Zeitlupen-DSL durch Virenbefall |
||
---|---|---|
#0
| ||
13.09.2005, 02:46
Member
Beiträge: 21 |
||
|
||
13.09.2005, 03:33
Member
Beiträge: 4730 |
#2
Nun, da ist nichts Verdächtiges herauszusehen (möglicherweise bin ich auch schon zu müde).
Ich empfehle Dir erstmal, Dein System zu aktualisieren (ServicePack2 und alle weiteren verfügbaren Updates). Dann wende mal eScanCheck an und teile uns das Ergebnis mit (wie auf der genannten Seite beschrieben). Nachtrag: Hast Du die ZoneAlarm UND die Sygate Firewall installiert? Deinstalliere ZoneAlarm, sonst nützt Dir keine der Firewalls was (und Sygate ist hier besser, deshalb ZoneAlarm löschen). Nachtrag 2: MemOptimizer nutzen nix, sondern verschlechtern eher die Leistung des Systems. Würde ich also deaktivieren. __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser Dieser Beitrag wurde am 13.09.2005 um 03:37 Uhr von Managor editiert.
|
|
|
||
14.09.2005, 18:16
Member
Themenstarter Beiträge: 21 |
#3
Hier bin ich wieder,
mir stehen mittlerweile die Haare zu Berge. ServicePack 2 läßt sich nicht downloaden, da kümmert sich bereits Bill Gates Handlanger drum. Zur Firewall: Nach der Installation der neuen T-Online6.0-Software versagte Sygate seinen Dienst (habe ich nicht sofort bemerkt). Das führte wohl auch zur Katastrophe, daß nun mein System ein Marktplatz für Trojaner & Co. darstellt. Daraufhin habe ich mangels Besserem ZoneAlarm aktiviert. Mittlerweile ist T-Online 6.0 deinstalliert und Version 5 wieder aktiv. Sygate läßt sich seitdem nicht mehr reanimieren. Nun zum harten Kern: eScanJack hat mir einiges offenbart. Wer verteilt die VIP-Ausweise an die lästigen Viecher? Sehts Euch bitte selbst mal an. -------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Wed Sep 14 03:36:21 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. 2: Wed Sep 14 03:36:21 2005 => System found infected with FlashGet Spyware/Adware ({a5366673-e8ca-11d3-9cd9-0090271d075b})! Action taken: No Action Taken. 3: Wed Sep 14 03:36:21 2005 => System found infected with FlashGet Spyware/Adware ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: No Action Taken. 4: Wed Sep 14 03:36:22 2005 => System found infected with SpywareNo!/SpySheriff Commercial KeyLogger ({ca4fc24b-c65c-11d1-aa6f-000000000000})! Action taken: No Action Taken. 5: Wed Sep 14 03:36:22 2005 => System found infected with SpywareNo!/SpySheriff Commercial KeyLogger ({ddd136ce-517b-11d2-ad03-00105a17b608})! Action taken: No Action Taken. 6: Wed Sep 14 03:36:22 2005 => System found infected with SpywareNo!/SpySheriff Commercial KeyLogger ({4f99a075-5227-11d2-ad06-00105a17b608})! Action taken: No Action Taken. 7: Wed Sep 14 03:36:22 2005 => System found infected with SpywareNo!/SpySheriff Commercial KeyLogger ({371d0743-7a57-11d2-ad5a-00105a17b608})! Action taken: No Action Taken. 8: Wed Sep 14 03:36:22 2005 => System found infected with SpywareNo!/SpySheriff Commercial KeyLogger ({e9d55102-9683-11d2-ba68-0040053687fe})! Action taken: No Action Taken. 9: Wed Sep 14 03:36:22 2005 => System found infected with SpywareNo!/SpySheriff Commercial KeyLogger ({0c1f87ae-ae62-11d3-911c-00105a17b608})! Action taken: No Action Taken. 10: Wed Sep 14 03:36:22 2005 => System found infected with SpywareNo!/SpySheriff Commercial KeyLogger ({b22fe43c-d1e8-432a-a862-9f83d5f04732})! Action taken: No Action Taken. 11: Wed Sep 14 03:36:40 2005 => Offending file found: C:\WINDOWS\System32\bszip.dll 12: Wed Sep 14 03:36:40 2005 => System found infected with CasinoOnNet Spyware/Adware (bszip.dll)! Action taken: No Action Taken. 13: Wed Sep 14 03:36:51 2005 => Offending file found: C:\WINDOWS\iun6002.exe 14: Wed Sep 14 03:36:51 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken. 15: Wed Sep 14 03:37:02 2005 => Offending file found: C:\WINDOWS\System32\DartSock.dll 16: Wed Sep 14 03:37:02 2005 => System found infected with SpywareNo!/SpySheriff Commercial KeyLogger (DartSock.dll)! Action taken: No Action Taken. 17: Wed Sep 14 04:00:58 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* 18: Wed Sep 14 04:13:00 2005 => Scanning File C:\Programme\Infogrames\Edge of Chaos - Indepedence War 2\streams\audio\speech\a3_master_dialogue_infected_female_begging.wav [**] 19: Wed Sep 14 04:13:00 2005 => Scanning File C:\Programme\Infogrames\Edge of Chaos - Indepedence War 2\streams\audio\speech\a3_master_dialogue_infected_female_scream.wav [**] 20: Wed Sep 14 04:13:00 2005 => Scanning File C:\Programme\Infogrames\Edge of Chaos - Indepedence War 2\streams\audio\speech\a3_master_dialogue_infected_male_no_you_bastards.wav [**] 21: Wed Sep 14 04:13:00 2005 => Scanning File C:\Programme\Infogrames\Edge of Chaos - Indepedence War 2\streams\audio\speech\a3_master_dialogue_infected_male_scream.wav [**] 22: Wed Sep 14 04:15:30 2005 => Scanning File C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Infected.wav [**] 23: Wed Sep 14 04:38:22 2005 => File C:\Programme\winupdates\a.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken. 24: Wed Sep 14 04:54:36 2005 => File C:\RECYCLER\S-1-5-21-2052111302-1647877149-839522115-1004\Dc523\CAEVIRQD.html infected by "Trojan-Downloader.JS.FlingStone" Virus! Action Taken: No Action Taken. -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Wed Sep 14 03:50:10 2005 => File C:\Dokumente und Einstellungen\Peter Lang\Eigene Dateien\Download\fgf160.exe tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken. 2: Wed Sep 14 03:57:35 2005 => Scanning File C:\Kodak\Kodak EasyShare software\bin\ESS_Basic_Tagged.chm 3: Wed Sep 14 03:57:37 2005 => Scanning File C:\Kodak\Kodak EasyShare software\bin\ESS_Capture_Tagged.chm -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Wed Sep 14 03:36:02 2005 => ERROR!!! Invalid Entry Microsoft Update = wuamgrd.exe (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 2: Wed Sep 14 03:36:05 2005 => ERROR!!! Invalid Entry \??\C:\DOKUME~1\MELANI~1\LOKALE~1\Temp\cel90xbe.sys in SYSTEM\CurrentControlSet\Services\cel90xbe... 3: Wed Sep 14 03:36:05 2005 => ERROR!!! Invalid Entry system32\drivers\cmuda.sys in SYSTEM\CurrentControlSet\Services\cmuda... 4: Wed Sep 14 03:36:09 2005 => ERROR!!! Invalid Entry \??\C:\DOKUME~1\PETERL~1\LOKALE~1\Temp\kmnmdd.sys in SYSTEM\CurrentControlSet\Services\kmnmdd... 5: Wed Sep 14 03:36:17 2005 => ERROR!!! Invalid Entry \??\C:\DOKUME~1\PETERL~1\LOKALE~1\Temp\sony_ssm.sys in SYSTEM\CurrentControlSet\Services\sony_ssm.sys... 6: Wed Sep 14 03:37:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\StarInstall.ocx". Action Taken: No Action Taken. 7: Wed Sep 14 03:37:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\vxpspeeddelivery.dll". Action Taken: No Action Taken. 8: Wed Sep 14 03:37:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\CTDetect.ftg". Action Taken: No Action Taken. 9: Wed Sep 14 03:37:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\CTDetect.fts". Action Taken: No Action Taken. 10: Wed Sep 14 03:37:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Acrobat 6.0\". Action Taken: No Action Taken. 11: Wed Sep 14 03:37:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Acrobat 6.0\Resource\CMap\". Action Taken: No Action Taken. 12: Wed Sep 14 03:37:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Acrobat 6.0\Resource\". Action Taken: No Action Taken. 13: Wed Sep 14 03:37:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Acrobat 6.0\Resource\Font\". Action Taken: No Action Taken. 14: Wed Sep 14 03:37:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Works\". Action Taken: No Action Taken. 15: Wed Sep 14 03:37:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "G:\Programme\". Action Taken: No Action Taken. 16: Wed Sep 14 03:37:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Clip Gallery\". Action Taken: No Action Taken. 17: Wed Sep 14 03:37:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Canon Utilities\ZoomBrowser EX\". Action Taken: No Action Taken. 18: Wed Sep 14 03:37:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Canon Utilities\". Action Taken: No Action Taken. 19: Wed Sep 14 03:37:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Canon PhotoRecord\". Action Taken: No Action Taken. 20: Wed Sep 14 03:37:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Transport Gigant\save\". Action Taken: No Action Taken. 21: Wed Sep 14 03:37:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Transport Gigant\". Action Taken: No Action Taken. 22: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Electronic Arts\Electronic Arts-Produktregistrierung\". Action Taken: No Action Taken. 23: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Electronic Arts\". Action Taken: No Action Taken. 24: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Spiele\MTX MotoTrax Demo\Game\". Action Taken: No Action Taken. 25: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Spiele\MTX MotoTrax Demo\". Action Taken: No Action Taken. 26: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Worms Forts\". Action Taken: No Action Taken. 27: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Worms Forts\data\". Action Taken: No Action Taken. 28: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Rayman 3\". Action Taken: No Action Taken. 29: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Peter Lang\Startmenü\Programme\egosoft\X2 - Die Bedrohung (Collectors Edition 1.4)\". Action Taken: No Action Taken. 30: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Peter Lang\Startmenü\Programme\egosoft\". Action Taken: No Action Taken. 