Zeitlupen-DSL durch Virenbefall

#0
13.09.2005, 02:46
Member

Beiträge: 21
#1 Hallo zusammen,

seit gestern ist in meinem System der Wurm drin, im wahrsten Sinne des Wortes. AntiVir hat mir einige Funde gemeldet, die jetzt eine Party auf meiner Festplatte feiern. Alcra.B, WildTangent.B, Hcktool.Gende.A, Destart.A und Forten.Java.4 sind die lästigen Besucher, die jetz mein System nahezu lahmlegen. HijackThis liefert mir die folgende Liste:

Logfile of HijackThis v1.99.0
Scan saved at 02:40:31, on 13.09.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
C:\Programme\SBAudigy\AudioHQ\AHQTBU.EXE
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\ZoneAlarm\zlclient.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Pop-Up Stopper Free Edition\PSFree.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\GEMEIN~1\PROJEC~1\PRMT6\PrmtSvr.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Virenbekämpfung\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Übersetzer - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Programme\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programme\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
O4 - HKLM\..\Run: [AudioHQU] C:\Programme\SBAudigy\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] "C:\Programme\T-Online\Dialerschutz-Software\defender.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Programme\Gemeinsame Dateien\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programme\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Zone Labs Client] "C:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [HBRemind] C:\Programme\T-Online\T-Online_Software_5\Banking\HBRemind.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Programme\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [IncrediMail Application] C:\PROGRA~1\INCRED~1\bin\IncMail.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\ObjectDockPlus\ObjectDock.exe
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Automatische Auswahl der Themenvorlage - C:\Programme\PRMT6\PRMTIE\aot.htm
O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Seite übersetzen - C:\Programme\PRMT6\PRMTIE\page.htm
O8 - Extra context menu item: Übersetzen - C:\Programme\PRMT6\PRMTIE\translat.htm
O8 - Extra context menu item: Übersetzungsoptionen anpassen - C:\Programme\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Übersetzen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Übersetzungsoptionen anpassen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT6\PRMTIE\options.htm
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/de/win/QuickTimeInstaller.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Dialerschutz Dienst - Unknown - C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-------------------------------------------------------------------------
es wäre nett, wenn mir mal eben jemand helfen könnte, die verdammten Biester vor die Tür zu setzen.
__________
Computer schaffen Probleme, die es zuvor niemals gab!
Seitenanfang Seitenende
13.09.2005, 03:33
Member
Avatar Gool

Beiträge: 4730
#2 Nun, da ist nichts Verdächtiges herauszusehen (möglicherweise bin ich auch schon zu müde).

Ich empfehle Dir erstmal, Dein System zu aktualisieren (ServicePack2 und alle weiteren verfügbaren Updates).

Dann wende mal eScanCheck an und teile uns das Ergebnis mit (wie auf der genannten Seite beschrieben).

Nachtrag: Hast Du die ZoneAlarm UND die Sygate Firewall installiert? Deinstalliere ZoneAlarm, sonst nützt Dir keine der Firewalls was (und Sygate ist hier besser, deshalb ZoneAlarm löschen).
Nachtrag 2: MemOptimizer nutzen nix, sondern verschlechtern eher die Leistung des Systems. Würde ich also deaktivieren.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Dieser Beitrag wurde am 13.09.2005 um 03:37 Uhr von Managor editiert.
Seitenanfang Seitenende
14.09.2005, 18:16
Member

Themenstarter

Beiträge: 21
#3 Hier bin ich wieder,

mir stehen mittlerweile die Haare zu Berge. ServicePack 2 läßt sich nicht downloaden, da kümmert sich bereits Bill Gates Handlanger drum.
Zur Firewall: Nach der Installation der neuen T-Online6.0-Software versagte Sygate seinen Dienst (habe ich nicht sofort bemerkt). Das führte wohl auch zur Katastrophe, daß nun mein System ein Marktplatz für Trojaner & Co. darstellt. Daraufhin habe ich mangels Besserem ZoneAlarm aktiviert. Mittlerweile ist T-Online 6.0 deinstalliert und Version 5 wieder aktiv. Sygate läßt sich seitdem nicht mehr reanimieren.

Nun zum harten Kern:
eScanJack hat mir einiges offenbart. Wer verteilt die VIP-Ausweise an die lästigen Viecher? Sehts Euch bitte selbst mal an.


--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Wed Sep 14 03:36:21 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
2: Wed Sep 14 03:36:21 2005 => System found infected with FlashGet Spyware/Adware ({a5366673-e8ca-11d3-9cd9-0090271d075b})! Action taken: No Action Taken.
3: Wed Sep 14 03:36:21 2005 => System found infected with FlashGet Spyware/Adware ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: No Action Taken.
4: Wed Sep 14 03:36:22 2005 => System found infected with SpywareNo!/SpySheriff Commercial KeyLogger ({ca4fc24b-c65c-11d1-aa6f-000000000000})! Action taken: No Action Taken.
5: Wed Sep 14 03:36:22 2005 => System found infected with SpywareNo!/SpySheriff Commercial KeyLogger ({ddd136ce-517b-11d2-ad03-00105a17b608})! Action taken: No Action Taken.
6: Wed Sep 14 03:36:22 2005 => System found infected with SpywareNo!/SpySheriff Commercial KeyLogger ({4f99a075-5227-11d2-ad06-00105a17b608})! Action taken: No Action Taken.
7: Wed Sep 14 03:36:22 2005 => System found infected with SpywareNo!/SpySheriff Commercial KeyLogger ({371d0743-7a57-11d2-ad5a-00105a17b608})! Action taken: No Action Taken.
8: Wed Sep 14 03:36:22 2005 => System found infected with SpywareNo!/SpySheriff Commercial KeyLogger ({e9d55102-9683-11d2-ba68-0040053687fe})! Action taken: No Action Taken.
9: Wed Sep 14 03:36:22 2005 => System found infected with SpywareNo!/SpySheriff Commercial KeyLogger ({0c1f87ae-ae62-11d3-911c-00105a17b608})! Action taken: No Action Taken.
10: Wed Sep 14 03:36:22 2005 => System found infected with SpywareNo!/SpySheriff Commercial KeyLogger ({b22fe43c-d1e8-432a-a862-9f83d5f04732})! Action taken: No Action Taken.
11: Wed Sep 14 03:36:40 2005 => Offending file found: C:\WINDOWS\System32\bszip.dll
12: Wed Sep 14 03:36:40 2005 => System found infected with CasinoOnNet Spyware/Adware (bszip.dll)! Action taken: No Action Taken.
13: Wed Sep 14 03:36:51 2005 => Offending file found: C:\WINDOWS\iun6002.exe
14: Wed Sep 14 03:36:51 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
15: Wed Sep 14 03:37:02 2005 => Offending file found: C:\WINDOWS\System32\DartSock.dll
16: Wed Sep 14 03:37:02 2005 => System found infected with SpywareNo!/SpySheriff Commercial KeyLogger (DartSock.dll)! Action taken: No Action Taken.
17: Wed Sep 14 04:00:58 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
18: Wed Sep 14 04:13:00 2005 => Scanning File C:\Programme\Infogrames\Edge of Chaos - Indepedence War 2\streams\audio\speech\a3_master_dialogue_infected_female_begging.wav [**]
19: Wed Sep 14 04:13:00 2005 => Scanning File C:\Programme\Infogrames\Edge of Chaos - Indepedence War 2\streams\audio\speech\a3_master_dialogue_infected_female_scream.wav [**]
20: Wed Sep 14 04:13:00 2005 => Scanning File C:\Programme\Infogrames\Edge of Chaos - Indepedence War 2\streams\audio\speech\a3_master_dialogue_infected_male_no_you_bastards.wav [**]
21: Wed Sep 14 04:13:00 2005 => Scanning File C:\Programme\Infogrames\Edge of Chaos - Indepedence War 2\streams\audio\speech\a3_master_dialogue_infected_male_scream.wav [**]
22: Wed Sep 14 04:15:30 2005 => Scanning File C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Infected.wav [**]
23: Wed Sep 14 04:38:22 2005 => File C:\Programme\winupdates\a.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
24: Wed Sep 14 04:54:36 2005 => File C:\RECYCLER\S-1-5-21-2052111302-1647877149-839522115-1004\Dc523\CAEVIRQD.html infected by "Trojan-Downloader.JS.FlingStone" Virus! Action Taken: No Action Taken.

