" refers to invalid object ""C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" "%1"". Action Taken: No Action Taken.
66: Wed Sep 07 00:35:35 2005 => Entry "HKCR\WMDMPDAExplorer.WMDMPDAExplorer.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
67: Wed Sep 07 00:35:35 2005 => Entry "HKCR\WMDMPDAExplorer.WMDMPDAExplorer" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
68: Wed Sep 07 00:35:35 2005 => Entry "HKCR\Automap.Map.EU.8" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
69: Wed Sep 07 00:35:35 2005 => Entry "HKCR\Automap.Map.EU" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
70: Wed Sep 07 00:35:35 2005 => Entry "HKCR\Automap.Template.EU.8" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
71: Wed Sep 07 00:35:35 2005 => Entry "HKCR\.JPG" refers to invalid object "jpgfile". Action Taken: No Action Taken.
72: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AutoCAD.Drawing" refers to invalid object "{5E4405B0-5374-11CE-8E71-0020AF04B1D7}". Action Taken: No Action Taken.
73: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcHelpDisplay.BrowserHelp" refers to invalid object "{622ED7B3-EF6E-11D2-8062-0060B0C3FE0A}". Action Taken: No Action Taken.
74: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcHelpDisplay.BrowserHelp.1" refers to invalid object "{622ED7B3-EF6E-11D2-8062-0060B0C3FE0A}". Action Taken: No Action Taken.
75: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDcSymbols.AcDcSymbols" refers to invalid object "{016b03e0-d331-11d2-8037-0080c703929c}". Action Taken: No Action Taken.
76: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDcLayouts.AcDcLayouts" refers to invalid object "{0f62b6a0-d331-11d2-8037-0080c703929c}". Action Taken: No Action Taken.
77: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDcLayouts.AcDcLayouts.1" refers to invalid object "{0f62b6a0-d331-11d2-8037-0080c703929c}". Action Taken: No Action Taken.
78: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDcLtype.AcDcLtype" refers to invalid object "{251236d0-d331-11d2-8037-0080c703929c}". Action Taken: No Action Taken.
79: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDcLtype.AcDcLtype.1" refers to invalid object "{251236d0-d331-11d2-8037-0080c703929c}". Action Taken: No Action Taken.
80: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDcXrefs.AcDcXrefs" refers to invalid object "{39548130-d331-11d2-8037-0080c703929c}". Action Taken: No Action Taken.
81: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDcXrefs.AcDcXrefs.1" refers to invalid object "{39548130-d331-11d2-8037-0080c703929c}". Action Taken: No Action Taken.
82: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDcTextStyles.AcDcTextStyles" refers to invalid object "{3ebe7840-d331-11d2-8037-0080c703929c}". Action Taken: No Action Taken.
83: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDcTextStyles.AcDcTextStyles.1" refers to invalid object "{3ebe7840-d331-11d2-8037-0080c703929c}". Action Taken: No Action Taken.
84: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDcDimstyles.AcDcDimstyles" refers to invalid object "{46ffcc90-d331-11d2-8037-0080c703929c}". Action Taken: No Action Taken.
85: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDcDimstyles.AcDcDimstyles.1" refers to invalid object "{46ffcc90-d331-11d2-8037-0080c703929c}". Action Taken: No Action Taken.
86: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDcHatch.AcDcHatch" refers to invalid object "{4bbd1770-d331-11d2-8037-0080c703929c}". Action Taken: No Action Taken.
87: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDcHatch.AcDcHatch.1" refers to invalid object "{4bbd1770-d331-11d2-8037-0080c703929c}". Action Taken: No Action Taken.
88: Wed Sep 07 00:35:36 2005 => Entry "HKCR\ACPREVIEW.AcPreviewCtrl.1" refers to invalid object "{F281A59C-7B65-11D3-8617-0010830243BD}". Action Taken: No Action Taken.
89: Wed Sep 07 00:35:36 2005 => Entry "HKCR\ACDCTODAY.AcDcTodayCtrl.1" refers to invalid object "{78AF2F24-A9C3-11D3-BF8C-0060B0FCC122}". Action Taken: No Action Taken.
90: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDimDynProp.AssocLeader.1" refers to invalid object "{6A7065BC-9BD4-4080-BA7D-B8C3B3F21371}". Action Taken: No Action Taken.
91: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDimDynProp.AssocLeader" refers to invalid object "{6A7065BC-9BD4-4080-BA7D-B8C3B3F21371}". Action Taken: No Action Taken.
92: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDimDynProp.AssocDimension.1" refers to invalid object "{4643A0DC-ACD8-496C-B1CC-B42AE4B59940}". Action Taken: No Action Taken.
93: Wed Sep 07 00:35:36 2005 => Entry "HKCR\AcDimDynProp.AssocDimension" refers to invalid object "{4643A0DC-ACD8-496C-B1CC-B42AE4B59940}". Action Taken: No Action Taken.
94: Wed Sep 07 00:35:36 2005 => Entry "HKCR\Photoshop.Application.4" refers to invalid object "{6DECC242-87EF-11cf-86B4-444553540000} ". Action Taken: No Action Taken.
95: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediContent\shell\open\command" refers to invalid object "C:\PROGRA~1\INCRED~1\bin\ImpCnt.exe /tmp /locate /depend "%1"". Action Taken: No Action Taken.
96: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediMessage\shell\open\command" refers to invalid object "C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c "%1"". Action Taken: No Action Taken.
97: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediAnimation.AnimationPlayer.1" refers to invalid object "{B5534644-E461-11D3-BBB2-0050DA276194}". Action Taken: No Action Taken.
98: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediAnimation.AnimationPlayer" refers to invalid object "{B5534644-E461-11D3-BBB2-0050DA276194}". Action Taken: No Action Taken.
99: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediBook.AddressBook.1" refers to invalid object "{BFCA32C0-E917-11D3-B720-005004C0C6BA}". Action Taken: No Action Taken.
100: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediBook.AddressBook" refers to invalid object "{BFCA32C0-E917-11D3-B720-005004C0C6BA}". Action Taken: No Action Taken.