31: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Industrie Gigant\save\". Action Taken: No Action Taken. 32: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Industrie Gigant\". Action Taken: No Action Taken. 33: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Industrie Gigant\uif\". Action Taken: No Action Taken. 34: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Industrie Gigant\maps\". Action Taken: No Action Taken. 35: Wed Sep 14 03:37:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Tools\". Action Taken: No Action Taken. 36: Wed Sep 14 03:37:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Duke Nukem - Manhattan Project\". Action Taken: No Action Taken. 37: Wed Sep 14 03:37:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Duke Nukem - Manhattan Project\duke\". Action Taken: No Action Taken. 38: Wed Sep 14 03:37:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Duke Nukem - Manhattan Project\duke\base\". Action Taken: No Action Taken. 39: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Leisure Suit Larry - Magna Cum Laude\Data\". Action Taken: No Action Taken. 40: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Leisure Suit Larry - Magna Cum Laude\Data\Control\". Action Taken: No Action Taken. 41: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Leisure Suit Larry - Magna Cum Laude\Data\Control\PC\". Action Taken: No Action Taken. 42: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Leisure Suit Larry - Magna Cum Laude\SaveGames\". Action Taken: No Action Taken. 43: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Kodak\". Action Taken: No Action Taken. 44: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Kodak\Kodak EasyShare\". Action Taken: No Action Taken. 45: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Kodak\". Action Taken: No Action Taken. 46: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\KODAK\Kameraverbindungssoftware\". Action Taken: No Action Taken. 47: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Peter Lang\Startmenü\Programme\T2\". Action Taken: No Action Taken. 48: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Encarta\". Action Taken: No Action Taken. 49: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Davilex\Rettungshelicopter 112\". Action Taken: No Action Taken. 50: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Davilex\". Action Taken: No Action Taken. 51: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Peter Lang\Startmenü\Programme\S.A.D\Klingeltonstudio\". Action Taken: No Action Taken. 52: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Peter Lang\Startmenü\Programme\S.A.D\". Action Taken: No Action Taken. 53: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ACD Systems\". Action Taken: No Action Taken. 54: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\@promt Family\". Action Taken: No Action Taken. 55: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Battlecruiser Millennium\". Action Taken: No Action Taken. 56: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Battlecruiser Millennium\save\". Action Taken: No Action Taken. 57: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Battlecruiser Millennium\models\". Action Taken: No Action Taken. 58: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Battlecruiser Millennium\gfx\". Action Taken: No Action Taken. 59: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Battlecruiser Millennium\gfx\avi\". Action Taken: No Action Taken. 60: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Battlecruiser Millennium\models\textures\". Action Taken: No Action Taken. 61: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Battlecruiser Millennium\docs\". Action Taken: No Action Taken. 62: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\n-Track Studio 4\". Action Taken: No Action Taken. 63: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autodesk\". Action Taken: No Action Taken. 64: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\hlink.srg" refers to invalid object "C:\Programme\Microsoft Office\Office\HLINK.SRG". Action Taken: No Action Taken. 65: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\misc.srg" refers to invalid object "C:\Programme\Microsoft Office\Office\MISC.SRG". Action Taken: No Action Taken. 66: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\MSGraph" refers to invalid object "C:\Programme\Microsoft Office\Office\GRAPH8.EXE". Action Taken: No Action Taken. 67: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\mso97.dll" refers to invalid object "C:\Programme\Microsoft Office\Office\MSO97.DLL". Action Taken: No Action Taken. 68: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\msroute.dll" refers to invalid object "C:\Programme\Microsoft Office\Office\MSROUTE.DLL". Action Taken: No Action Taken. 69: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\osa.exe" refers to invalid object "C:\Programme\Microsoft Office\Office\OSA.EXE". Action Taken: No Action Taken. 70: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\osaintl.dll" refers to invalid object "C:\Programme\Microsoft Office\Office\OSAINTL.DLL". Action Taken: No Action Taken. 71: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\VBA Off97 Help" refers to invalid object "C:\Programme\Microsoft Office\Office\VBAOFF8.HLP". Action Taken: No Action Taken. 72: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".3d". Action Taken: No Action Taken. 73: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".3DA". Action Taken: No Action Taken. 74: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".acr". Action Taken: No Action Taken. 75: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".amt". Action Taken: No Action Taken. 76: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".arg". Action Taken: No Action Taken. 77: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".atm". Action Taken: No Action Taken. 78: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".b3d". Action Taken: No Action Taken. 79: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bb_bak1". Action Taken: No Action Taken. 80: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bb_bak2". Action Taken: No Action Taken. 81: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".beam". Action Taken: No Action Taken. 82: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bmp)". Action Taken: No Action Taken. 83: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bnk". Action Taken: No Action Taken. 84: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cam". Action Taken: No Action Taken. 85: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cfx". Action Taken: No Action Taken. 86: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".class". Action Taken: No Action Taken. 87: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".csp". Action Taken: No Action Taken. 88: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dbf". Action Taken: No Action Taken. 89: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dds". Action Taken: No Action Taken. 90: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".Default". Action Taken: No Action Taken. 91: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DEP". Action Taken: No Action Taken. 92: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dmf". Action Taken: No Action Taken. 93: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DTA". Action Taken: No Action Taken. 94: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ecw". Action Taken: No Action Taken. 95: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".edm". Action Taken: No Action Taken. 96: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ens". Action Taken: No Action Taken. 97: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ex1". Action Taken: No Action Taken. 98: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ex2". Action Taken: No Action Taken. 99: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fdp". Action Taken: No Action Taken. 100: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fla". Action Taken: No Action Taken. 101: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".FLY". Action Taken: No Action Taken. 102: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fpl". Action Taken: No Action Taken. 103: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fpr". Action Taken: No Action Taken. 104: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fsh". Action Taken: No Action Taken. 105: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fxs". Action Taken: No Action Taken. 106: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".g3". Action Taken: No Action Taken. 107: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gsm". Action Taken: No Action Taken. 108: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".GUI". Action Taken: No Action Taken. 109: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".h4c". Action Taken: No Action Taken. 110: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ids". Action Taken: No Action Taken. 111: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iob". Action Taken: No Action Taken. 112: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iw44". Action Taken: No Action Taken. 113: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".j2k". Action Taken: No Action Taken. 114: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jad". Action Taken: No Action Taken. 