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Wed Sep 14 03:50:10 2005 => File C:\Dokumente und Einstellungen\Peter Lang\Eigene Dateien\Download\fgf160.exe tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken.
2: Wed Sep 14 03:57:35 2005 => Scanning File C:\Kodak\Kodak EasyShare software\bin\ESS_Basic_Tagged.chm
3: Wed Sep 14 03:57:37 2005 => Scanning File C:\Kodak\Kodak EasyShare software\bin\ESS_Capture_Tagged.chm

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Wed Sep 14 03:36:02 2005 => ERROR!!! Invalid Entry Microsoft Update = wuamgrd.exe (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
2: Wed Sep 14 03:36:05 2005 => ERROR!!! Invalid Entry \??\C:\DOKUME~1\MELANI~1\LOKALE~1\Temp\cel90xbe.sys in SYSTEM\CurrentControlSet\Services\cel90xbe...
3: Wed Sep 14 03:36:05 2005 => ERROR!!! Invalid Entry system32\drivers\cmuda.sys in SYSTEM\CurrentControlSet\Services\cmuda...
4: Wed Sep 14 03:36:09 2005 => ERROR!!! Invalid Entry \??\C:\DOKUME~1\PETERL~1\LOKALE~1\Temp\kmnmdd.sys in SYSTEM\CurrentControlSet\Services\kmnmdd...
5: Wed Sep 14 03:36:17 2005 => ERROR!!! Invalid Entry \??\C:\DOKUME~1\PETERL~1\LOKALE~1\Temp\sony_ssm.sys in SYSTEM\CurrentControlSet\Services\sony_ssm.sys...
6: Wed Sep 14 03:37:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\StarInstall.ocx". Action Taken: No Action Taken.
7: Wed Sep 14 03:37:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\vxpspeeddelivery.dll". Action Taken: No Action Taken.
8: Wed Sep 14 03:37:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\CTDetect.ftg". Action Taken: No Action Taken.
9: Wed Sep 14 03:37:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\CTDetect.fts". Action Taken: No Action Taken.
10: Wed Sep 14 03:37:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Acrobat 6.0\". Action Taken: No Action Taken.
11: Wed Sep 14 03:37:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Acrobat 6.0\Resource\CMap\". Action Taken: No Action Taken.
12: Wed Sep 14 03:37:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Acrobat 6.0\Resource\". Action Taken: No Action Taken.
13: Wed Sep 14 03:37:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Acrobat 6.0\Resource\Font\". Action Taken: No Action Taken.
14: Wed Sep 14 03:37:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Works\". Action Taken: No Action Taken.
15: Wed Sep 14 03:37:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "G:\Programme\". Action Taken: No Action Taken.
16: Wed Sep 14 03:37:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Clip Gallery\". Action Taken: No Action Taken.
17: Wed Sep 14 03:37:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Canon Utilities\ZoomBrowser EX\". Action Taken: No Action Taken.
18: Wed Sep 14 03:37:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Canon Utilities\". Action Taken: No Action Taken.
19: Wed Sep 14 03:37:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Canon PhotoRecord\". Action Taken: No Action Taken.
20: Wed Sep 14 03:37:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Transport Gigant\save\". Action Taken: No Action Taken.
21: Wed Sep 14 03:37:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Transport Gigant\". Action Taken: No Action Taken.
22: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Electronic Arts\Electronic Arts-Produktregistrierung\". Action Taken: No Action Taken.
23: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Electronic Arts\". Action Taken: No Action Taken.
24: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Spiele\MTX MotoTrax Demo\Game\". Action Taken: No Action Taken.
25: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Spiele\MTX MotoTrax Demo\". Action Taken: No Action Taken.
26: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Worms Forts\". Action Taken: No Action Taken.
27: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Worms Forts\data\". Action Taken: No Action Taken.
28: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Rayman 3\". Action Taken: No Action Taken.
29: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Peter Lang\Startmenü\Programme\egosoft\X2 - Die Bedrohung (Collectors Edition 1.4)\". Action Taken: No Action Taken.
30: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Peter Lang\Startmenü\Programme\egosoft\". Action Taken: No Action Taken.
31: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Industrie Gigant\save\". Action Taken: No Action Taken.
32: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Industrie Gigant\". Action Taken: No Action Taken.
33: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Industrie Gigant\uif\". Action Taken: No Action Taken.
34: Wed Sep 14 03:37:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Industrie Gigant\maps\". Action Taken: No Action Taken.
35: Wed Sep 14 03:37:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Tools\". Action Taken: No Action Taken.
36: Wed Sep 14 03:37:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Duke Nukem - Manhattan Project\". Action Taken: No Action Taken.
37: Wed Sep 14 03:37:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Duke Nukem - Manhattan Project\duke\". Action Taken: No Action Taken.
38: Wed Sep 14 03:37:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Duke Nukem - Manhattan Project\duke\base\". Action Taken: No Action Taken.
39: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Leisure Suit Larry - Magna Cum Laude\Data\". Action Taken: No Action Taken.
40: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Leisure Suit Larry - Magna Cum Laude\Data\Control\". Action Taken: No Action Taken.
41: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Leisure Suit Larry - Magna Cum Laude\Data\Control\PC\". Action Taken: No Action Taken.
42: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\Leisure Suit Larry - Magna Cum Laude\SaveGames\". Action Taken: No Action Taken.
43: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Kodak\". Action Taken: No Action Taken.
44: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Kodak\Kodak EasyShare\". Action Taken: No Action Taken.
45: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Kodak\". Action Taken: No Action Taken.
46: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\KODAK\Kameraverbindungssoftware\". Action Taken: No Action Taken.
47: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Peter Lang\Startmenü\Programme\T2\". Action Taken: No Action Taken.
48: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Encarta\". Action Taken: No Action Taken.
49: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Davilex\Rettungshelicopter 112\". Action Taken: No Action Taken.
50: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Davilex\". Action Taken: No Action Taken.
51: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Peter Lang\Startmenü\Programme\S.A.D\Klingeltonstudio\". Action Taken: No Action Taken.
52: Wed Sep 14 03:37:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Peter Lang\Startmenü\Programme\S.A.D\". Action Taken: No Action Taken.
53: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ACD Systems\". Action Taken: No Action Taken.
54: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\@promt Family\". Action Taken: No Action Taken.
55: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Battlecruiser Millennium\". Action Taken: No Action Taken.
56: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Battlecruiser Millennium\save\". Action Taken: No Action Taken.
57: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Battlecruiser Millennium\models\". Action Taken: No Action Taken.
58: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Battlecruiser Millennium\gfx\". Action Taken: No Action Taken.
59: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Battlecruiser Millennium\gfx\avi\". Action Taken: No Action Taken.
60: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Battlecruiser Millennium\models\textures\". Action Taken: No Action Taken.
61: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Battlecruiser Millennium\docs\". Action Taken: No Action Taken.
62: Wed Sep 14 03:37:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\n-Track Studio 4\". Action Taken: No Action Taken.
63: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autodesk\". Action Taken: No Action Taken.
64: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\hlink.srg" refers to invalid object "C:\Programme\Microsoft Office\Office\HLINK.SRG". Action Taken: No Action Taken.
65: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\misc.srg" refers to invalid object "C:\Programme\Microsoft Office\Office\MISC.SRG". Action Taken: No Action Taken.
66: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\MSGraph" refers to invalid object "C:\Programme\Microsoft Office\Office\GRAPH8.EXE". Action Taken: No Action Taken.
67: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\mso97.dll" refers to invalid object "C:\Programme\Microsoft Office\Office\MSO97.DLL". Action Taken: No Action Taken.
68: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\msroute.dll" refers to invalid object "C:\Programme\Microsoft Office\Office\MSROUTE.DLL". Action Taken: No Action Taken.
69: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\osa.exe" refers to invalid object "C:\Programme\Microsoft Office\Office\OSA.EXE". Action Taken: No Action Taken.
70: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\osaintl.dll" refers to invalid object "C:\Programme\Microsoft Office\Office\OSAINTL.DLL". Action Taken: No Action Taken.
71: Wed Sep 14 03:37:18 2005 => Entry "HKLM\Software\Microsoft\Shared Tools\VBA Off97 Help" refers to invalid object "C:\Programme\Microsoft Office\Office\VBAOFF8.HLP". Action Taken: No Action Taken.
72: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".3d". Action Taken: No Action Taken.
73: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".3DA". Action Taken: No Action Taken.
74: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".acr". Action Taken: No Action Taken.
75: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".amt". Action Taken: No Action Taken.
76: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".arg". Action Taken: No Action Taken.
77: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".atm". Action Taken: No Action Taken.
78: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".b3d". Action Taken: No Action Taken.
79: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bb_bak1". Action Taken: No Action Taken.
80: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bb_bak2". Action Taken: No Action Taken.