101: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediBook.Contact.1" refers to invalid object "{BFCA32C2-E917-11D3-B720-005004C0C6BA}". Action Taken: No Action Taken.
102: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediBook.Contact" refers to invalid object "{BFCA32C2-E917-11D3-B720-005004C0C6BA}". Action Taken: No Action Taken.
103: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediBook.Group.1" refers to invalid object "{BFCA32C4-E917-11D3-B720-005004C0C6BA}". Action Taken: No Action Taken.
104: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediBook.Group" refers to invalid object "{BFCA32C4-E917-11D3-B720-005004C0C6BA}". Action Taken: No Action Taken.
105: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediFolders.MessageStore.1" refers to invalid object "{17A434C2-B48F-11D3-BB78-0050DA276194}". Action Taken: No Action Taken.
106: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediFolders.MessageStore" refers to invalid object "{17A434C2-B48F-11D3-BB78-0050DA276194}". Action Taken: No Action Taken.
107: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediFolders.Container.1" refers to invalid object "{072809C8-B60E-11D3-BB7C-0050DA276194}". Action Taken: No Action Taken.
108: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediFolders.Container" refers to invalid object "{072809C8-B60E-11D3-BB7C-0050DA276194}". Action Taken: No Action Taken.
109: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediFolders.MessageFinder.1" refers to invalid object "{09C1B8B7-C70C-43F5-9277-8576921ED70C}". Action Taken: No Action Taken.
110: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediFolders.MessageFinder" refers to invalid object "{09C1B8B7-C70C-43F5-9277-8576921ED70C}". Action Taken: No Action Taken.
111: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediImport.NetscapeImporter.1" refers to invalid object "{EC8717B4-F660-11D3-ADE2-0050DA744DF1}". Action Taken: No Action Taken.
112: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediImport.NetscapeImporter" refers to invalid object "{EC8717B4-F660-11D3-ADE2-0050DA744DF1}". Action Taken: No Action Taken.
113: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediImport.OutlookImporter.1" refers to invalid object "{EC8717B6-F660-11D3-ADE2-0050DA744DF1}". Action Taken: No Action Taken.
114: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediImport.OutlookImporter" refers to invalid object "{EC8717B6-F660-11D3-ADE2-0050DA744DF1}". Action Taken: No Action Taken.
115: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediImport.ExpressImporter.1" refers to invalid object "{EC8717B8-F660-11D3-ADE2-0050DA744DF1}". Action Taken: No Action Taken.
116: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediImport.ExpressImporter" refers to invalid object "{EC8717B8-F660-11D3-ADE2-0050DA744DF1}". Action Taken: No Action Taken.
117: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediImport.EudoraImporter.1" refers to invalid object "{EC8717C9-F660-11D3-ADE2-0050DA744DF1}". Action Taken: No Action Taken.
118: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediImport.EudoraImporter" refers to invalid object "{EC8717C9-F660-11D3-ADE2-0050DA744DF1}". Action Taken: No Action Taken.
119: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediImport.HotmailImporter.1" refers to invalid object "{F1B4B6F1-55D1-11d6-B7AD-005004C0C6BA}". Action Taken: No Action Taken.
120: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediImport.HotmailImporter" refers to invalid object "{F1B4B6F1-55D1-11d6-B7AD-005004C0C6BA}". Action Taken: No Action Taken.
121: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediImport.IncrediMailImporter.1" refers to invalid object "{44C8EC50-93BD-4633-9A82-CA0D4F1DD3A7}". Action Taken: No Action Taken.
122: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediImport.IncrediMailImporter" refers to invalid object "{44C8EC50-93BD-4633-9A82-CA0D4F1DD3A7}". Action Taken: No Action Taken.
123: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediImport.AOLImporter.1" refers to invalid object "{17513EFA-F27A-4781-B6A6-EE988D96E71C}". Action Taken: No Action Taken.
124: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediImport.AOLImporter" refers to invalid object "{17513EFA-F27A-4781-B6A6-EE988D96E71C}". Action Taken: No Action Taken.
125: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediImport.Importer.1" refers to invalid object "{E1B6DE2A-F997-11D3-BBDB-0050DA276194}". Action Taken: No Action Taken.
126: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediImport.Importer" refers to invalid object "{E1B6DE2A-F997-11D3-BBDB-0050DA276194}". Action Taken: No Action Taken.
127: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediManager.Manager.1" refers to invalid object "{CB073682-BD1F-11D3-BB90-0050DA276194}". Action Taken: No Action Taken.
128: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediManager.Manager" refers to invalid object "{CB073682-BD1F-11D3-BB90-0050DA276194}". Action Taken: No Action Taken.
129: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediBook.CommandComponent.1" refers to invalid object "{5FAEF4A9-C5D0-11D4-BCC1-0050DA276194}". Action Taken: No Action Taken.
130: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediBook.CommandComponent" refers to invalid object "{5FAEF4A9-C5D0-11D4-BCC1-0050DA276194}". Action Taken: No Action Taken.
131: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediManager.VipSupport.1" refers to invalid object "{A43BC58F-4453-49FF-9929-9D1E78D90062}". Action Taken: No Action Taken.
132: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediManager.VipSupport" refers to invalid object "{A43BC58F-4453-49FF-9929-9D1E78D90062}". Action Taken: No Action Taken.
133: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediManager.Premium.1" refers to invalid object "{E6253BEA-C3B2-4FB0-8F7F-B5B8C83674E5}". Action Taken: No Action Taken.
134: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediManager.Premium" refers to invalid object "{E6253BEA-C3B2-4FB0-8F7F-B5B8C83674E5}". Action Taken: No Action Taken.