115: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jng". Action Taken: No Action Taken. 116: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpf". Action Taken: No Action Taken. 117: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kf". Action Taken: No Action Taken. 118: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ldf". Action Taken: No Action Taken. 119: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lds". Action Taken: No Action Taken. 120: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LTA". Action Taken: No Action Taken. 121: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ltc". Action Taken: No Action Taken. 122: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lwf". Action Taken: No Action Taken. 123: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LWO". Action Taken: No Action Taken. 124: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".map". Action Taken: No Action Taken. 125: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".maplet". Action Taken: No Action Taken. 126: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mdl". Action Taken: No Action Taken. 127: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".med". Action Taken: No Action Taken. 128: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MF". Action Taken: No Action Taken. 129: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mkf". Action Taken: No Action Taken. 130: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MLB". Action Taken: No Action Taken. 131: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mng". Action Taken: No Action Taken. 132: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ncp". Action Taken: No Action Taken. 133: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ndo". Action Taken: No Action Taken. 134: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nff". Action Taken: No Action Taken. 135: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ngg". Action Taken: No Action Taken. 136: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nif". Action Taken: No Action Taken. 137: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nlm". Action Taken: No Action Taken. 138: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nol". Action Taken: No Action Taken. 139: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".p5f". Action Taken: No Action Taken. 140: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pb". Action Taken: No Action Taken. 141: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pbv". Action Taken: No Action Taken. 142: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pk3". Action Taken: No Action Taken. 143: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pkf". Action Taken: No Action Taken. 144: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ply". Action Taken: No Action Taken. 145: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PRJ". Action Taken: No Action Taken. 146: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".prs". Action Taken: No Action Taken. 147: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".RDA". Action Taken: No Action Taken. 148: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".REX". Action Taken: No Action Taken. 149: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rlm". Action Taken: No Action Taken. 150: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".scl". Action Taken: No Action Taken. 151: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sff". Action Taken: No Action Taken. 152: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfw". Action Taken: No Action Taken. 153: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sgi". Action Taken: No Action Taken. 154: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sln". Action Taken: No Action Taken. 155: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ssf". Action Taken: No Action Taken. 156: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sty". Action Taken: No Action Taken. 157: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sun". Action Taken: No Action Taken. 158: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sze". Action Taken: No Action Taken. 159: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TED". Action Taken: No Action Taken. 160: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ter". Action Taken: No Action Taken. 161: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tex". Action Taken: No Action Taken. 162: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tgp". Action Taken: No Action Taken. 163: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tgs". Action Taken: No Action Taken. 164: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tgw". Action Taken: No Action Taken. 165: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmd". Action Taken: No Action Taken. 166: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmpl". Action Taken: No Action Taken. 167: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TSX". Action Taken: No Action Taken. 168: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".u3d". Action Taken: No Action Taken. 169: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ulf". Action Taken: No Action Taken. 170: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ULP". Action Taken: No Action Taken. 171: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".vex". Action Taken: No Action Taken. 172: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VIP". Action Taken: No Action Taken. 173: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".vsb". Action Taken: No Action Taken. 174: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".wd". Action Taken: No Action Taken. 175: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Airline Tycoon - Deluxe". Action Taken: No Action Taken. 176: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BigTick_Rainbow2_is1". Action Taken: No Action Taken. 177: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Bricks of Egypt Trial Version_is1". Action Taken: No Action Taken. 178: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Bridge Builder Demo". Action Taken: No Action Taken. 179: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Café International". Action Taken: No Action Taken. 180: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "CharacterFX". Action Taken: No Action Taken. 181: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Der Fluch des Goldes XS". Action Taken: No Action Taken. 182: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Der VerkehrsGigant-Gold Edition". Action Taken: No Action Taken. 183: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Dogs & Lights Shareware". Action Taken: No Action Taken. 184: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "fragMOTION 0.7.0_is1". Action Taken: No Action Taken. 185: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Gothic II". Action Taken: No Action Taken. 186: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HijackThis". Action Taken: No Action Taken. 187: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hollywood Tycoon". Action Taken: No Action Taken. 188: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HSCF". Action Taken: No Action Taken. 189: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken. 190: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "JDiskReport 1.1.2". Action Taken: No Action Taken. 191: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "JumpOver_is1". Action Taken: No Action Taken. 192: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821557". Action Taken: No Action Taken. 193: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken. 194: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823559". Action Taken: No Action Taken. 195: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken. 196: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken. 197: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken. 198: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken. 199: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken. 200: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken. 201: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833330". Action Taken: No Action Taken. 202: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken. 203: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken. 204: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken. 205: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken. 206: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken. 207: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken. 208: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken. 209: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KPT3S". Action Taken: No Action Taken. 210: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LucasArts' Star Wars Rebellion". Action Taken: No Action Taken. 211: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MiniPy15". Action Taken: No Action Taken. 212: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "No Man's Land". Action Taken: No Action Taken. 213: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken. 214: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Office8.0". Action Taken: No Action Taken. 215: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Project: Snowblind Demo". Action Taken: No Action Taken. 216: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "PureBasic_is1". Action Taken: No Action Taken. 