81: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".beam". Action Taken: No Action Taken.
82: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bmp)". Action Taken: No Action Taken.
83: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bnk". Action Taken: No Action Taken.
84: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cam". Action Taken: No Action Taken.
85: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cfx". Action Taken: No Action Taken.
86: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".class". Action Taken: No Action Taken.
87: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".csp". Action Taken: No Action Taken.
88: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dbf". Action Taken: No Action Taken.
89: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dds". Action Taken: No Action Taken.
90: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".Default". Action Taken: No Action Taken.
91: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DEP". Action Taken: No Action Taken.
92: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dmf". Action Taken: No Action Taken.
93: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DTA". Action Taken: No Action Taken.
94: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ecw". Action Taken: No Action Taken.
95: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".edm". Action Taken: No Action Taken.
96: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ens". Action Taken: No Action Taken.
97: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ex1". Action Taken: No Action Taken.
98: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ex2". Action Taken: No Action Taken.
99: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fdp". Action Taken: No Action Taken.
100: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fla". Action Taken: No Action Taken.
101: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".FLY". Action Taken: No Action Taken.
102: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fpl". Action Taken: No Action Taken.
103: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fpr". Action Taken: No Action Taken.
104: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fsh". Action Taken: No Action Taken.
105: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fxs". Action Taken: No Action Taken.
106: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".g3". Action Taken: No Action Taken.
107: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gsm". Action Taken: No Action Taken.
108: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".GUI". Action Taken: No Action Taken.
109: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".h4c". Action Taken: No Action Taken.
110: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ids". Action Taken: No Action Taken.
111: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iob". Action Taken: No Action Taken.
112: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iw44". Action Taken: No Action Taken.
113: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".j2k". Action Taken: No Action Taken.
114: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jad". Action Taken: No Action Taken.
115: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jng". Action Taken: No Action Taken.
116: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpf". Action Taken: No Action Taken.
117: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kf". Action Taken: No Action Taken.
118: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ldf". Action Taken: No Action Taken.
119: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lds". Action Taken: No Action Taken.
120: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LTA". Action Taken: No Action Taken.
121: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ltc". Action Taken: No Action Taken.
122: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lwf". Action Taken: No Action Taken.
123: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LWO". Action Taken: No Action Taken.
124: Wed Sep 14 03:37:18 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".map". Action Taken: No Action Taken.
125: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".maplet". Action Taken: No Action Taken.
126: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mdl". Action Taken: No Action Taken.
127: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".med". Action Taken: No Action Taken.
128: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MF". Action Taken: No Action Taken.
129: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mkf". Action Taken: No Action Taken.
130: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MLB". Action Taken: No Action Taken.
131: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mng". Action Taken: No Action Taken.
132: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ncp". Action Taken: No Action Taken.
133: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ndo". Action Taken: No Action Taken.
134: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nff". Action Taken: No Action Taken.
135: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ngg". Action Taken: No Action Taken.
136: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nif". Action Taken: No Action Taken.
137: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nlm". Action Taken: No Action Taken.
138: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nol". Action Taken: No Action Taken.
139: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".p5f". Action Taken: No Action Taken.
140: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pb". Action Taken: No Action Taken.
141: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pbv". Action Taken: No Action Taken.
142: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pk3". Action Taken: No Action Taken.
143: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pkf". Action Taken: No Action Taken.
144: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ply". Action Taken: No Action Taken.
145: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PRJ". Action Taken: No Action Taken.
146: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".prs". Action Taken: No Action Taken.
147: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".RDA". Action Taken: No Action Taken.
148: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".REX". Action Taken: No Action Taken.
149: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rlm". Action Taken: No Action Taken.
150: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".scl". Action Taken: No Action Taken.
151: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sff". Action Taken: No Action Taken.
152: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfw". Action Taken: No Action Taken.
153: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sgi". Action Taken: No Action Taken.
154: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sln". Action Taken: No Action Taken.
155: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ssf". Action Taken: No Action Taken.
156: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sty". Action Taken: No Action Taken.
157: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sun". Action Taken: No Action Taken.
158: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sze". Action Taken: No Action Taken.
159: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TED". Action Taken: No Action Taken.
160: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ter". Action Taken: No Action Taken.
161: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tex". Action Taken: No Action Taken.
162: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tgp". Action Taken: No Action Taken.
163: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tgs". Action Taken: No Action Taken.
164: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tgw". Action Taken: No Action Taken.
165: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmd". Action Taken: No Action Taken.
166: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmpl". Action Taken: No Action Taken.
167: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TSX". Action Taken: No Action Taken.
168: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".u3d". Action Taken: No Action Taken.
169: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ulf". Action Taken: No Action Taken.
170: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ULP". Action Taken: No Action Taken.
171: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".vex". Action Taken: No Action Taken.
172: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VIP". Action Taken: No Action Taken.
173: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".vsb". Action Taken: No Action Taken.
174: Wed Sep 14 03:37:19 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".wd". Action Taken: No Action Taken.
175: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Airline Tycoon - Deluxe". Action Taken: No Action Taken.
176: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BigTick_Rainbow2_is1". Action Taken: No Action Taken.
177: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Bricks of Egypt Trial Version_is1". Action Taken: No Action Taken.
178: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Bridge Builder Demo". Action Taken: No Action Taken.
179: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Café International". Action Taken: No Action Taken.
180: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "CharacterFX". Action Taken: No Action Taken.
181: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Der Fluch des Goldes XS". Action Taken: No Action Taken.
182: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Der VerkehrsGigant-Gold Edition". Action Taken: No Action Taken.
183: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Dogs & Lights Shareware". Action Taken: No Action Taken.
184: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "fragMOTION 0.7.0_is1". Action Taken: No Action Taken.
185: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Gothic II". Action Taken: No Action Taken.
186: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HijackThis". Action Taken: No Action Taken.
187: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hollywood Tycoon". Action Taken: No Action Taken.
188: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HSCF". Action Taken: No Action Taken.
189: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