135: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediManager.FindMessage.1" refers to invalid object "{3762BAB7-8E00-4B51-AA7E-E57ED7552794}". Action Taken: No Action Taken.
136: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediManager.FindMessage" refers to invalid object "{3762BAB7-8E00-4B51-AA7E-E57ED7552794}". Action Taken: No Action Taken.
137: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediNotify.NotifierManager.1" refers to invalid object "{B385A628-C100-11D3-BB95-0050DA276194}". Action Taken: No Action Taken.
138: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediNotify.NotifierManager" refers to invalid object "{B385A628-C100-11D3-BB95-0050DA276194}". Action Taken: No Action Taken.
139: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediParser.MailMessage.1" refers to invalid object "{50E5E612-B7DD-11D3-BB7F-0050DA276194}". Action Taken: No Action Taken.
140: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediParser.MailMessage" refers to invalid object "{50E5E612-B7DD-11D3-BB7F-0050DA276194}". Action Taken: No Action Taken.
141: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediParser.BodyPart.1" refers to invalid object "{087EF34C-BBC4-11D3-BB8D-0050DA276194}". Action Taken: No Action Taken.
142: Wed Sep 07 00:35:36 2005 => Entry "HKCR\IncrediParser.BodyPart" refers to invalid object "{087EF34C-BBC4-11D3-BB8D-0050DA276194}". Action Taken: No Action Taken.
143: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediParser.Header.1" refers to invalid object "{7A2E77CA-BDE2-11D3-BB91-0050DA276194}". Action Taken: No Action Taken.
144: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediParser.Header" refers to invalid object "{7A2E77CA-BDE2-11D3-BB91-0050DA276194}". Action Taken: No Action Taken.
145: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediParser.Encoder.1" refers to invalid object "{28D1EE40-E73D-422D-A2AC-D23F8D3071B2}". Action Taken: No Action Taken.
146: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediParser.Encoder" refers to invalid object "{28D1EE40-E73D-422D-A2AC-D23F8D3071B2}". Action Taken: No Action Taken.
147: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediParser.MessageStoreShell.1" refers to invalid object "{A0C301D9-59A5-45eb-90E8-D60D8149F5A5}". Action Taken: No Action Taken.
148: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediParser.MessageStoreShell" refers to invalid object "{A0C301D9-59A5-45eb-90E8-D60D8149F5A5}". Action Taken: No Action Taken.
149: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediParser.ContainerShell.1" refers to invalid object "{25D41C19-246A-4643-B0CA-08F5D1D07EE6}". Action Taken: No Action Taken.
150: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediParser.ContainerShell" refers to invalid object "{25D41C19-246A-4643-B0CA-08F5D1D07EE6}". Action Taken: No Action Taken.
151: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediService.RegInfo.1" refers to invalid object "{F648D80F-2409-4EDA-847D-8E820B03451F}". Action Taken: No Action Taken.
152: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediService.RegInfo" refers to invalid object "{F648D80F-2409-4EDA-847D-8E820B03451F}". Action Taken: No Action Taken.
153: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediService.Service.1" refers to invalid object "{55B613D4-E613-11D3-857A-005004BE235E}". Action Taken: No Action Taken.
154: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediService.Service" refers to invalid object "{55B613D4-E613-11D3-857A-005004BE235E}". Action Taken: No Action Taken.
155: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediService.Registration.1" refers to invalid object "{C0CF353A-F029-11D3-857F-005004BE235E}". Action Taken: No Action Taken.
156: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediService.Registration" refers to invalid object "{C0CF353A-F029-11D3-857F-005004BE235E}". Action Taken: No Action Taken.
157: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSpooler.Smtp.1" refers to invalid object "{35092AB4-B643-11D3-BB7D-0050DA276194}". Action Taken: No Action Taken.
158: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSpooler.Smtp" refers to invalid object "{35092AB4-B643-11D3-BB7D-0050DA276194}". Action Taken: No Action Taken.
159: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSpooler.AOLSmtp.1" refers to invalid object "{AC7F0192-E976-4887-94E4-3A5DB2CD8A25}". Action Taken: No Action Taken.
160: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSpooler.AOLSmtp" refers to invalid object "{AC7F0192-E976-4887-94E4-3A5DB2CD8A25}". Action Taken: No Action Taken.
161: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSpooler.AOLImap.1" refers to invalid object "{FFEC85C3-CDE6-4201-993D-667FC3E86917}". Action Taken: No Action Taken.
162: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSpooler.AOLImap" refers to invalid object "{FFEC85C3-CDE6-4201-993D-667FC3E86917}". Action Taken: No Action Taken.
163: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSpooler.Pop.1" refers to invalid object "{032038A5-B655-11D3-BB7D-0050DA276194}". Action Taken: No Action Taken.
164: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSpooler.Pop" refers to invalid object "{032038A5-B655-11D3-BB7D-0050DA276194}". Action Taken: No Action Taken.
165: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSpooler.Spooler.1" refers to invalid object "{07A52AE7-B6F0-11D3-BB7E-0050DA276194}". Action Taken: No Action Taken.
166: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSpooler.Spooler" refers to invalid object "{07A52AE7-B6F0-11D3-BB7E-0050DA276194}". Action Taken: No Action Taken.
167: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSpooler.Hotmail.1" refers to invalid object "{995F48E8-131F-4630-9FBE-98D9DBDABB05}". Action Taken: No Action Taken.
168: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSpooler.Hotmail" refers to invalid object "{995F48E8-131F-4630-9FBE-98D9DBDABB05}". Action Taken: No Action Taken.
169: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSupport.UserAccounts.1" refers to invalid object "{3334A48F-8E49-11D4-B72C-005004C0C6BA}". Action Taken: No Action Taken.