217: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken. 218: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329048". Action Taken: No Action Taken. 219: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329115". Action Taken: No Action Taken. 220: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329170". Action Taken: No Action Taken. 221: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329390". Action Taken: No Action Taken. 222: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329441". Action Taken: No Action Taken. 223: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329834". Action Taken: No Action Taken. 224: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810565". Action Taken: No Action Taken. 225: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810577". Action Taken: No Action Taken. 226: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810833". Action Taken: No Action Taken. 227: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q811493". Action Taken: No Action Taken. 228: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814033". Action Taken: No Action Taken. 229: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815021". Action Taken: No Action Taken. 230: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817606". Action Taken: No Action Taken. 231: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken. 232: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuickTime". Action Taken: No Action Taken. 233: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuizChampion". Action Taken: No Action Taken. 234: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Rising Kingdoms Demo". Action Taken: No Action Taken. 235: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Shareaza". Action Taken: No Action Taken. 236: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SiSoftware Sandra Standard 2004.SP1 (Win32 x86)_is1". Action Taken: No Action Taken. 237: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SmartStartup". Action Taken: No Action Taken. 238: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Tattoo". Action Taken: No Action Taken. 239: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "The Spirit Engine". Action Taken: No Action Taken. 240: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Tony Tough and The Night of Roasted Moths". Action Taken: No Action Taken. 241: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "virtualcreations UltraPhazer_is1". Action Taken: No Action Taken. 242: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{00170407-78E1-11D2-B60F-006097C998E7}". Action Taken: No Action Taken. 243: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{09131BDB-A91C-4D1C-830B-F2ADD80804E4}". Action Taken: No Action Taken. 244: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{15B4652F-38E8-4252-8374-EFE88AA2FDA7}". Action Taken: No Action Taken. 245: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{19004701-1927-8189-3560-141084253787}". Action Taken: No Action Taken. 246: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{1A2000AF-79DE-47FB-8411-BA22F981917F}". Action Taken: No Action Taken. 247: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2ADC1927-AA15-4781-9AA9-B14FC29F63EC}_is1". Action Taken: No Action Taken. 248: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{43B6667D-7520-4186-B05B-F5C0494C495D}". Action Taken: No Action Taken. 249: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{481463D7-E5D9-4331-B154-B75D6D3C15F8}". Action Taken: No Action Taken. 250: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{64ECA738-E431-4C0E-AE32-EE0DAFBEC570}_is1". Action Taken: No Action Taken. 251: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{796E70BB-C20D-4956-99DA-72BD201846E8}". Action Taken: No Action Taken. 252: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{79726608-1126-7845-8329-738134109973}". Action Taken: No Action Taken. 253: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{84146EF9-4DCB-4321-89AE-EA38956F5FC7}". Action Taken: No Action Taken. 254: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8D27EAE7-A6EA-449D-98FF-42E8C1591A5E}". Action Taken: No Action Taken. 255: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{90A455A7-0FC8-4508-B7FA-8F135B8F041A}". Action Taken: No Action Taken. 256: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{91C69142-2158-4B46-AC85-FEC80CAE973D}". Action Taken: No Action Taken. 257: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{990036E7-D647-45A4-8F7F-1CB277EF0ABD}". Action Taken: No Action Taken. 258: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1031-7B44-000000000001}". Action Taken: No Action Taken. 259: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B1275E23-717A-4D52-997A-1AD1E24BC7F3}". Action Taken: No Action Taken. 260: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{BAF5914B-5730-4373-B038-9F436AC6A0D6}". Action Taken: No Action Taken. 261: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{E169177D-2FAC-486A-AB94-81ACF76313D6}". Action Taken: No Action Taken. 262: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EED193CF-6AD9-4FFC-AB77-C6FA792D2E1F}_is1". Action Taken: No Action Taken. 263: Wed Sep 14 03:37:26 2005 => Entry "HKCR\CLSID\{8D3F1E2E-5CA0-0966-FE92-19B4B48C7840}" refers to invalid object "G:\Programme\Microsoft Picture It! PhotoPub\SCTV.DLL". Action Taken: No Action Taken. 264: Wed Sep 14 03:37:26 2005 => Entry "HKCR\CLSID\{9BF34098-E8A2-4050-5549-290AC1348D22}" refers to invalid object "G:\Programme\Microsoft Picture It! PhotoPub\SCTV.DLL". Action Taken: No Action Taken. 265: Wed Sep 14 03:37:28 2005 => Entry "HKCR\CLSID\{CDC2C92D-B6A5-3B2F-4F23-524A9D3303E0}" refers to invalid object "G:\Programme\Microsoft Picture It! PhotoPub\SCTV.DLL". Action Taken: No Action Taken. 266: Wed Sep 14 03:37:28 2005 => Entry "HKCR\CLSID\{E52E75C6-80CD-D1E3-767A-960FE8250F53}" refers to invalid object "G:\Programme\Microsoft Picture It! PhotoPub\SCTV.DLL". Action Taken: No Action Taken. 267: Wed Sep 14 03:37:30 2005 => Entry "HKCR\TypeLib\{73C20A89-AD22-4868-9BBA-25DD9D78A1D0}" refers to invalid object "C:\DOKUME~1\PETERL~1\LOKALE~1\Temp\Word8.0\ShockwaveFlashObjects.exd". Action Taken: No Action Taken. 268: Wed Sep 14 03:37:30 2005 => Entry "HKCR\TypeLib\{74C0A8E1-3D5E-439D-A202-66233ED303CB}" refers to invalid object "C:\DOKUME~1\PETERL~1\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 269: Wed Sep 14 03:37:30 2005 => Entry "HKCR\TypeLib\{CF612D4F-CF9F-43D8-A51E-F0E48878C7B1}" refers to invalid object "C:\DOKUME~1\MELANI~1\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 270: Wed Sep 14 03:37:30 2005 => Entry "HKCR\TypeLib\{E587EA01-1F17-4991-AE9A-C6B909D9205A}" refers to invalid object "C:\DOKUME~1\PETERL~1\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 271: Wed Sep 14 03:37:31 2005 => Entry "HKCR\.SFM\shell\open\command" refers to invalid object "E:\SIMFARMW\WSIMFARM.EXE %1". Action Taken: No Action Taken. 272: Wed Sep 14 03:37:31 2005 => Entry "HKCR\.SSM\shell\open\command" refers to invalid object "E:\SIMFARMW\WSIMFARM.EXE %1". Action Taken: No Action Taken. 273: Wed Sep 14 03:37:32 2005 => Entry "HKCR\avi_auto_file\shell\open\command" refers to invalid object ""G:\MAGIX\Media_Manager\MediaManager.exe" "%1"". Action Taken: No Action Taken. 274: Wed Sep 14 03:37:34 2005 => Entry "HKCR\jpg_auto_file\shell\open\command" refers to invalid object ""G:\MAGIX\Media_Manager\MediaManager.exe" "%1"". Action Taken: No Action Taken. 275: Wed Sep 14 03:37:34 2005 => Entry "HKCR\MKI_auto_file\shell\open\command" refers to invalid object ""G:\MAGIX\Media_Manager\MagixLoader.exe" "%1"". Action Taken: No Action Taken. 276: Wed Sep 14 03:37:35 2005 => Entry "HKCR\mks_auto_file\shell\open\command" refers to invalid object "G:\MAGIX\MEDIA_~1\MEDIAM~1.EXE "%1"". Action Taken: No Action Taken. 277: Wed Sep 14 03:37:35 2005 => Entry "HKCR\mp2_auto_file\shell\open\command" refers to invalid object ""G:\MAGIX\Media_Manager\MediaManager.exe" "%1"". Action Taken: No Action Taken. 278: Wed Sep 14 03:37:35 2005 => Entry "HKCR\mp3_auto_file\shell\open\command" refers to invalid object ""G:\MAGIX\Media_Manager\MediaManager.exe" "%1"". Action Taken: No Action Taken. 279: Wed Sep 14 03:37:38 2005 => Entry "HKCR\wav_auto_file\shell\open\command" refers to invalid object ""G:\MAGIX\Media_Manager\MediaManager.exe" "%1"". Action Taken: No Action Taken. -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: C:\Programme\winupdates\a.zip => Worm.Win32.VB.an 2: C:\RECYCLER\S-1-5-21-2052111302-1647877149-839522115-1004\Dc523\CAEVIRQD.html => Trojan-Downloader.JS.FlingStone -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Wed Sep 14 05:31:01 2005 => Total Objects Scanned: 132436 Wed Sep 14 05:31:01 2005 => Total Virus(es) Found: 18 Wed Sep 14 05:31:01 2005 => Total Errors: 279 Wed Sep 14 05:31:01 2005 => Virus Database Date: 2005/09/14 Wed Sep 14 05:31:01 2005 => Virus Database Count: 149175 Wed Sep 14 05:35:27 2005 => Total Objects Scanned: 132436 Wed Sep 14 05:35:27 2005 => Total Virus(es) Found: 18 Wed Sep 14 05:35:27 2005 => Total Errors: 279 ------------------------------------------------------------------- Ich wäre dankbar für jeden Tip! PS: Worm.Win32.VB und Trojan-Downloader.JS.FlingStone habe ich bereits entsorgt. __________ Computer schaffen Probleme, die es zuvor niemals gab! Dieser Beitrag wurde am 14.09.2005 um 18:20 Uhr von Megalomanic editiert.