190: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "JDiskReport 1.1.2". Action Taken: No Action Taken.
191: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "JumpOver_is1". Action Taken: No Action Taken.
192: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821557". Action Taken: No Action Taken.
193: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
194: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823559". Action Taken: No Action Taken.
195: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
196: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
197: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
198: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.
199: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
200: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
201: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833330". Action Taken: No Action Taken.
202: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
203: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
204: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.
205: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.
206: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
207: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.
208: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
209: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KPT3S". Action Taken: No Action Taken.
210: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LucasArts' Star Wars Rebellion". Action Taken: No Action Taken.
211: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MiniPy15". Action Taken: No Action Taken.
212: Wed Sep 14 03:37:19 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "No Man's Land". Action Taken: No Action Taken.
213: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
214: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Office8.0". Action Taken: No Action Taken.
215: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Project: Snowblind Demo". Action Taken: No Action Taken.
216: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "PureBasic_is1". Action Taken: No Action Taken.
217: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.
218: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329048". Action Taken: No Action Taken.
219: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329115". Action Taken: No Action Taken.
220: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329170". Action Taken: No Action Taken.
221: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329390". Action Taken: No Action Taken.
222: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329441". Action Taken: No Action Taken.
223: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329834". Action Taken: No Action Taken.
224: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810565". Action Taken: No Action Taken.
225: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810577". Action Taken: No Action Taken.
226: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810833". Action Taken: No Action Taken.
227: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q811493". Action Taken: No Action Taken.
228: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814033". Action Taken: No Action Taken.
229: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815021". Action Taken: No Action Taken.
230: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817606". Action Taken: No Action Taken.
231: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
232: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuickTime". Action Taken: No Action Taken.
233: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuizChampion". Action Taken: No Action Taken.
234: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Rising Kingdoms Demo". Action Taken: No Action Taken.
235: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Shareaza". Action Taken: No Action Taken.
236: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SiSoftware Sandra Standard 2004.SP1 (Win32 x86)_is1". Action Taken: No Action Taken.
237: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SmartStartup". Action Taken: No Action Taken.
238: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Tattoo". Action Taken: No Action Taken.
239: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "The Spirit Engine". Action Taken: No Action Taken.
240: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Tony Tough and The Night of Roasted Moths". Action Taken: No Action Taken.
241: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "virtualcreations UltraPhazer_is1". Action Taken: No Action Taken.
242: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{00170407-78E1-11D2-B60F-006097C998E7}". Action Taken: No Action Taken.
243: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{09131BDB-A91C-4D1C-830B-F2ADD80804E4}". Action Taken: No Action Taken.
244: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{15B4652F-38E8-4252-8374-EFE88AA2FDA7}". Action Taken: No Action Taken.
245: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{19004701-1927-8189-3560-141084253787}". Action Taken: No Action Taken.
246: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{1A2000AF-79DE-47FB-8411-BA22F981917F}". Action Taken: No Action Taken.
247: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2ADC1927-AA15-4781-9AA9-B14FC29F63EC}_is1". Action Taken: No Action Taken.
248: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{43B6667D-7520-4186-B05B-F5C0494C495D}". Action Taken: No Action Taken.
249: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{481463D7-E5D9-4331-B154-B75D6D3C15F8}". Action Taken: No Action Taken.
250: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{64ECA738-E431-4C0E-AE32-EE0DAFBEC570}_is1". Action Taken: No Action Taken.
251: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{796E70BB-C20D-4956-99DA-72BD201846E8}". Action Taken: No Action Taken.
252: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{79726608-1126-7845-8329-738134109973}". Action Taken: No Action Taken.
253: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{84146EF9-4DCB-4321-89AE-EA38956F5FC7}". Action Taken: No Action Taken.
254: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8D27EAE7-A6EA-449D-98FF-42E8C1591A5E}". Action Taken: No Action Taken.
255: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{90A455A7-0FC8-4508-B7FA-8F135B8F041A}". Action Taken: No Action Taken.
256: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{91C69142-2158-4B46-AC85-FEC80CAE973D}". Action Taken: No Action Taken.
257: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{990036E7-D647-45A4-8F7F-1CB277EF0ABD}". Action Taken: No Action Taken.
258: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1031-7B44-000000000001}". Action Taken: No Action Taken.
259: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B1275E23-717A-4D52-997A-1AD1E24BC7F3}". Action Taken: No Action Taken.
260: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{BAF5914B-5730-4373-B038-9F436AC6A0D6}". Action Taken: No Action Taken.
261: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{E169177D-2FAC-486A-AB94-81ACF76313D6}". Action Taken: No Action Taken.
262: Wed Sep 14 03:37:20 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EED193CF-6AD9-4FFC-AB77-C6FA792D2E1F}_is1". Action Taken: No Action Taken.
263: Wed Sep 14 03:37:26 2005 => Entry "HKCR\CLSID\{8D3F1E2E-5CA0-0966-FE92-19B4B48C7840}" refers to invalid object "G:\Programme\Microsoft Picture It! PhotoPub\SCTV.DLL". Action Taken: No Action Taken.
264: Wed Sep 14 03:37:26 2005 => Entry "HKCR\CLSID\{9BF34098-E8A2-4050-5549-290AC1348D22}" refers to invalid object "G:\Programme\Microsoft Picture It! PhotoPub\SCTV.DLL". Action Taken: No Action Taken.
265: Wed Sep 14 03:37:28 2005 => Entry "HKCR\CLSID\{CDC2C92D-B6A5-3B2F-4F23-524A9D3303E0}" refers to invalid object "G:\Programme\Microsoft Picture It! PhotoPub\SCTV.DLL". Action Taken: No Action Taken.
266: Wed Sep 14 03:37:28 2005 => Entry "HKCR\CLSID\{E52E75C6-80CD-D1E3-767A-960FE8250F53}" refers to invalid object "G:\Programme\Microsoft Picture It! PhotoPub\SCTV.DLL". Action Taken: No Action Taken.
267: Wed Sep 14 03:37:30 2005 => Entry "HKCR\TypeLib\{73C20A89-AD22-4868-9BBA-25DD9D78A1D0}" refers to invalid object "C:\DOKUME~1\PETERL~1\LOKALE~1\Temp\Word8.0\ShockwaveFlashObjects.exd". Action Taken: No Action Taken.
268: Wed Sep 14 03:37:30 2005 => Entry "HKCR\TypeLib\{74C0A8E1-3D5E-439D-A202-66233ED303CB}" refers to invalid object "C:\DOKUME~1\PETERL~1\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
269: Wed Sep 14 03:37:30 2005 => Entry "HKCR\TypeLib\{CF612D4F-CF9F-43D8-A51E-F0E48878C7B1}" refers to invalid object "C:\DOKUME~1\MELANI~1\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
270: Wed Sep 14 03:37:30 2005 => Entry "HKCR\TypeLib\{E587EA01-1F17-4991-AE9A-C6B909D9205A}" refers to invalid object "C:\DOKUME~1\PETERL~1\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
271: Wed Sep 14 03:37:31 2005 => Entry "HKCR\.SFM\shell\open\command" refers to invalid object "E:\SIMFARMW\WSIMFARM.EXE %1". Action Taken: No Action Taken.
272: Wed Sep 14 03:37:31 2005 => Entry "HKCR\.SSM\shell\open\command" refers to invalid object "E:\SIMFARMW\WSIMFARM.EXE %1". Action Taken: No Action Taken.
273: Wed Sep 14 03:37:32 2005 => Entry "HKCR\avi_auto_file\shell\open\command" refers to invalid object ""G:\MAGIX\Media_Manager\MediaManager.exe" "%1"". Action Taken: No Action Taken.
274: Wed Sep 14 03:37:34 2005 => Entry "HKCR\jpg_auto_file\shell\open\command" refers to invalid object ""G:\MAGIX\Media_Manager\MediaManager.exe" "%1"". Action Taken: No Action Taken.
275: Wed Sep 14 03:37:34 2005 => Entry "HKCR\MKI_auto_file\shell\open\command" refers to invalid object ""G:\MAGIX\Media_Manager\MagixLoader.exe" "%1"". Action Taken: No Action Taken.
276: Wed Sep 14 03:37:35 2005 => Entry "HKCR\mks_auto_file\shell\open\command" refers to invalid object "G:\MAGIX\MEDIA_~1\MEDIAM~1.EXE "%1"". Action Taken: No Action Taken.
277: Wed Sep 14 03:37:35 2005 => Entry "HKCR\mp2_auto_file\shell\open\command" refers to invalid object ""G:\MAGIX\Media_Manager\MediaManager.exe" "%1"". Action Taken: No Action Taken.
278: Wed Sep 14 03:37:35 2005 => Entry "HKCR\mp3_auto_file\shell\open\command" refers to invalid object ""G:\MAGIX\Media_Manager\MediaManager.exe" "%1"". Action Taken: No Action Taken.
279: Wed Sep 14 03:37:38 2005 => Entry "HKCR\wav_auto_file\shell\open\command" refers to invalid object ""G:\MAGIX\Media_Manager\MediaManager.exe" "%1"". Action Taken: No Action Taken.