170: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSupport.UserAccounts" refers to invalid object "{3334A48F-8E49-11D4-B72C-005004C0C6BA}". Action Taken: No Action Taken.
171: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSupport.Account.1" refers to invalid object "{5773A367-AD78-11D4-BCAF-0050DA276194}". Action Taken: No Action Taken.
172: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSupport.Account" refers to invalid object "{5773A367-AD78-11D4-BCAF-0050DA276194}". Action Taken: No Action Taken.
173: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSpooler.RulesManager.1" refers to invalid object "{08F6CFEE-9381-4796-8596-1D964DD9B762}". Action Taken: No Action Taken.
174: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSpooler.RulesManager" refers to invalid object "{08F6CFEE-9381-4796-8596-1D964DD9B762}". Action Taken: No Action Taken.
175: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSpooler.IMap.1" refers to invalid object "{CBD2C745-D84E-4D27-BF58-3BDCBCE44A7C}". Action Taken: No Action Taken.
176: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSpooler.IMap" refers to invalid object "{CBD2C745-D84E-4D27-BF58-3BDCBCE44A7C}". Action Taken: No Action Taken.
177: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSupport.Settings.1" refers to invalid object "{A8D94870-BEA6-11D3-BB92-0050DA276194}". Action Taken: No Action Taken.
178: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSupport.Settings" refers to invalid object "{A8D94870-BEA6-11D3-BB92-0050DA276194}". Action Taken: No Action Taken.
179: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSupport.Viewers.1" refers to invalid object "{805FB5B9-6344-11D6-B7AF-005004C0C6BA}". Action Taken: No Action Taken.
180: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSupport.Viewers" refers to invalid object "{805FB5B9-6344-11D6-B7AF-005004C0C6BA}". Action Taken: No Action Taken.
181: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSupport.AccountsManager.1" refers to invalid object "{2EE7969F-6FC8-4D04-89AC-5109298ABC39}". Action Taken: No Action Taken.
182: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediSupport.AccountsManager" refers to invalid object "{2EE7969F-6FC8-4D04-89AC-5109298ABC39}". Action Taken: No Action Taken.
183: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediView.MsgView.1" refers to invalid object "{7E58CC0F-BC50-11D3-855B-0050DA2761C4}". Action Taken: No Action Taken.
184: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediView.MsgView" refers to invalid object "{7E58CC0F-BC50-11D3-855B-0050DA2761C4}". Action Taken: No Action Taken.
185: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediView.Spelling.1" refers to invalid object "{84566316-EC70-11D5-881D-0050DA2761C4}". Action Taken: No Action Taken.
186: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediView.Spelling" refers to invalid object "{84566316-EC70-11D5-881D-0050DA2761C4}". Action Taken: No Action Taken.
187: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediView.ViewEditDesigner.1" refers to invalid object "{11B72805-205F-11D6-8855-0050DA2761C4}". Action Taken: No Action Taken.
188: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediView.ViewEditDesigner" refers to invalid object "{11B72805-205F-11D6-8855-0050DA2761C4}". Action Taken: No Action Taken.
189: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediView.ViewShowDesigner.1" refers to invalid object "{4750EC81-293B-11D6-885E-0050DA2761C4}". Action Taken: No Action Taken.
190: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediView.ViewShowDesigner" refers to invalid object "{4750EC81-293B-11D6-885E-0050DA2761C4}". Action Taken: No Action Taken.
191: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediView.FieldsEditDesigner.1" refers to invalid object "{CB382C7A-8852-458A-8900-C456C96FDB8C}". Action Taken: No Action Taken.
192: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediView.FieldsEditDesigner" refers to invalid object "{CB382C7A-8852-458A-8900-C456C96FDB8C}". Action Taken: No Action Taken.
193: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.Sound.1" refers to invalid object "{0710C793-2117-11D5-B75D-005004C0C6BA}". Action Taken: No Action Taken.
194: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.Sound" refers to invalid object "{0710C793-2117-11D5-B75D-005004C0C6BA}". Action Taken: No Action Taken.
195: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.Signature.1" refers to invalid object "{DA12A268-0ACB-11D4-859D-0050DA2761C4}". Action Taken: No Action Taken.
196: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.Signature" refers to invalid object "{DA12A268-0ACB-11D4-859D-0050DA2761C4}". Action Taken: No Action Taken.
197: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.StyleBox.1" refers to invalid object "{C7681ACB-27AD-4025-8F53-643549159658}". Action Taken: No Action Taken.
198: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.StyleBox" refers to invalid object "{C7681ACB-27AD-4025-8F53-643549159658}". Action Taken: No Action Taken.
199: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.WebViewer.1" refers to invalid object "{4EAA7268-FC1E-47C6-87EF-8915475CBC88}". Action Taken: No Action Taken.
200: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.WebViewer" refers to invalid object "{4EAA7268-FC1E-47C6-87EF-8915475CBC88}". Action Taken: No Action Taken.
201: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.LicenceManager.1" refers to invalid object "{5862A1C2-7676-45AA-8C7D-2F803754D007}". Action Taken: No Action Taken.
202: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.LicenceManager" refers to invalid object "{5862A1C2-7676-45AA-8C7D-2F803754D007}". Action Taken: No Action Taken.
203: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.CommonSettings.1" refers to invalid object "{CBF9925D-3C19-4F33-9DE4-446978645EBB}". Action Taken: No Action Taken.
204: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.CommonSettings" refers to invalid object "{CBF9925D-3C19-4F33-9DE4-446978645EBB}". Action Taken: No Action Taken.