|
|
|
||
14.09.2005, 20:02
Member
Beiträge: 4730 |
#4
Nun, Viren sind das nicht wirklich, sondern nur ne Armee von Spyware. Wie es scheint, ist Dein System auch nicht mehr wirklich stabil. Eine Neuinstallation von Windows wäre vermutlich nützlicher... dann wäre Dein System auch wirklich sauber
Ok, nun zur Problemlösung: Killbox: http://virus-protect.org/killbox.html Aktiviere "Delete on Reboot". Füge folgendes in das Eingabefeld ein und bestätige jeweils mit Klick rechts auf das Kreuz. Die Frage, ob jetzt neugestartet werden soll, erst am Ende mit JA beantworten. C:\WINDOWS\System32\bszip.dll C:\WINDOWS\iun6002.exe C:\WINDOWS\System32\DartSock.dll C:\Dokumente und Einstellungen\Peter Lang\Eigene Dateien\Download\fgf160.exe PC wird neugestartet. Lösche Verzeichnis: C:\Programme\winupdates\ CCleaner: http://virus-protect.org/temp.html alle Dateien löschen (Standardeinstellung). Ewido: http://virus-protect.org/ewido.html System überprüfen und Report posten. Anschließend noch ein neues HJT-Log. __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
14.09.2005, 23:32
Member
Themenstarter Beiträge: 21 |
#5
welcome back,
die Scans sind jetzt endlich durch! --------------------------------------------------------- ewido security suite - Scan Report --------------------------------------------------------- + Erstellt am: 23:09:55, 14.09.2005 + Report-Checksumme: D70AFEFC + Scanergebnis: C:\Dokumente und Einstellungen\LocalService\Cookies\system@a.tfag[1].txt -> Spyware.Cookie.Tfag : Gesäubert mit Backup C:\Dokumente und Einstellungen\LocalService\Cookies\system@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup C:\Dokumente und Einstellungen\LocalService\Cookies\system@tfag[2].txt -> Spyware.Cookie.Tfag : Gesäubert mit Backup C:\Dokumente und Einstellungen\Melanie Voigt\Lokale Einstellungen\Anwendungsdaten\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Gesäubert mit Backup C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Gesäubert mit Backup C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Gesäubert mit Backup C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll -> Spyware.WildTangent : Gesäubert mit Backup C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Gesäubert mit Backup ::Report Ende Logfile of HijackThis v1.99.0 Scan saved at 23:16:11, on 14.09.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Programme\Gemeinsame Dateien\Stardock\SDMCP.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\OPTICA~1\4DMAIN.EXE C:\Programme\SBAudigy\AudioHQ\AHQTBU.EXE C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe C:\ZoneAlarm\zlclient.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Microsoft AntiSpyware\gcasServ.exe C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe C:\Programme\T-DSL SpeedManager\tsmsvc.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe C:\WINDOWS\System32\cidaemon.exe C:\Programme\Outlook Express\MSIMN.EXE C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\FlashGet\flashget.exe C:\Virenbekämpfung\ewido security suite\ewidoguard.exe C:\Virenbekämpfung\ewido security suite\ewidoctrl.exe C:\Virenbekämpfung\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Übersetzer - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Programme\PRMT6\PRMTIE\prmtie.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTStartup] C:\Programme\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\OPTICA~1\4DMAIN.EXE O4 - HKLM\..\Run: [AudioHQU] C:\Programme\SBAudigy\AudioHQ\AHQTBU.EXE O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe" O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] "C:\Programme\T-Online\Dialerschutz-Software\defender.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [Zone Labs Client] "C:\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [HBRemind] C:\Programme\T-Online\T-Online_Software_5\Banking\HBRemind.exe O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\ObjectDockPlus\ObjectDock.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Automatische Auswahl der Themenvorlage - C:\Programme\PRMT6\PRMTIE\aot.htm O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Seite übersetzen - C:\Programme\PRMT6\PRMTIE\page.htm O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Übersetzen - C:\Programme\PRMT6\PRMTIE\translat.htm O8 - Extra context menu item: Übersetzungsoptionen anpassen - C:\Programme\PRMT6\PRMTIE\options.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT6\PRMTIE\prmtie5.htm O9 - Extra 'Tools' menuitem: Übersetzen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT6\PRMTIE\prmtie5.htm O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT6\PRMTIE\options.htm O9 - Extra 'Tools' menuitem: Übersetzungsoptionen anpassen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT6\PRMTIE\options.htm O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Dialerschutz Dienst - Unknown - C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe O23 - Service: ewido security suite control - ewido networks - C:\Virenbekämpfung\ewido security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Virenbekämpfung\ewido security suite\ewidoguard.exe O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: SecuROM User Access Service (V7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Übrigens: Bei dem Satz "Windows neu aufspielen" bekomme ich mächtig Bauchschmerzen. 1. 3 Tage ABM 2. Viele CD's (habe keinen DVD-Röster) brennen, da recht große Datenbanken (ca. 40GB) vorhanden sind. ---------------------------------------- -Megalomanic __________ Computer schaffen Probleme, die es zuvor niemals gab! |
|
|
||
15.09.2005, 00:10
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo@Megalomanic
CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html Microsoft Update = wuamgrd.exe <--vielleicht finde ich noch einige TFTP.... die com-Dateien muessen noch geloescht werden ( Alcra.B) arbeite das bitte ab: (alle 4 Logs posten) http://virus-protect.org/datfindbat.html --------------------- C:\Program Files\winupdates\a.zip C\Windows\System32\cmd.com C\Windows\System32\bszip.dll C\Windows\System32\netstat.com C\Windows\System32\ping.com C\Windows\System32\regedit.com C\Windows\System32\taskkill.com C\Windows\System32\tasklist.com C\Windows\System32\tracert.com __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.09.2005, 01:33