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\Programme\winupdates\a.zip => Worm.Win32.VB.an
2: C:\RECYCLER\S-1-5-21-2052111302-1647877149-839522115-1004\Dc523\CAEVIRQD.html => Trojan-Downloader.JS.FlingStone

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Wed Sep 14 05:31:01 2005 => Total Objects Scanned: 132436
Wed Sep 14 05:31:01 2005 => Total Virus(es) Found: 18
Wed Sep 14 05:31:01 2005 => Total Errors: 279
Wed Sep 14 05:31:01 2005 => Virus Database Date: 2005/09/14
Wed Sep 14 05:31:01 2005 => Virus Database Count: 149175
Wed Sep 14 05:35:27 2005 => Total Objects Scanned: 132436
Wed Sep 14 05:35:27 2005 => Total Virus(es) Found: 18
Wed Sep 14 05:35:27 2005 => Total Errors: 279

-------------------------------------------------------------------
Ich wäre dankbar für jeden Tip!

PS: Worm.Win32.VB und Trojan-Downloader.JS.FlingStone habe ich bereits entsorgt.
__________
Computer schaffen Probleme, die es zuvor niemals gab!
Dieser Beitrag wurde am 14.09.2005 um 18:20 Uhr von Megalomanic editiert.
Seitenanfang Seitenende
14.09.2005, 20:02
Member
Avatar Gool

Beiträge: 4730
#4 Nun, Viren sind das nicht wirklich, sondern nur ne Armee von Spyware. Wie es scheint, ist Dein System auch nicht mehr wirklich stabil. Eine Neuinstallation von Windows wäre vermutlich nützlicher... dann wäre Dein System auch wirklich sauber ;)

Ok, nun zur Problemlösung:

Killbox:
http://virus-protect.org/killbox.html

Aktiviere "Delete on Reboot". Füge folgendes in das Eingabefeld ein und bestätige jeweils mit Klick rechts auf das Kreuz. Die Frage, ob jetzt neugestartet werden soll, erst am Ende mit JA beantworten.

C:\WINDOWS\System32\bszip.dll
C:\WINDOWS\iun6002.exe
C:\WINDOWS\System32\DartSock.dll
C:\Dokumente und Einstellungen\Peter Lang\Eigene Dateien\Download\fgf160.exe

PC wird neugestartet.
Lösche Verzeichnis:
C:\Programme\winupdates\

CCleaner: http://virus-protect.org/temp.html
alle Dateien löschen (Standardeinstellung).

Ewido: http://virus-protect.org/ewido.html
System überprüfen und Report posten.

Anschließend noch ein neues HJT-Log.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
14.09.2005, 23:32
Member

Themenstarter

Beiträge: 21
#5 welcome back,

die Scans sind jetzt endlich durch!

---------------------------------------------------------
ewido security suite - Scan Report
---------------------------------------------------------

+ Erstellt am: 23:09:55, 14.09.2005
+ Report-Checksumme: D70AFEFC

+ Scanergebnis:

C:\Dokumente und Einstellungen\LocalService\Cookies\system@a.tfag[1].txt -> Spyware.Cookie.Tfag : Gesäubert mit Backup
C:\Dokumente und Einstellungen\LocalService\Cookies\system@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\LocalService\Cookies\system@tfag[2].txt -> Spyware.Cookie.Tfag : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Melanie Voigt\Lokale Einstellungen\Anwendungsdaten\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Gesäubert mit Backup
C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Gesäubert mit Backup
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Gesäubert mit Backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll -> Spyware.WildTangent : Gesäubert mit Backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Gesäubert mit Backup


::Report Ende



Logfile of HijackThis v1.99.0
Scan saved at 23:16:11, on 14.09.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programme\Gemeinsame Dateien\Stardock\SDMCP.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
C:\Programme\SBAudigy\AudioHQ\AHQTBU.EXE
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\ZoneAlarm\zlclient.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Programme\Outlook Express\MSIMN.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\FlashGet\flashget.exe
C:\Virenbekämpfung\ewido security suite\ewidoguard.exe
C:\Virenbekämpfung\ewido security suite\ewidoctrl.exe
C:\Virenbekämpfung\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Übersetzer - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Programme\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programme\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
O4 - HKLM\..\Run: [AudioHQU] C:\Programme\SBAudigy\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] "C:\Programme\T-Online\Dialerschutz-Software\defender.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [Zone Labs Client] "C:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [HBRemind] C:\Programme\T-Online\T-Online_Software_5\Banking\HBRemind.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\ObjectDockPlus\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Automatische Auswahl der Themenvorlage - C:\Programme\PRMT6\PRMTIE\aot.htm
O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Seite übersetzen - C:\Programme\PRMT6\PRMTIE\page.htm
O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Übersetzen - C:\Programme\PRMT6\PRMTIE\translat.htm
O8 - Extra context menu item: Übersetzungsoptionen anpassen - C:\Programme\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Übersetzen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Übersetzungsoptionen anpassen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT6\PRMTIE\options.htm
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Dialerschutz Dienst - Unknown - C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
O23 - Service: ewido security suite control - ewido networks - C:\Virenbekämpfung\ewido security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Virenbekämpfung\ewido security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Übrigens: Bei dem Satz "Windows neu aufspielen" bekomme ich mächtig Bauchschmerzen.
1. 3 Tage ABM
2. Viele CD's (habe keinen DVD-Röster) brennen, da recht große Datenbanken (ca. 40GB) vorhanden sind.

----------------------------------------
-Megalomanic
__________
Computer schaffen Probleme, die es zuvor niemals gab!
Seitenanfang Seitenende
15.09.2005, 00:10
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Hallo@Megalomanic

CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html

Microsoft Update = wuamgrd.exe <--vielleicht finde ich noch einige TFTP....

die com-Dateien muessen noch geloescht werden ( Alcra.B)
arbeite das bitte ab: (alle 4 Logs posten)
http://virus-protect.org/datfindbat.html

---------------------
C:\Program Files\winupdates\a.zip
C\Windows\System32\cmd.com
C\Windows\System32\bszip.dll
C\Windows\System32\netstat.com
C\Windows\System32\ping.com
C\Windows\System32\regedit.com
C\Windows\System32\taskkill.com
C\Windows\System32\tasklist.com
C\Windows\System32\tracert.com
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.09.2005, 01:33
Member

Themenstarter

Beiträge: 21
#7 Hallo zusammen,

CCleaner ist nochmals durch.

wuamgrd.exe ist auf meinem System nicht mehr vorhanden.