205: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.TypeMessageTAF.1" refers to invalid object "{FEBD6230-F4F6-4E79-89CD-4BEBDC4A96AE}". Action Taken: No Action Taken.
206: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.TypeMessageTAF" refers to invalid object "{FEBD6230-F4F6-4E79-89CD-4BEBDC4A96AE}". Action Taken: No Action Taken.
207: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.TypeMessageVIP.1" refers to invalid object "{47B10849-77FA-463b-8973-10241FF9DB37}". Action Taken: No Action Taken.
208: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.TypeMessageVIP" refers to invalid object "{47B10849-77FA-463b-8973-10241FF9DB37}". Action Taken: No Action Taken.
209: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.IMMessage.1" refers to invalid object "{07D03588-7B5E-11D5-8784-0050DA2761C4}". Action Taken: No Action Taken.
210: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.IMMessage" refers to invalid object "{07D03588-7B5E-11D5-8784-0050DA2761C4}". Action Taken: No Action Taken.
211: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.ProfileManager.1" refers to invalid object "{96D04D6A-7B1E-48A9-BEA6-99F9FE8341C7}". Action Taken: No Action Taken.
212: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.ProfileManager" refers to invalid object "{96D04D6A-7B1E-48A9-BEA6-99F9FE8341C7}". Action Taken: No Action Taken.
213: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.MultiSignature.1" refers to invalid object "{328CC455-1F5E-4F1A-A6B7-A888AA9C0289}". Action Taken: No Action Taken.
214: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediFeatures.MultiSignature" refers to invalid object "{328CC455-1F5E-4F1A-A6B7-A888AA9C0289}". Action Taken: No Action Taken.
215: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediTools.SoundManager.1" refers to invalid object "{0B9A0840-1EC3-11D5-B75C-005004C0C6BA}". Action Taken: No Action Taken.
216: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediTools.SoundManager" refers to invalid object "{0B9A0840-1EC3-11D5-B75C-005004C0C6BA}". Action Taken: No Action Taken.
217: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediTools.Magic.1" refers to invalid object "{B84092B9-8658-11D5-8793-0050DA2761C4}". Action Taken: No Action Taken.
218: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediTools.Magic" refers to invalid object "{B84092B9-8658-11D5-8793-0050DA2761C4}". Action Taken: No Action Taken.
219: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediTools.ThumbnailCreator.1" refers to invalid object "{140BBD3E-C68E-4077-B7EC-D4DC46242EF5}". Action Taken: No Action Taken.
220: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediTools.ThumbnailCreator" refers to invalid object "{140BBD3E-C68E-4077-B7EC-D4DC46242EF5}". Action Taken: No Action Taken.
221: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediShellExt.IMMenuShellExt.1" refers to invalid object "{F8984111-38B6-11D5-8725-0050DA2761C4}". Action Taken: No Action Taken.
222: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediShellExt.IMMenuShellExt" refers to invalid object "{F8984111-38B6-11D5-8725-0050DA2761C4}". Action Taken: No Action Taken.
223: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediComUtils.AppSync.1" refers to invalid object "{A7256361-EC20-4E5B-B824-A692515700BD}". Action Taken: No Action Taken.
224: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediComUtils.AppSync" refers to invalid object "{A7256361-EC20-4E5B-B824-A692515700BD}". Action Taken: No Action Taken.
225: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediComUtils.XmlParser.1" refers to invalid object "{6D587C7F-27A0-4416-A90D-FB337F9B406C}". Action Taken: No Action Taken.
226: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediComUtils.XmlParser" refers to invalid object "{6D587C7F-27A0-4416-A90D-FB337F9B406C}". Action Taken: No Action Taken.
227: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediComUtils.Connection.1" refers to invalid object "{77969C47-EBE5-486F-8730-F48B84284D88}". Action Taken: No Action Taken.
228: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediComUtils.Connection" refers to invalid object "{77969C47-EBE5-486F-8730-F48B84284D88}". Action Taken: No Action Taken.
229: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediMail.Kernel.1" refers to invalid object "{E9BC70A8-D70C-11D3-BBAE-0050DA276194}". Action Taken: No Action Taken.
230: Wed Sep 07 00:35:37 2005 => Entry "HKCR\IncrediMail.Kernel" refers to invalid object "{E9BC70A8-D70C-11D3-BBAE-0050DA276194}". Action Taken: No Action Taken.
231: Wed Sep 07 00:35:37 2005 => Entry "HKCR\Ghost\shell\open\command" refers to invalid object "C:\PROGRA~1\GHOST\GHOSTEXP.EXE "%1"". Action Taken: No Action Taken.
232: Wed Sep 07 00:35:38 2005 => Entry "HKCR\war*hier nicht!*\shell\open\command" refers to invalid object "C:\PROGRAM FILES\war*hier nicht!* P2P CLIENT\war*hier nicht!*.EXE "%L"". Action Taken: No Action Taken.
233: Wed Sep 07 00:35:38 2005 => Entry "HKCR\war*hier nicht!*\shell\open\command" refers to invalid object ""C:\PROGRAM FILES\war*hier nicht!* P2P CLIENT\war*hier nicht!*.EXE" "%L"". Action Taken: No Action Taken.
234: Wed Sep 07 00:35:38 2005 => Entry "HKCR\war*hier nicht!*\shell\open\command" refers to invalid object ""C:\PROGRAM FILES\war*hier nicht!* P2P CLIENT\war*hier nicht!*.EXE" "%L"". Action Taken: No Action Taken.
235: Wed Sep 07 00:35:38 2005 => Entry "HKCR\wareo\shell\open\command" refers to invalid object ""C:\PROGRAM FILES\war*hier nicht!* P2P CLIENT\war*hier nicht!*.EXE" "%L"". Action Taken: No Action Taken.
236: Wed Sep 07 00:35:38 2005 => Entry "HKCR\war*hier nicht!*\shell\open\command" refers to invalid object ""C:\PROGRAM FILES\war*hier nicht!* P2P CLIENT\war*hier nicht!*.EXE" "%L"". Action Taken: No Action Taken.
237: Wed Sep 07 00:35:38 2005 => Entry "HKCR\warep\shell\open\command" refers to invalid object ""C:\PROGRAM FILES\war*hier nicht!* P2P CLIENT\war*hier nicht!*.EXE" "%L"". Action Taken: No Action Taken.