Member
Themenstarter Beiträge: 21 |
#7
Hallo zusammen,
CCleaner ist nochmals durch. wuamgrd.exe ist auf meinem System nicht mehr vorhanden. Die 4 Logs aus DatFind: ----SYSTEM32---- Datentr„ger in Laufwerk C: ist Windows XP Volumeseriennummer: 9C35-8BA3 Verzeichnis von C:\WINDOWS\system32 14.09.2005 20:26 890 vsconfig.xml 14.09.2005 20:25 1.080 settings.sfm 14.09.2005 20:25 384 DVCState-{00000001-00000000-00000008-00001102-00000004-00511102}.dat 14.09.2005 20:25 1.080 settingsbkup.sfm 14.09.2005 20:25 384 DVCStateBkp-{00000001-00000000-00000008-00001102-00000004-00511102}.dat 14.09.2005 20:25 29.100 BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-00511102}.rfx 14.09.2005 20:25 30.648 BMXState-{00000001-00000000-00000008-00001102-00000004-00511102}.rfx 14.09.2005 20:25 30.648 BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-00511102}.rfx 14.09.2005 20:25 29.100 BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-00511102}.rfx 14.09.2005 16:31 13.646 wpa.dbl 13.09.2005 15:38 421.432 FNTCACHE.DAT 11.09.2005 17:15 4.212 zllictbl.dat 11.09.2005 05:13 82.702 NULL 11.09.2005 05:12 23.392 nscompat.tlb 11.09.2005 05:12 16.832 amcompat.tlb 11.09.2005 05:10 380.350 perfh009.dat 11.09.2005 05:10 391.000 perfh007.dat 11.09.2005 05:10 52.764 perfc009.dat 11.09.2005 05:10 63.580 perfc007.dat 11.09.2005 05:10 872.024 PerfStringBackup.INI 08.09.2005 21:36 1.997.664 MRT.exe 08.09.2005 01:55 76 intelreg2.ini 08.09.2005 00:27 76 PhotoRg2.ini 06.09.2005 22:59 2.060.544 TUKernel.exe 05.09.2005 15:30 2 cmd.com 05.09.2005 15:30 2 regedit.com 05.09.2005 15:30 2 taskkill.com 05.09.2005 15:30 2 tasklist.com 05.09.2005 15:30 2 tracert.com 05.09.2005 15:30 2 ping.com 05.09.2005 15:30 2 netstat.com 04.09.2005 11:07 43.520 CmdLineExt03.dll 29.08.2005 13:27 520.968 LegitCheckControl.DLL 29.08.2005 13:27 23.304 GWFSPidGen.DLL 26.07.2005 20:36 400 w32pool.bin 19.07.2005 12:38 2.699.264 MSHTML.DLL Jahrgang 2004 und früher ist gekürzt. Passt nicht in das Topic. ---SYSTEMTEMP---- Datentr„ger in Laufwerk C: ist Windows XP Volumeseriennummer: 9C35-8BA3 Verzeichnis von C:\DOKUME~1\PETERL~1\LOKALE~1\Temp 14.09.2005 21:00 16.384 ~DFC555.tmp 14.09.2005 20:27 32.768 ~DFEB6A.tmp 14.09.2005 20:27 32.768 ~DFC865.tmp 14.09.2005 20:24 239 kb.log 14.09.2005 20:16 16.384 ~DFE893.tmp 14.09.2005 19:46 16.384 ~DFC55E.tmp 14.09.2005 16:25 32.768 ~DFC3AE.tmp 14.09.2005 16:25 32.768 ~DFA6B2.tmp 14.09.2005 14:10 32.768 ~DFF4D.tmp 14.09.2005 14:10 32.768 ~DFEBCE.tmp 14.09.2005 05:36 16.384 ~DFD6B8.tmp 14.09.2005 03:23 32.768 ~DF85F5.tmp 14.09.2005 03:23 32.768 ~DF30CE.tmp 13.09.2005 23:20 32.768 ~DF4E14.tmp 13.09.2005 23:20 32.768 ~DF36EF.tmp 15 Datei(en) 393.455 Bytes 0 Verzeichnis(se), 9.462.067.200 Bytes frei ----SYSTEM---- Datentr„ger in Laufwerk C: ist Windows XP Volumeseriennummer: 9C35-8BA3 Verzeichnis von C:\WINDOWS 14.09.2005 20:34 893.070 WindowsUpdate.log 14.09.2005 20:28 4.923.423 {00000001-00000000-00000008-00001102-00000004-00511102}.CDF 14.09.2005 20:26 159 wiadebug.log 14.09.2005 20:26 50 wiaservc.log 14.09.2005 20:26 2.048 bootstat.dat 14.09.2005 20:25 32.568 SchedLgU.Txt 13.09.2005 14:54 2.260.035 setupapi.log.0.old 13.09.2005 05:08 150 W2W.ini 11.09.2005 16:57 211 uno.ini 11.09.2005 16:57 2.581 win.ini 11.09.2005 15:01 275 system.ini 11.09.2005 15:01 412 wininit.ini 11.09.2005 05:12 316.640 WMSysPr9.prx 10.09.2005 04:39 399 Caligari.ini 10.09.2005 01:10 9.728 Thumbs.db 06.09.2005 13:12 49 hw.ini 04.09.2005 20:10 2.490 TrayServerData.ini 04.09.2005 14:40 24 LogonStudio.ini 31.08.2005 15:07 287 ringtonemaker.INI 31.08.2005 12:49 3.120 MF_C425.lfa 31.08.2005 12:49 3.120 MF_C421.lfa 31.08.2005 12:49 3.120 MF_C420.lfa 25.08.2005 17:34 387 SBWIN.INI 25.08.2005 00:47 512 AudStu.INI 15.08.2005 02:29 1.125 winamp.ini 08.08.2005 01:20 30 iedit.INI 04.08.2005 21:50 152 CoolPlay.ini 04.08.2005 21:40 98 Ô 01.08.2005 21:50 116 magix.ini 20.07.2005 00:39 0 FoneSync.INI 14.07.2005 17:56 286.720 Setup1.exe 14.07.2005 16:41 73.216 ST6UNST.EXE 14.07.2005 16:36 117 ?????? 14.07.2005 16:01 427 justnote.ini 14.07.2005 16:00 33 hqdates.dat 14.07.2005 16:00 430 TRAYHQ.INI 09.07.2005 05:54 16 blox-n-balls.cfg Datentr„ger in Laufwerk C: ist Windows XP Volumeseriennummer: 9C35-8BA3 Verzeichnis von C:\ 15.09.2005 01:05 0 sys.txt 15.09.2005 01:05 14.431 system.txt 15.09.2005 01:04 972 systemtemp.txt 15.09.2005 01:04 117.858 system32.txt 14.09.2005 20:26 1.609.801.728 pagefile.sys 14.09.2005 05:31 0 23990098.$$$ 14.09.2005 05:31 6 AVPCallback.log 14.09.2005 03:35 630 abc.lnk 11.09.2005 23:20 4.803 TDSLCheck.txt 11.09.2005 16:57 435 TO_InstallLog.txt 06.09.2005 22:59 355 boot.ini 29.08.2005 21:10 229.584 wonderlog.txt 25.08.2005 18:17 69 Neues Projekt.dat 18.08.2005 22:27 17.737 vstcdbg.log 13.08.2005 21:39 10.495.846 soundeffect.wav 05.08.2005 00:37 1.847.236 logfromvst1.txt 05.08.2005 00:34 516 logfromvst_launch.txt 05.08.2005 00:34 40 logfromvst_prod.txt 02.08.2005 20:40 16 mxfilerelatedcache.mxc2 09.07.2005 04:25 135 kamihigh.dat 08.06.2005 05:55 25.627.707 logfromvst2.txt 08.06.2005 05:54 0 logfromvst-2.txt 26.03.2005 18:35 3.181 pbidetest2.rtf 15.02.2005 10:27 4.259 asize.txt 15.02.2005 10:27 6.039.831 afile.txt 15.02.2005 10:05 0 aperf.txt 04.11.2004 20:50 746 midi studio 2005.Key 28.10.2004 12:49 133.866 WINDOWSgame.log 27.10.2004 18:53 13.030 PDOXUSRS.NET 24.10.2004 15:44 10.440 guru.log 10.07.2004 19:49 258 sap.log 29.05.2004 16:00 2 calendarapps.txt 16.05.2004 15:13 3.201 Debug_OF_StartHmt.txt 06.05.2004 22:55 1.206 INSTALL.LOG 02.05.2004 17:44 0 IO.SYS 02.05.2004 17:44 0 MSDOS.SYS 02.05.2004 17:44 0 CONFIG.SYS 02.05.2004 17:44 0 AUTOEXEC.BAT 29.08.2002 14:00 47.580 NTDETECT.COM 29.08.2002 14:00 4.952 bootfont.bin 29.08.2002 14:00 235.296 ntldr 41 Datei(en) 1.654.657.952 Bytes 0 Verzeichnis(se), 9.462.046.720 Bytes frei __________ Computer schaffen Probleme, die es zuvor niemals gab! Dieser Beitrag wurde am 15.09.2005 um 01:44 Uhr von Megalomanic editiert.