Die 4 Logs aus DatFind:

----SYSTEM32----
Datentr„ger in Laufwerk C: ist Windows XP
Volumeseriennummer: 9C35-8BA3

Verzeichnis von C:\WINDOWS\system32

14.09.2005 20:26 890 vsconfig.xml
14.09.2005 20:25 1.080 settings.sfm
14.09.2005 20:25 384 DVCState-{00000001-00000000-00000008-00001102-00000004-00511102}.dat
14.09.2005 20:25 1.080 settingsbkup.sfm
14.09.2005 20:25 384 DVCStateBkp-{00000001-00000000-00000008-00001102-00000004-00511102}.dat
14.09.2005 20:25 29.100 BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-00511102}.rfx
14.09.2005 20:25 30.648 BMXState-{00000001-00000000-00000008-00001102-00000004-00511102}.rfx
14.09.2005 20:25 30.648 BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-00511102}.rfx
14.09.2005 20:25 29.100 BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-00511102}.rfx
14.09.2005 16:31 13.646 wpa.dbl
13.09.2005 15:38 421.432 FNTCACHE.DAT
11.09.2005 17:15 4.212 zllictbl.dat
11.09.2005 05:13 82.702 NULL
11.09.2005 05:12 23.392 nscompat.tlb
11.09.2005 05:12 16.832 amcompat.tlb
11.09.2005 05:10 380.350 perfh009.dat
11.09.2005 05:10 391.000 perfh007.dat
11.09.2005 05:10 52.764 perfc009.dat
11.09.2005 05:10 63.580 perfc007.dat
11.09.2005 05:10 872.024 PerfStringBackup.INI
08.09.2005 21:36 1.997.664 MRT.exe
08.09.2005 01:55 76 intelreg2.ini
08.09.2005 00:27 76 PhotoRg2.ini
06.09.2005 22:59 2.060.544 TUKernel.exe
05.09.2005 15:30 2 cmd.com
05.09.2005 15:30 2 regedit.com
05.09.2005 15:30 2 taskkill.com
05.09.2005 15:30 2 tasklist.com
05.09.2005 15:30 2 tracert.com
05.09.2005 15:30 2 ping.com
05.09.2005 15:30 2 netstat.com
04.09.2005 11:07 43.520 CmdLineExt03.dll
29.08.2005 13:27 520.968 LegitCheckControl.DLL
29.08.2005 13:27 23.304 GWFSPidGen.DLL
26.07.2005 20:36 400 w32pool.bin
19.07.2005 12:38 2.699.264 MSHTML.DLL

Jahrgang 2004 und früher ist gekürzt. Passt nicht in das Topic.


---SYSTEMTEMP----

Datentr„ger in Laufwerk C: ist Windows XP
Volumeseriennummer: 9C35-8BA3

Verzeichnis von C:\DOKUME~1\PETERL~1\LOKALE~1\Temp

14.09.2005 21:00 16.384 ~DFC555.tmp
14.09.2005 20:27 32.768 ~DFEB6A.tmp
14.09.2005 20:27 32.768 ~DFC865.tmp
14.09.2005 20:24 239 kb.log
14.09.2005 20:16 16.384 ~DFE893.tmp
14.09.2005 19:46 16.384 ~DFC55E.tmp
14.09.2005 16:25 32.768 ~DFC3AE.tmp
14.09.2005 16:25 32.768 ~DFA6B2.tmp
14.09.2005 14:10 32.768 ~DFF4D.tmp
14.09.2005 14:10 32.768 ~DFEBCE.tmp
14.09.2005 05:36 16.384 ~DFD6B8.tmp
14.09.2005 03:23 32.768 ~DF85F5.tmp
14.09.2005 03:23 32.768 ~DF30CE.tmp
13.09.2005 23:20 32.768 ~DF4E14.tmp
13.09.2005 23:20 32.768 ~DF36EF.tmp
15 Datei(en) 393.455 Bytes
0 Verzeichnis(se), 9.462.067.200 Bytes frei

----SYSTEM----
Datentr„ger in Laufwerk C: ist Windows XP
Volumeseriennummer: 9C35-8BA3

Verzeichnis von C:\WINDOWS

14.09.2005 20:34 893.070 WindowsUpdate.log
14.09.2005 20:28 4.923.423 {00000001-00000000-00000008-00001102-00000004-00511102}.CDF
14.09.2005 20:26 159 wiadebug.log
14.09.2005 20:26 50 wiaservc.log
14.09.2005 20:26 2.048 bootstat.dat
14.09.2005 20:25 32.568 SchedLgU.Txt
13.09.2005 14:54 2.260.035 setupapi.log.0.old
13.09.2005 05:08 150 W2W.ini
11.09.2005 16:57 211 uno.ini
11.09.2005 16:57 2.581 win.ini
11.09.2005 15:01 275 system.ini
11.09.2005 15:01 412 wininit.ini
11.09.2005 05:12 316.640 WMSysPr9.prx
10.09.2005 04:39 399 Caligari.ini
10.09.2005 01:10 9.728 Thumbs.db
06.09.2005 13:12 49 hw.ini
04.09.2005 20:10 2.490 TrayServerData.ini
04.09.2005 14:40 24 LogonStudio.ini
31.08.2005 15:07 287 ringtonemaker.INI
31.08.2005 12:49 3.120 MF_C425.lfa
31.08.2005 12:49 3.120 MF_C421.lfa
31.08.2005 12:49 3.120 MF_C420.lfa
25.08.2005 17:34 387 SBWIN.INI
25.08.2005 00:47 512 AudStu.INI
15.08.2005 02:29 1.125 winamp.ini
08.08.2005 01:20 30 iedit.INI
04.08.2005 21:50 152 CoolPlay.ini
04.08.2005 21:40 98 Ô
01.08.2005 21:50 116 magix.ini
20.07.2005 00:39 0 FoneSync.INI
14.07.2005 17:56 286.720 Setup1.exe
14.07.2005 16:41 73.216 ST6UNST.EXE
14.07.2005 16:36 117 ??????
14.07.2005 16:01 427 justnote.ini
14.07.2005 16:00 33 hqdates.dat
14.07.2005 16:00 430 TRAYHQ.INI
09.07.2005 05:54 16 blox-n-balls.cfg

Datentr„ger in Laufwerk C: ist Windows XP
Volumeseriennummer: 9C35-8BA3

Verzeichnis von C:\

15.09.2005 01:05 0 sys.txt
15.09.2005 01:05 14.431 system.txt
15.09.2005 01:04 972 systemtemp.txt
15.09.2005 01:04 117.858 system32.txt
14.09.2005 20:26 1.609.801.728 pagefile.sys
14.09.2005 05:31 0 23990098.$$$
14.09.2005 05:31 6 AVPCallback.log
14.09.2005 03:35 630 abc.lnk
11.09.2005 23:20 4.803 TDSLCheck.txt
11.09.2005 16:57 435 TO_InstallLog.txt
06.09.2005 22:59 355 boot.ini
29.08.2005 21:10 229.584 wonderlog.txt
25.08.2005 18:17 69 Neues Projekt.dat
18.08.2005 22:27 17.737 vstcdbg.log
13.08.2005 21:39 10.495.846 soundeffect.wav
05.08.2005 00:37 1.847.236 logfromvst1.txt
05.08.2005 00:34 516 logfromvst_launch.txt
05.08.2005 00:34 40 logfromvst_prod.txt
02.08.2005 20:40 16 mxfilerelatedcache.mxc2
09.07.2005 04:25 135 kamihigh.dat
08.06.2005 05:55 25.627.707 logfromvst2.txt
08.06.2005 05:54 0 logfromvst-2.txt
26.03.2005 18:35 3.181 pbidetest2.rtf
15.02.2005 10:27 4.259 asize.txt
15.02.2005 10:27 6.039.831 afile.txt
15.02.2005 10:05 0 aperf.txt
04.11.2004 20:50 746 midi studio 2005.Key
28.10.2004 12:49 133.866 WINDOWSgame.log
27.10.2004 18:53 13.030 PDOXUSRS.NET
24.10.2004 15:44 10.440 guru.log
10.07.2004 19:49 258 sap.log
29.05.2004 16:00 2 calendarapps.txt
16.05.2004 15:13 3.201 Debug_OF_StartHmt.txt
06.05.2004 22:55 1.206 INSTALL.LOG
02.05.2004 17:44 0 IO.SYS
02.05.2004 17:44 0 MSDOS.SYS
02.05.2004 17:44 0 CONFIG.SYS
02.05.2004 17:44 0 AUTOEXEC.BAT
29.08.2002 14:00 47.580 NTDETECT.COM
29.08.2002 14:00 4.952 bootfont.bin
29.08.2002 14:00 235.296 ntldr
41 Datei(en) 1.654.657.952 Bytes
0 Verzeichnis(se), 9.462.046.720 Bytes frei
__________
Computer schaffen Probleme, die es zuvor niemals gab!
Dieser Beitrag wurde am 15.09.2005 um 01:44 Uhr von Megalomanic editiert.
Seitenanfang Seitenende
15.09.2005, 09:03
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 einzelne "exe" ueberpruefen
http://www.virustotal.com/flash/index_en.html
http://virusscan.jotti.org/de/