--------------------------------------------------
------------- FILES ADDED TO DELETE --------------
--------------------------------------------------

1: C:\WINDOWS\TEMP\bemnoquf.exe => Trojan-Downloader.Win32.Swizzor.co
2: C:\WINDOWS\TEMP\167cd4d8.exe => Trojan-Downloader.Win32.Swizzor.dr
3: C:\WINDOWS\TEMP\162eceac.exe => Trojan-Downloader.Win32.Swizzor.dr
4: C:\WINDOWS\TEMP\165ead7a.exe => Trojan-Downloader.Win32.Swizzor.dr
5: C:\WINDOWS\TEMP\etlhjbmm.exe => Trojan-Downloader.Win32.Swizzor.co
6: C:\WINDOWS\TEMP\rjltrogp.exe => Trojan-Downloader.Win32.Swizzor.co
7: C:\WINDOWS\TEMP\nhvdfzve.exe => Trojan-Downloader.Win32.Swizzor.co
8: C:\WINDOWS\TEMP\oailscqc.exe => Trojan-Downloader.Win32.Swizzor.co
9: C:\WINDOWS\TEMP\faxmkpfg.exe => Trojan-Downloader.Win32.Swizzor.co
10: C:\WINDOWS\TEMP\wukrzuly.exe => Trojan-Downloader.Win32.Swizzor.co
11: C:\WINDOWS\TEMP\lpitpkpk.exe => Trojan-Downloader.Win32.Swizzor.co
12: C:\WINDOWS\TEMP\ugjgthtr.exe => Trojan-Downloader.Win32.Swizzor.co