|
|
|
||
15.09.2005, 09:03
Ehrenmitglied
Beiträge: 29434 |
#8
einzelne "exe" ueberpruefen
http://www.virustotal.com/flash/index_en.html http://virusscan.jotti.org/de/ C:\WINDOWS\system32\TUKernel.exe C\Windows\Ô C\Windows\?????? C:\WINDOWS\system32\NULL Oben auf der Seite auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten und danach das Ergebnis abkopieren und hier im Beitrag posten Zitat 05.09.2005 15:30 2 cmd.com•KillBox http://www.bleepingcomputer.com/files/killbox.php Anleitung: (bebildert) http://virus-protect.org/killbox.html •Delete File on Reboot <--anhaken C\Windows\System32\cmd.com C\Windows\System32\netstat.com C\Windows\System32\ping.com C\Windows\System32\regedit.com C\Windows\System32\taskkill.com C\Windows\System32\tasklist.com C\Windows\System32\tracert.com und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" PC neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.09.2005, 14:59
Member
Themenstarter Beiträge: 21 |
#9
Hallo Sabina,
bist Du sicher, daß dadurch die Funktionalität von WinXP noch gewährleistet ist? C\Windows\System32\cmd.com C\Windows\System32\netstat.com C\Windows\System32\ping.com C\Windows\System32\regedit.com C\Windows\System32\taskkill.com C\Windows\System32\tasklist.com C\Windows\System32\tracert.com Anbei die Scan's der fragwürdigen Dateien: Datei: TUKernel.exe Status: OK Entdeckte Packprogramme: - AntiVir Keine Viren gefunden ArcaVir Keine Viren gefunden Avast Keine Viren gefunden AVG Antivirus Keine Viren gefunden BitDefender Keine Viren gefunden ClamAV Keine Viren gefunden Dr.Web Keine Viren gefunden F-Prot Antivirus Keine Viren gefunden Fortinet Keine Viren gefunden Kaspersky Anti-Virus Keine Viren gefunden NOD32 Keine Viren gefunden Norman Virus Control Keine Viren gefunden UNA Keine Viren gefunden VBA32 Keine Viren gefunden Datei: NULL Status: OK Entdeckte Packprogramme: - AntiVir Keine Viren gefunden ArcaVir Keine Viren gefunden Avast Keine Viren gefunden AVG Antivirus Keine Viren gefunden BitDefender Keine Viren gefunden ClamAV Keine Viren gefunden Dr.Web Keine Viren gefunden F-Prot Antivirus Keine Viren gefunden Fortinet Keine Viren gefunden Kaspersky Anti-Virus Keine Viren gefunden NOD32 Keine Viren gefunden Norman Virus Control Keine Viren gefunden UNA Keine Viren gefunden VBA32 Keine Viren gefunden Datei: È Status: OK Entdeckte Packprogramme: - AntiVir Keine Viren gefunden ArcaVir Keine Viren gefunden Avast Keine Viren gefunden AVG Antivirus Keine Viren gefunden BitDefender Keine Viren gefunden ClamAV Keine Viren gefunden Dr.Web Keine Viren gefunden F-Prot Antivirus Keine Viren gefunden Fortinet Keine Viren gefunden Kaspersky Anti-Virus Keine Viren gefunden NOD32 Keine Viren gefunden Norman Virus Control Keine Viren gefunden UNA Keine Viren gefunden VBA32 Keine Viren gefunden Datei: 捉湯牗獫䤮䥎 Status: OK Entdeckte Packprogramme: - AntiVir Keine Viren gefunden ArcaVir Keine Viren gefunden Avast Keine Viren gefunden AVG Antivirus Keine Viren gefunden BitDefender Keine Viren gefunden ClamAV Keine Viren gefunden Dr.Web Keine Viren gefunden F-Prot Antivirus Keine Viren gefunden Fortinet Keine Viren gefunden Kaspersky Anti-Virus Keine Viren gefunden NOD32 Keine Viren gefunden Norman Virus Control Keine Viren gefunden UNA Keine Viren gefunden VBA32 Keine Viren gefunden ---------------------------------- -Megalomanic __________ Computer schaffen Probleme, die es zuvor niemals gab! Dieser Beitrag wurde am 15.09.2005 um 15:20 Uhr von Megalomanic editiert.
|
|
|
||
15.09.2005, 15:27
Ehrenmitglied
Beiträge: 29434 |
#10
wer irgendwelche dubiosen Tools laedt und dann die Viren behalten will, sollte sich dann keine Sorgen, um die Funktionalitaet vom XP machen
http://virus-protect.org/Artikel/spyware/alcrab.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.09.2005, 16:09
Member
Themenstarter Beiträge: 21 |
#11
Welcome back,
Killbox ist jetzt durch. Der Taskmanager von WinXP reagiert jetzt nicht mehr! Wie geht's nun weiter? Aktueller HijackThis-Report: Logfile of HijackThis v1.99.0 Scan saved at 16:28:48, on 15.09.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Stardock\SDMCP.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe C:\Virenbekämpfung\ewido security suite\ewidoctrl.exe C:\Virenbekämpfung\ewido security suite\ewidoguard.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\OPTICA~1\4DMAIN.EXE C:\Programme\SBAudigy\AudioHQ\AHQTBU.EXE C:\WINDOWS\System32\MsPMSPSv.exe C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe C:\ZoneAlarm\zlclient.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Microsoft AntiSpyware\gcasServ.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Virenbekämpfung\Spybot\TeaTimer.exe C:\Programme\T-DSL SpeedManager\tsmsvc.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE C:\Programme\Outlook Express\MSIMN.EXE C:\WINDOWS\System32\cidaemon.exe C:\Virenbekämpfung\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Virenbekämpfung\Spybot\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Übersetzer - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Programme\PRMT6\PRMTIE\prmtie.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTStartup] C:\Programme\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\OPTICA~1\4DMAIN.EXE O4 - HKLM\..\Run: [AudioHQU] C:\Programme\SBAudigy\AudioHQ\AHQTBU.EXE O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe" O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] "C:\Programme\T-Online\Dialerschutz-Software\defender.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [Zone Labs Client] "C:\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKCU\..\Run: [HBRemind] C:\Programme\T-Online\T-Online_Software_5\Banking\HBRemind.exe O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Virenbekämpfung\Spybot\TeaTimer.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\ObjectDockPlus\ObjectDock.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Automatische Auswahl der Themenvorlage - C:\Programme\PRMT6\PRMTIE\aot.htm O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Seite übersetzen - C:\Programme\PRMT6\PRMTIE\page.htm O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Übersetzen - C:\Programme\PRMT6\PRMTIE\translat.htm O8 - Extra context menu item: Übersetzungsoptionen anpassen - C:\Programme\PRMT6\PRMTIE\options.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT6\PRMTIE\prmtie5.htm O9 - Extra 'Tools' menuitem: Übersetzen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT6\PRMTIE\prmtie5.htm O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT6\PRMTIE\options.htm O9 - Extra 'Tools' menuitem: Übersetzungsoptionen anpassen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT6\PRMTIE\options.htm O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Dialerschutz Dienst - Unknown - C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe O23 - Service: ewido security suite control - ewido networks - C:\Virenbekämpfung\ewido security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Virenbekämpfung\ewido security suite\ewidoguard.exe O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: SecuROM User Access Service (V7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe --------------------------------------- -Megalomanic __________ Computer schaffen Probleme, die es zuvor niemals gab! Dieser Beitrag wurde am 15.09.2005 um 16:37 Uhr von Megalomanic editiert.
|
|
|
||
15.09.2005, 16:47
Ehrenmitglied
Beiträge: 29434 |
#12
start-->Ausfuehren--> regedit
Taskmanager: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer DisableTaskMgr 0 <--dieser Wert muss dastehen, oder gleich den Schluessel DisableTaskMgr loeschen bitte abarbeiten und alles posten: http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.09.2005, 18:50
Member
Themenstarter Beiträge: 21 |
#13
Welcome back,
DisableTaskMgr 0 ist enfernt, Taskmanager läuft wieder. "Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "HBRemind" = "C:\Programme\T-Online\T-Online_Software_5\Banking\HBRemind.exe" ["fun communications GmbH"] "Shareaza" = ""C:\Programme\Shareaza\Shareaza.exe" -tray" ["Shareaza Development Team"] "SpybotSD TeaTimer" = "C:\Virenbekämpfung\Spybot\TeaTimer.exe" ["Safer Networking Limited"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "CTStartup" = "C:\Programme\SBAudigy\Program\CTEaxSpl.EXE /run" ["Creative Technology Ltd."] "WheelMouse" = "C:\PROGRA~1\OPTICA~1\4DMAIN.EXE" [null data] "AudioHQU" = "C:\Programme\SBAudigy\AudioHQ\AHQTBU.EXE" ["Creative Technology Ltd."] "T-DSL SpeedMgr" = ""C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"" ["T-Systems Nova, Berkom"] "T-Online Dialerschutz-Software" = ""C:\Programme\T-Online\Dialerschutz-Software\defender.exe"" ["T-Online International AG"] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "ToADiMon.exe" = "C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart" ["Marmiko IT-Solutions GmbH"] "Zone Labs Client" = ""C:\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"] "RemoteControl" = "C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."] "gcasServ" = ""C:\Programme\Microsoft AntiSpyware\gcasServ.exe"" [MS] "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\CTStartup {++} "CTStartup" = ""C:\Programme\SBAudigy\Program\CTEaxSpl.EXE" EAX.AVI" ["Creative Technology Ltd."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\Virenbekämpfung\Spybot\SDHelper.dll" ["Safer Networking Limited"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\upnpui.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler" -> {CLSID}\InProcServer32\(Default) = "D:\Applications\OpenOffice\program\shlxthdl.dll" ["Sun Microsystems, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\KODAK\IFSCore\kodakshx.dll" ["Eastman Kodak Company"] "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension" -> {CLSID}\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "Internetverknüpfung" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "shdocvw.dll" [MS] INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft AntiSpyware\shellextension.dll" [MS] INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {CLSID}\InProcServer32\(Default) = "C:\Virenbekämpfung\ewido security suite\shellhook.dll" ["TODO: <Firmenname>"] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "0aMCPClient" = "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\stardock\MCPCore.dll" ["Stardock"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] INFECTION WARNING! MCPClient\DLLName = "C:\Programme\Gemeinsame Dateien\Stardock\mcpstub.dll" ["Stardock"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {CLSID}\InProcServer32\(Default) = "C:\Virenbekämpfung\ewido security suite\context.dll" ["ewido networks"] PromtMenu\(Default) = "{E28C61E1-67D8-4005-9BF4-E232B2EB9012}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\PRMT6\PRMT\prmshell.dll" ["PROject MT, Ltd."] TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" -> {CLSID}\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {CLSID}\InProcServer32\(Default) = "C:\Virenbekämpfung\ewido security suite\context.dll" ["ewido networks"] TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" -> {CLSID}\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\Dokumente und Einstellungen\Peter Lang\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Startup items in "Peter Lang" & "All Users" startup folders: ------------------------------------------------------------ C:\Dokumente und Einstellungen\Peter Lang\Startmenü\Programme\Autostart "Stardock ObjectDock" -> shortcut to: "C:\Programme\ObjectDockPlus\ObjectDock.exe" ["Stardock"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork1.dll [null data], 01 - 02, 16 %SystemRoot%\system32\mswsock.dll [MS], 03 - 05, 08 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"] "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [empty string] "{FF284F5C-7CF9-4682-8701-D467C1DBB99F}" = "Übersetzer" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\PRMT6\PRMTIE\prmtie.dll" ["PROMT Ltd."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {03C1C47F-0538-4645-8372-D3109B9FC636}\ = "Easy-WebPrint" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [empty string] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {9455301C-CF6B-11D3-A266-00C04F689C50}\ = "Encarta &Recherche-Assistent" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\msjava.dll" [MS] {09FE188B-6E85-479E-9411-51FB2220DF80}\ "ButtonText" = "Subscribe in Desktop Sidebar" "MenuText" = "Subscribe in Desktop Sidebar" "CLSIDExtension" = "{45AD732C-2CE2-4666-B366-B2214AD57A49}" {7A2EFD41-E6B3-11D2-89E3-00E0292EE574}\ "MenuText" = "Übersetzen" "Script" = "C:\Programme\PRMT6\PRMTIE\prmtie5.htm" [null data] {7A2EFD41-E6B3-11D2-89E3-00E0292EE575}\ "MenuText" = "Übersetzungsoptionen anpassen" "Script" = "C:\Programme\PRMT6\PRMTIE\options.htm" [null data] {9455301C-CF6B-11D3-A266-00C04F689C50}\ "ButtonText" = "Recherche-Assistent" {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "&FlashGet" "Exec" = "C:\Programme\FlashGet\flashget.exe" ["Amaze Soft"] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Messenger" "Exec" = "C:\Programme\Messenger\MSMSGS.EXE" [file not found] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ Missing lines (compared with English-language version): HIJACK WARNING! "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."] AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."] C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"] Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTsvcCDA.EXE" ["Creative Technology Ltd"] Dialerschutz Dienst, DFSVC, "C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe" [null data] Einfache TCP/IP-Dienste, SimpTcp, "C:\WINDOWS\System32\tcpsvcs.exe" [MS] ewido security suite control, ewido security suite control, "C:\Virenbekämpfung\ewido security suite\ewidoctrl.exe" ["ewido networks"] ewido security suite guard, ewido security suite guard, "C:\Virenbekämpfung\ewido security suite\ewidoguard.exe" ["ewido networks"] Kodak Camera Connection Software, KodakCCS, "C:\WINDOWS\system32\drivers\KodakCCS.exe" ["Eastman Kodak Company"] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS] ScsiAccess, ScsiAccess, "C:\WINDOWS\System32\ScsiAccess.EXE" [null data] SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\System32\UAService7.exe" ["Sony DADC Austria AG."] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] TSMService, TSMService, ""C:\Programme\T-DSL SpeedManager\tsmsvc.exe"" ["T-Systems Nova, Berkom"] TuneUp WinStyler Theme Service, TUWinStylerThemeSvc, "C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe" ["TuneUp Software GmbH"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 49 seconds, including 18 seconds for message boxes) PS: Shareaza hab' ich bereits aus dem Start-in-Tray rausgenommen. ------------------------------------- -Megalomanic __________ Computer schaffen Probleme, die es zuvor niemals gab! Dieser Beitrag wurde am 15.09.2005 um 19:10 Uhr von Megalomanic editiert.
|
|
|
||
15.09.2005, 23:55
Ehrenmitglied
Beiträge: 29434 |
#14
deinstalliere diese Programme, wenn du ein sauberes System willst:
-C:\Programme\Shareaza -C:\Programme\ObjectDockPlus (?) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.09.2005, 03:35
Member
Themenstarter Beiträge: 21 |
#15
Hallo zusammen,
Ich habe nun FlashGet und Desktop Sidebar entfernt. Shareaza ist zwar ein Risikogate, jedoch kein Schädling. Was ist an ObjectDockPlus verwerflich? Ist eine echt komfortable Taskleiste, die die XP-Leiste ersetzt und bei MacOSX Bestandteil des Betriebssystems ist. Da muß der gute Bill mal eben bei Apple zur Schule. Den Internetzugriff habe ich unterbunden. Als Webbrowser verwende ich ab sofort Mozilla, IE hat ausgedient. Was sollte ich jetzt noch tun um das System als völlig schädlingsfrei bezeichnen zu dürfen? Bin ich denn überhaupt schon fertig? __________ Computer schaffen Probleme, die es zuvor niemals gab! Dieser Beitrag wurde am 16.09.2005 um 05:02 Uhr von Megalomanic editiert.
|
|
|
||
seit gestern ist in meinem System der Wurm drin, im wahrsten Sinne des Wortes. AntiVir hat mir einige Funde gemeldet, die jetzt eine Party auf meiner Festplatte feiern. Alcra.B, WildTangent.B, Hcktool.Gende.A, Destart.A und Forten.Java.4 sind die lästigen Besucher, die jetz mein System nahezu lahmlegen. HijackThis liefert mir die folgende Liste:
Logfile of HijackThis v1.99.0
Scan saved at 02:40:31, on 13.09.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
C:\Programme\SBAudigy\AudioHQ\AHQTBU.EXE
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\ZoneAlarm\zlclient.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Pop-Up Stopper Free Edition\PSFree.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\GEMEIN~1\PROJEC~1\PRMT6\PrmtSvr.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Virenbekämpfung\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Übersetzer - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Programme\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programme\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
O4 - HKLM\..\Run: [AudioHQU] C:\Programme\SBAudigy\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] "C:\Programme\T-Online\Dialerschutz-Software\defender.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Programme\Gemeinsame Dateien\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programme\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Zone Labs Client] "C:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [HBRemind] C:\Programme\T-Online\T-Online_Software_5\Banking\HBRemind.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Programme\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [IncrediMail Application] C:\PROGRA~1\INCRED~1\bin\IncMail.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\ObjectDockPlus\ObjectDock.exe
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Automatische Auswahl der Themenvorlage - C:\Programme\PRMT6\PRMTIE\aot.htm
O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Seite übersetzen - C:\Programme\PRMT6\PRMTIE\page.htm
O8 - Extra context menu item: Übersetzen - C:\Programme\PRMT6\PRMTIE\translat.htm
O8 - Extra context menu item: Übersetzungsoptionen anpassen - C:\Programme\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Übersetzen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Übersetzungsoptionen anpassen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT6\PRMTIE\options.htm
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/de/win/QuickTimeInstaller.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Dialerschutz Dienst - Unknown - C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-------------------------------------------------------------------------
es wäre nett, wenn mir mal eben jemand helfen könnte, die verdammten Biester vor die Tür zu setzen.
__________
Computer schaffen Probleme, die es zuvor niemals gab!