C:\WINDOWS\system32\TUKernel.exe
C\Windows\Ô
C\Windows\??????
C:\WINDOWS\system32\NULL



Oben auf der Seite auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit...
jetzt abwarten und danach das Ergebnis abkopieren und hier im Beitrag posten

Zitat

05.09.2005 15:30 2 cmd.com
05.09.2005 15:30 2 regedit.com
05.09.2005 15:30 2 taskkill.com
05.09.2005 15:30 2 tasklist.com
05.09.2005 15:30 2 tracert.com
05.09.2005 15:30 2 ping.com
05.09.2005 15:30 2 netstat.com
•KillBox
http://www.bleepingcomputer.com/files/killbox.php
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

•Delete File on Reboot <--anhaken

C\Windows\System32\cmd.com
C\Windows\System32\netstat.com
C\Windows\System32\ping.com
C\Windows\System32\regedit.com
C\Windows\System32\taskkill.com
C\Windows\System32\tasklist.com
C\Windows\System32\tracert.com

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

PC neustarten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.09.2005, 14:59
Member

Themenstarter

Beiträge: 21
#9 Hallo Sabina,

bist Du sicher, daß dadurch die Funktionalität von WinXP noch gewährleistet ist?

C\Windows\System32\cmd.com
C\Windows\System32\netstat.com
C\Windows\System32\ping.com
C\Windows\System32\regedit.com
C\Windows\System32\taskkill.com
C\Windows\System32\tasklist.com
C\Windows\System32\tracert.com


Anbei die Scan's der fragwürdigen Dateien:

Datei: TUKernel.exe
Status: OK
Entdeckte Packprogramme: -

AntiVir Keine Viren gefunden
ArcaVir Keine Viren gefunden
Avast Keine Viren gefunden
AVG Antivirus Keine Viren gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
Dr.Web Keine Viren gefunden
F-Prot Antivirus Keine Viren gefunden
Fortinet Keine Viren gefunden
Kaspersky Anti-Virus Keine Viren gefunden
NOD32 Keine Viren gefunden
Norman Virus Control Keine Viren gefunden
UNA Keine Viren gefunden
VBA32 Keine Viren gefunden


Datei: NULL
Status: OK
Entdeckte Packprogramme: -

AntiVir Keine Viren gefunden
ArcaVir Keine Viren gefunden
Avast Keine Viren gefunden
AVG Antivirus Keine Viren gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
Dr.Web Keine Viren gefunden
F-Prot Antivirus Keine Viren gefunden
Fortinet Keine Viren gefunden
Kaspersky Anti-Virus Keine Viren gefunden
NOD32 Keine Viren gefunden
Norman Virus Control Keine Viren gefunden
UNA Keine Viren gefunden
VBA32 Keine Viren gefunden


Datei: È
Status: OK
Entdeckte Packprogramme: -

AntiVir Keine Viren gefunden
ArcaVir Keine Viren gefunden
Avast Keine Viren gefunden
AVG Antivirus Keine Viren gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
Dr.Web Keine Viren gefunden
F-Prot Antivirus Keine Viren gefunden
Fortinet Keine Viren gefunden
Kaspersky Anti-Virus Keine Viren gefunden
NOD32 Keine Viren gefunden
Norman Virus Control Keine Viren gefunden
UNA Keine Viren gefunden
VBA32 Keine Viren gefunden


Datei: 捉湯牗獫䤮䥎
Status: OK
Entdeckte Packprogramme: -

AntiVir Keine Viren gefunden
ArcaVir Keine Viren gefunden
Avast Keine Viren gefunden
AVG Antivirus Keine Viren gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
Dr.Web Keine Viren gefunden
F-Prot Antivirus Keine Viren gefunden
Fortinet Keine Viren gefunden
Kaspersky Anti-Virus Keine Viren gefunden
NOD32 Keine Viren gefunden
Norman Virus Control Keine Viren gefunden
UNA Keine Viren gefunden
VBA32 Keine Viren gefunden


----------------------------------
-Megalomanic
__________
Computer schaffen Probleme, die es zuvor niemals gab!
Dieser Beitrag wurde am 15.09.2005 um 15:20 Uhr von Megalomanic editiert.
Seitenanfang Seitenende
15.09.2005, 15:27
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 wer irgendwelche dubiosen Tools laedt und dann die Viren behalten will, sollte sich dann keine Sorgen, um die Funktionalitaet vom XP machen
http://virus-protect.org/Artikel/spyware/alcrab.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.09.2005, 16:09
Member

Themenstarter

Beiträge: 21
#11 Welcome back,

Killbox ist jetzt durch. Der Taskmanager von WinXP reagiert jetzt nicht mehr! Wie geht's nun weiter?

Aktueller HijackThis-Report:
Logfile of HijackThis v1.99.0
Scan saved at 16:28:48, on 15.09.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
C:\Virenbekämpfung\ewido security suite\ewidoctrl.exe
C:\Virenbekämpfung\ewido security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
C:\Programme\SBAudigy\AudioHQ\AHQTBU.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\ZoneAlarm\zlclient.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Virenbekämpfung\Spybot\TeaTimer.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\Outlook Express\MSIMN.EXE
C:\WINDOWS\System32\cidaemon.exe
C:\Virenbekämpfung\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Virenbekämpfung\Spybot\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Übersetzer - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Programme\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programme\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
O4 - HKLM\..\Run: [AudioHQU] C:\Programme\SBAudigy\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] "C:\Programme\T-Online\Dialerschutz-Software\defender.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [Zone Labs Client] "C:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [HBRemind] C:\Programme\T-Online\T-Online_Software_5\Banking\HBRemind.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Virenbekämpfung\Spybot\TeaTimer.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\ObjectDockPlus\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Automatische Auswahl der Themenvorlage - C:\Programme\PRMT6\PRMTIE\aot.htm
O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Seite übersetzen - C:\Programme\PRMT6\PRMTIE\page.htm
O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Übersetzen - C:\Programme\PRMT6\PRMTIE\translat.htm
O8 - Extra context menu item: Übersetzungsoptionen anpassen - C:\Programme\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Übersetzen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Übersetzungsoptionen anpassen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT6\PRMTIE\options.htm
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Dialerschutz Dienst - Unknown - C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
O23 - Service: ewido security suite control - ewido networks - C:\Virenbekämpfung\ewido security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Virenbekämpfung\ewido security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------
-Megalomanic
__________
Computer schaffen Probleme, die es zuvor niemals gab!
Dieser Beitrag wurde am 15.09.2005 um 16:37 Uhr von Megalomanic editiert.
Seitenanfang Seitenende
15.09.2005, 16:47
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 start-->Ausfuehren--> regedit

Taskmanager:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
DisableTaskMgr 0 <--dieser Wert muss dastehen, oder gleich den Schluessel DisableTaskMgr loeschen

bitte abarbeiten und alles posten:
http://virus-protect.org/silentrunner.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.09.2005, 18:50
Member

Themenstarter

Beiträge: 21
#13 Welcome back,

DisableTaskMgr 0 ist enfernt, Taskmanager läuft wieder.