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Wed Sep 07 00:40:31 2005 => Total Objects Scanned: 20521
Wed Sep 07 00:40:31 2005 => Total Virus(es) Found: 25
Wed Sep 07 00:40:31 2005 => Total Errors: 237
Wed Sep 07 00:40:31 2005 => Virus Database Date: 2005/09/06
Wed Sep 07 00:40:31 2005 => Virus Database Count: 148090

Das sieht aus als wäre da noch nicht alles ok. Kann ich noch etwas verbessern?

Auf alle Fälle geht mein PC schon besser wie davor. Die Processe IEXPLORE sind verschwunden.

Vielen Dank dafür

07.09.2005, 01:47

Gool

Member

Beiträge: 4730

#6 Hast Du die Dateien bereits gelöscht?

btw du hast noch NewDotNet auf dem PC. In aller Regel lässt es sich über "Systemsteuerung -> Software" deinstallieren.

Nachtrag: Gegen die Spyware verwende Spybot S&D (http://security.kolla.de)
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

Dieser Beitrag wurde am 07.09.2005 um 01:51 Uhr von Managor editiert.

07.09.2005, 10:16

wolf210245

Member

Themenstarter

Beiträge: 25

#7 Hallo Managor,

Hab bereits bevor ich ins Forum kam über das tool EASYCLEANER das programm Newdotnet aus dem Programmfolder desinstalliert. Danach habe ich das leere Dateiverzeichnis Newdotnet ebenfalls noch gelöscht. Nach euren Angaben sollte ich noch nachstehende Dateien löschen, kann diese aber nicht finden:
C:\WINDOWS\APPLIC~1\AXIS1C~1
C:\PROGRA~1\NEWDOT~1\

Habe jedoch folgende Dateien gefunden und gelöscht:
C:\WINDOWS\APPLICation Data\AXIS1Com (oder ähnlich)
C:\PROGRAm Files\NEWDOTNET (wie oben gesagt Datei war schon leer)

Über Systemsteuerung > Software ist Newdotnet nicht mehr vorhanden.
Habe aber zur Sicherheit nochmal das unistalltool von newdotnet heruntergeladen und verwendet (uninstall6_76.exe). Das lief normal durch.

Spybot 1.4 und Spyblaster sind installiert und werden regelmässig upgedated.
Allerdings habe ich bei Spybot folgendens festgestellt: Beim Immunisieren sagt das programm jeweils dass zu den bereits geschützten 2123 items noch weitere 3 geschützt werden können. Nach der Immunisierung gibt er dann korrekt an dass nun 2126 items geschützt sind. Bei sofortiger wiederausführung der immunisation meldet er erneut dass nur 2123 geschützt sind. Es gibt irgendwie probleme mit 3 items die scheinbar offen bleiben.

Was kann ich noch weiter tun?

Dank für Hilfe

07.09.2005, 11:29

raman

Moderator

Beiträge: 7805

#8 Spbot die imunisierung aufheben lassen, neu starten und erneut imunisieren und ein neues Hijackthis log posten!

__________
MfG Ralf
SEO-Spam Hunter

07.09.2005, 11:40

wolf210245

Member

Themenstarter

Beiträge: 25

#9 Hallo Raman,
Genauso gemacht:

Logfile of HijackThis v1.99.1
Scan saved at 11:38:57, on 7/09/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\PROGRAM FILES\TELENET EASYCARE\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SYMANTEC\WINFAX\WFXCTL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\TELENET EASYCARE\BIN\MPBTN.EXE
C:\PROGRAM FILES\SYMANTEC\WINFAX\WFXMOD32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {96A498D2-497C-95AA-0774-F337162AECCC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\Windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\Windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yucom.be/NL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://www.telenet.be/sites/epgweb/setup.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

Danke

07.09.2005, 12:14

raman

Moderator

Beiträge: 7805

#10 Nimm das noch raus und es sieht sauber aus....

O2 - BHO: (no name) - {96A498D2-497C-95AA-0774-F337162AECCC} - (no file)
__________
MfG Ralf
SEO-Spam Hunter

07.09.2005, 13:02

wolf210245

Member

Themenstarter

Beiträge: 25

#11 ok erledigt,

Wie oben zu ersehen zeigt der escan eine Reihe von Problemen auf. Muss dafür noch was gemacht werden?

Welche Antivirus, Firewall und Antispyware -software kann ich am besten installieren um zukünftige Probleme zu vermeiden?

Werde auch Betriebssystem auf XP upgraden. Ist das anzuraten bei den vorhergegangen Problemen oder ist eine Neuinstallierung vorzuziehen? (Was für mich ein Riesenaufwand wäre.)

Danke für alles

07.09.2005, 13:14

raman

Moderator

Beiträge: 7805

#12 Wenn du auf XXP umsteigen willst, formatiere den Rechner. Das ist die beste und sauberste Loesung. Spiel mal durch, wie gross der Aufwand wirklich ist. Meisteens ist es weniger als man denkt.

Meistens reichen Brain+ Free-av(z.B. Antivir), Windowsfirewall und Spybot/Adaware aus.....
__________
MfG Ralf
SEO-Spam Hunter

07.09.2005, 13:30

wolf210245

Member

Themenstarter

Beiträge: 25

#13 Hallo Raman,

Kannst du zum escan-logfile von hieroben noch was sagen?
Sind die Probleme definitief weg obwohl der scan da noch einiges angibt?

Danke

07.09.2005, 13:43

Sabina

Ehrenmitglied

Beiträge: 29434

#14 Hallo wolf210245

Raman ist gerade nicht da, also antworte ich mal fuer ihn

..hoffentlich richtig...

loeschen:
C:\WINDOWS\STARTM~1\PROGRA~1\OPSTAR~1\controller.lnk

CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html

#RegCleaner
(Tip: Lade RegCleaner, stelle das Tool in Deutsch ein und saeubere ueber <Tools<Registry saeubern<alles durchfuehren < den PC (du kannst alles angezeigte Loeschen, denn es verbleibt eine Sicherung)
http://www.chip.de/downloads/c_downloads_8830516.html

um die LOP-Verseuchung definitiv zu beenden: / weiss nicht, ob es bei WINMe funktioniert:

Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein:

dir %Windir%\tasks /a h > files.txt
notepad files.txt

- Speichern als: findjobs.bat
- abspeichern unter : Dateityp: alle Dateien
- speichere auf dem Desktop
- Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text
__________
MfG Sabina

rund um die PC-Sicherheit

07.09.2005, 15:03

Gool

Member

Beiträge: 4730

#15 Und um die Fehler zu bereinigen, die eScan gefunden hat, solltest Du einen RegCleaner einsetzen (bspw. die TuneUp Utilities 2006).

Zitat

Nach euren Angaben sollte ich noch nachstehende Dateien löschen, kann diese aber nicht finden:
C:\WINDOWS\APPLIC~1\AXIS1C~1
C:\PROGRA~1\NEWDOT~1\

Der Grund ist, dass manchmal die Programmpfade abgekürzt werden, wenn sie länger als 8 Zeichen sind (das war die Begrenzung aus DOS-Zeiten). So wird aus c:\Programme\Newdotnet plötzlich c:\progra~1\newdot~1
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2