"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"HBRemind" = "C:\Programme\T-Online\T-Online_Software_5\Banking\HBRemind.exe" ["fun communications GmbH"]
"Shareaza" = ""C:\Programme\Shareaza\Shareaza.exe" -tray" ["Shareaza Development Team"]
"SpybotSD TeaTimer" = "C:\Virenbekämpfung\Spybot\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"CTStartup" = "C:\Programme\SBAudigy\Program\CTEaxSpl.EXE /run" ["Creative Technology Ltd."]
"WheelMouse" = "C:\PROGRA~1\OPTICA~1\4DMAIN.EXE" [null data]
"AudioHQU" = "C:\Programme\SBAudigy\AudioHQ\AHQTBU.EXE" ["Creative Technology Ltd."]
"T-DSL SpeedMgr" = ""C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"" ["T-Systems Nova, Berkom"]
"T-Online Dialerschutz-Software" = ""C:\Programme\T-Online\Dialerschutz-Software\defender.exe"" ["T-Online International AG"]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"ToADiMon.exe" = "C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart" ["Marmiko IT-Solutions GmbH"]
"Zone Labs Client" = ""C:\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"RemoteControl" = "C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."]
"gcasServ" = ""C:\Programme\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\CTStartup {++}
"CTStartup" = ""C:\Programme\SBAudigy\Program\CTEaxSpl.EXE" EAX.AVI" ["Creative Technology Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Virenbekämpfung\Spybot\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\upnpui.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\Applications\OpenOffice\program\shlxthdl.dll" ["Sun Microsystems, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\KODAK\IFSCore\kodakshx.dll" ["Eastman Kodak Company"]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {CLSID}\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "Internetverknüpfung" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "shdocvw.dll" [MS]
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft AntiSpyware\shellextension.dll" [MS]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Virenbekämpfung\ewido security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"0aMCPClient" = "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\stardock\MCPCore.dll" ["Stardock"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! MCPClient\DLLName = "C:\Programme\Gemeinsame Dateien\Stardock\mcpstub.dll" ["Stardock"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Virenbekämpfung\ewido security suite\context.dll" ["ewido networks"]
PromtMenu\(Default) = "{E28C61E1-67D8-4005-9BF4-E232B2EB9012}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\PRMT6\PRMT\prmshell.dll" ["PROject MT, Ltd."]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {CLSID}\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Virenbekämpfung\ewido security suite\context.dll" ["ewido networks"]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {CLSID}\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Dokumente und Einstellungen\Peter Lang\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Startup items in "Peter Lang" & "All Users" startup folders:
------------------------------------------------------------

C:\Dokumente und Einstellungen\Peter Lang\Startmenü\Programme\Autostart
"Stardock ObjectDock" -> shortcut to: "C:\Programme\ObjectDockPlus\ObjectDock.exe" ["Stardock"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork1.dll [null data], 01 - 02, 16
%SystemRoot%\system32\mswsock.dll [MS], 03 - 05, 08 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]

"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [empty string]

"{FF284F5C-7CF9-4682-8701-D467C1DBB99F}" = "Übersetzer" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\PRMT6\PRMTIE\prmtie.dll" ["PROMT Ltd."]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{03C1C47F-0538-4645-8372-D3109B9FC636}\ = "Easy-WebPrint" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [empty string]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{9455301C-CF6B-11D3-A266-00C04F689C50}\ = "Encarta &Recherche-Assistent" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\msjava.dll" [MS]

{09FE188B-6E85-479E-9411-51FB2220DF80}\
"ButtonText" = "Subscribe in Desktop Sidebar"
"MenuText" = "Subscribe in Desktop Sidebar"
"CLSIDExtension" = "{45AD732C-2CE2-4666-B366-B2214AD57A49}"

{7A2EFD41-E6B3-11D2-89E3-00E0292EE574}\
"MenuText" = "Übersetzen"
"Script" = "C:\Programme\PRMT6\PRMTIE\prmtie5.htm" [null data]

{7A2EFD41-E6B3-11D2-89E3-00E0292EE575}\
"MenuText" = "Übersetzungsoptionen anpassen"
"Script" = "C:\Programme\PRMT6\PRMTIE\options.htm" [null data]

{9455301C-CF6B-11D3-A266-00C04F689C50}\
"ButtonText" = "Recherche-Assistent"

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\Programme\FlashGet\flashget.exe" ["Amaze Soft"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Programme\Messenger\MSMSGS.EXE" [file not found]


Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

Missing lines (compared with English-language version):
HIJACK WARNING! "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
Dialerschutz Dienst, DFSVC, "C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe" [null data]
Einfache TCP/IP-Dienste, SimpTcp, "C:\WINDOWS\System32\tcpsvcs.exe" [MS]
ewido security suite control, ewido security suite control, "C:\Virenbekämpfung\ewido security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Virenbekämpfung\ewido security suite\ewidoguard.exe" ["ewido networks"]
Kodak Camera Connection Software, KodakCCS, "C:\WINDOWS\system32\drivers\KodakCCS.exe" ["Eastman Kodak Company"]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
ScsiAccess, ScsiAccess, "C:\WINDOWS\System32\ScsiAccess.EXE" [null data]
SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\System32\UAService7.exe" ["Sony DADC Austria AG."]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
TSMService, TSMService, ""C:\Programme\T-DSL SpeedManager\tsmsvc.exe"" ["T-Systems Nova, Berkom"]
TuneUp WinStyler Theme Service, TUWinStylerThemeSvc, "C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe" ["TuneUp Software GmbH"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 49 seconds, including 18 seconds for message boxes)


PS: Shareaza hab' ich bereits aus dem Start-in-Tray rausgenommen.;)

-------------------------------------
-Megalomanic
__________
Computer schaffen Probleme, die es zuvor niemals gab!
Dieser Beitrag wurde am 15.09.2005 um 19:10 Uhr von Megalomanic editiert.
Seitenanfang Seitenende
15.09.2005, 23:55
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 deinstalliere diese Programme, wenn du ein sauberes System willst:

-C:\Programme\Shareaza
-C:\Programme\ObjectDockPlus (?)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.09.2005, 03:35
Member

Themenstarter

Beiträge: 21
#15 Hallo zusammen,

Ich habe nun FlashGet und Desktop Sidebar entfernt.

Shareaza ist zwar ein Risikogate, jedoch kein Schädling.

Was ist an ObjectDockPlus verwerflich? Ist eine echt komfortable Taskleiste, die die XP-Leiste ersetzt und bei MacOSX Bestandteil des Betriebssystems ist. Da muß der gute Bill mal eben bei Apple zur Schule;). Den Internetzugriff habe ich unterbunden.

Als Webbrowser verwende ich ab sofort Mozilla, IE hat ausgedient.

Was sollte ich jetzt noch tun um das System als völlig schädlingsfrei bezeichnen zu dürfen? Bin ich denn überhaupt schon fertig?
__________
Computer schaffen Probleme, die es zuvor niemals gab!
Dieser Beitrag wurde am 16.09.2005 um 05:02 Uhr von Megalomanic editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: