Hartnäckige TrojanerThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
10.10.2005, 20:49
Member
Beiträge: 85 |
||
|
||
11.10.2005, 05:31
Member
Beiträge: 4730 |
#2
Fixe (Häkchen setzen, "fix checked" klicken) folgende Einträge:
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - H:\WINDOWS\system32\hp5B9D.tmp O4 - HKLM\..\Run: [RegSvr32] H:\WINDOWS\system32\msmsgs.exe O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.bigfishgames.com/online/tumblebugs/axhost.cab Lösche mit Killbox (http://managor.de/killbox.htm) folgende Dateien: H:\WINDOWS\system32\shnlog.exe H:\WINDOWS\system32\msmsgs.exe H:\WINDOWS\system32\intmon.exe H:\WINDOWS\system32\intmonp.exe H:\WINDOWS\system32\hp5B9D.tmp Mache einen Scan mit eScanCheck (http://managor.de/escan.htm) uns poste das Ergebnis. Außerdem fertige nach der Anleitung auf folgender Seite vier Log-Dateien an, aus denen Du alle Einträge der vergangenen drei Wochen inkl. Pfadangabe kopierst (vor jedem Eintrag steht ein Datum): http://virus-protect.org/datfindbat.html __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
11.10.2005, 20:41
Member
Themenstarter Beiträge: 85 |
#3
Tja, es lässt sich leider nicht fixen.
Sobald ich das machen will, geht garnichts mehr und ich muss mein pc von hand ausmachen. |
|
|
||
11.10.2005, 21:37
Member
Beiträge: 4730 |
#4
Nicht so tragisch. Dann lösche erstmal wie beschrieben die genannten Dateien und fahre mit den anderen Schritten fort.
__________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
12.10.2005, 23:50
Member
Themenstarter Beiträge: 85 |
#5
Hallo ihr lieben,
mache gerade ein eScanCheck, weiss jemand wielange das dauert? Es läuft bei mir schon 3 std. und ich würde gerne ins bett gehen, da ich morgen sehr früh wieder aufstehen muss. Wär nett wenn ihr so schnell wie möglich antwortet. LG Nelli |
|
|
||
14.10.2005, 03:59
Member
Beiträge: 4730 |
#6
Oh, sorry, dass ich jetzt erst antworte. Wenn es so lang dauert, dann brich es ab. Starte den PC in den abgesicherten Modus (während des Starts die Taste F8 drücken) und probiere es dort nochmal. Vorher jedoch eine evtl. vorhandene mwav.log im Verzeichnis c:\bases_x löschen.
__________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
14.10.2005, 15:01
Member
Themenstarter Beiträge: 85 |
#7
Hallo
Hier das ergebnis: -------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Wed Oct 12 20:50:33 2005 => File H:\WINDOWS\popuper.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken. 2: Wed Oct 12 20:50:41 2005 => File H:\WINDOWS\system32\intmonp.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken. 3: Wed Oct 12 20:51:03 2005 => File H:\WINDOWS\popuper.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken. 4: Wed Oct 12 20:51:24 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. 5: Wed Oct 12 20:51:24 2005 => System found infected with flashget Spyware/Adware ({a5366673-e8ca-11d3-9cd9-0090271d075b})! Action taken: No Action Taken. 6: Wed Oct 12 20:51:24 2005 => System found infected with flashget Spyware/Adware ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: No Action Taken. 7: Wed Oct 12 20:51:24 2005 => System found infected with flashget Spyware/Adware ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: No Action Taken. 8: Wed Oct 12 20:51:25 2005 => Offending file found: H:\WINDOWS\popuper.exe 9: Wed Oct 12 20:51:25 2005 => System found infected with popuper Spyware/Adware (popuper.exe)! Action taken: No Action Taken. 10: Wed Oct 12 20:51:25 2005 => Offending file found: H:\WINDOWS\sites.ini 11: Wed Oct 12 20:51:25 2005 => System found infected with smitfraud Spyware/Adware (sites.ini)! Action taken: No Action Taken. 12: Wed Oct 12 20:51:25 2005 => Offending file found: H:\WINDOWS\system32\intmonp.exe 13: Wed Oct 12 20:51:25 2005 => System found infected with popuper Spyware/Adware (intmonp.exe)! Action taken: No Action Taken. 14: Wed Oct 12 20:51:25 2005 => Offending file found: H:\Programme\jcdeu.ini 15: Wed Oct 12 20:51:25 2005 => System found infected with flashget Spyware/Adware (jcdeu.ini)! Action taken: No Action Taken. 16: Wed Oct 12 20:51:30 2005 => Offending file found: H:\Dokumente und Einstellungen\Melanie\Lokale Einstellungen\temporary internet files\content.ie5\ji901ims\common[1].js 17: Wed Oct 12 20:51:30 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 18: Wed Oct 12 20:51:30 2005 => Offending file found: H:\Dokumente und Einstellungen\Melanie\Lokale Einstellungen\temporary internet files\content.ie5\qratuvwx\common[1].js 19: Wed Oct 12 20:51:30 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 20: Wed Oct 12 20:51:30 2005 => Offending file found: H:\Dokumente und Einstellungen\Melanie\Lokale Einstellungen\Temporary Internet Files\content.ie5\ji901ims\common[1].js 21: Wed Oct 12 20:51:30 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 22: Wed Oct 12 20:51:30 2005 => Offending file found: H:\Dokumente und Einstellungen\Melanie\Lokale Einstellungen\Temporary Internet Files\content.ie5\qratuvwx\common[1].js 23: Wed Oct 12 20:51:30 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 24: Wed Oct 12 20:53:20 2005 => File H:\WINDOWS\system32\intell32.exe infected by "Trojan-Downloader.Win32.Small.vu" Virus! Action Taken: No Action Taken. 25: Wed Oct 12 20:53:20 2005 => File H:\WINDOWS\system32\intmonp.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken. 26: Wed Oct 12 21:21:17 2005 => Scanning Folder: H:\Programme\AVPersonal\INFECTED\*.* 27: Wed Oct 12 21:21:17 2005 => Scanning File H:\Programme\AVPersonal\INFECTED\MSOLE32.EXE.VIR 28: Wed Oct 12 21:21:17 2005 => File H:\Programme\AVPersonal\INFECTED\MSOLE32.EXE.VIR infected by "Trojan-Clicker.Win32.Agent.cr" Virus! Action Taken: No Action Taken. 29: Wed Oct 12 21:21:17 2005 => Scanning File H:\Programme\AVPersonal\INFECTED\OPR0FY5L.HTM.VIR [**] 30: Wed Oct 12 21:21:17 2005 => Scanning File H:\Programme\AVPersonal\INFECTED\OPR0LTE5.HTML.VIR [**] 31: Wed Oct 12 21:21:22 2005 => File H:\Programme\backups\backup-20051011-211210-401.dll infected by "Trojan.Win32.Puper.be" Virus! Action Taken: No Action Taken. 32: Wed Oct 12 21:21:22 2005 => File H:\Programme\backups\backup-20051011-211227-921.dll infected by "Trojan.Win32.Puper.be" Virus! Action Taken: No Action Taken. 33: Wed Oct 12 21:27:51 2005 => File H:\Programme\freeripmp3.exe infected by "Trojan-Downloader.Win32.Agent.kr" Virus! Action Taken: No Action Taken. 34: Wed Oct 12 23:05:43 2005 => File H:\RECYCLER\S-1-5-21-1547161642-1085031214-682003330-1003\Dh15.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 35: Wed Oct 12 23:05:44 2005 => File H:\RECYCLER\S-1-5-21-1547161642-1085031214-682003330-1003\Dh20.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 36: Wed Oct 12 23:07:16 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0058658.exe infected by "Trojan.Win32.Puper.bf" Virus! Action Taken: No Action Taken. 37: Wed Oct 12 23:07:16 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0058659.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 38: Wed Oct 12 23:07:16 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0058660.exe infected by "Trojan.Win32.Puper.bd" Virus! Action Taken: No Action Taken. 39: Wed Oct 12 23:07:17 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0058683.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 40: Wed Oct 12 23:07:17 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0059686.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 41: Wed Oct 12 23:07:17 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0059687.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 42: Wed Oct 12 23:07:17 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0059695.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 43: Wed Oct 12 23:07:17 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060695.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 44: Wed Oct 12 23:07:17 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060696.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 45: Wed Oct 12 23:07:23 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060802.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 46: Wed Oct 12 23:07:23 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060813.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 47: Wed Oct 12 23:07:23 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060814.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 48: Wed Oct 12 23:07:23 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060822.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 49: Wed Oct 12 23:07:23 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060823.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 50: Wed Oct 12 23:07:23 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060833.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 51: Wed Oct 12 23:07:23 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060834.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 52: Wed Oct 12 23:07:24 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060874.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken. 53: Wed Oct 12 23:07:24 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060875.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 54: Wed Oct 12 23:07:24 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060876.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 55: Wed Oct 12 23:07:24 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0061874.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken. 56: Wed Oct 12 23:07:25 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0061875.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 57: Wed Oct 12 23:07:25 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0061876.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 58: Wed Oct 12 23:07:25 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0062874.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken. 59: Wed Oct 12 23:07:25 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0062875.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 60: Wed Oct 12 23:07:25 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0062876.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 61: Wed Oct 12 23:07:26 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062885.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken. 62: Wed Oct 12 23:07:26 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062886.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 63: Wed Oct 12 23:07:26 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062894.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken. 64: Wed Oct 12 23:07:26 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062895.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 65: Wed Oct 12 23:07:26 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062903.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken. 66: Wed Oct 12 23:07:27 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062904.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 67: Wed Oct 12 23:07:27 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062905.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 68: Wed Oct 12 23:07:27 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062940.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 69: Wed Oct 12 23:07:28 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062959.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken. 70: Wed Oct 12 23:07:28 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062979.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken. 71: Wed Oct 12 23:07:28 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062980.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 72: Wed Oct 12 23:07:28 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062981.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 73: Wed Oct 12 23:07:29 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062997.exe infected by "Trojan.Win32.Puper.bf" Virus! Action Taken: No Action Taken. 74: Wed Oct 12 23:07:29 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062998.exe infected by "Trojan-Downloader.Win32.Zlob.at" Virus! Action Taken: No Action Taken. 75: Wed Oct 12 23:07:29 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062999.exe infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 76: Wed Oct 12 23:07:29 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0063000.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken. 77: Wed Oct 12 23:07:29 2005 => File H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0063001.dll infected by "Trojan-Clicker.Win32.Agent.dj" Virus! Action Taken: No Action Taken. 78: Thu Oct 13 01:12:19 2005 => File H:\WINDOWS\system32\intell32.exe infected by "Trojan-Downloader.Win32.Small.vu" Virus! Action Taken: No Action Taken. 79: Thu Oct 13 01:12:19 2005 => File H:\WINDOWS\system32\intmonp.exe infected by "Trojan.Win32.Puper.bg" Virus! Action Taken: No Action Taken. 80: Thu Oct 13 01:12:45 2005 => File H:\WINDOWS\system32\LogFiles\OD0080400.so infected by "Trojan-Downloader.Win32.Small.bqx" Virus! Action Taken: No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Wed Oct 12 20:50:54 2005 => ERROR!!! Invalid Entry = H:\WINDOWS\system32\hp72CE.tmp (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}). No Action Taken. 2: Wed Oct 12 20:51:03 2005 => ERROR!!! Invalid Entry notepad.exe = msmsgs.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken. 3: Wed Oct 12 20:51:03 2005 => ERROR!!! Invalid Entry paint.exe = shnlog.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken. 4: Wed Oct 12 20:51:03 2005 => ERROR!!! Invalid Entry winlogon.exe = msole32.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken. 5: Wed Oct 12 20:51:12 2005 => ERROR!!! Invalid Entry System32\DRIVERS\imounter.sys in SYSTEM\CurrentControlSet\Services\im_bus... 6: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "H:\WINDOWS\Downloaded Program Files\axhost.dll". Action Taken: No Action Taken. 7: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "H:\WINDOWS\Downloaded Program Files\Midasa.dll". Action Taken: No Action Taken. 8: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Downloaded Program Files\Midasa.dll". Action Taken: No Action Taken. 9: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Programme\Ahead\CoverDesigner\NeroCoverDesigner_fra.chm". Action Taken: No Action Taken. 10: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Programme\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken. 11: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Programme\Ahead\Nero BackItUp\NeroBackItUp_Fra.chm". Action Taken: No Action Taken. 12: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Programme\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Action Taken: No Action Taken. 13: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Programme\Ahead\Nero StartSmart\NeroStartSmart_jpn.chm". Action Taken: No Action Taken. 14: Wed Oct 12 20:51:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Programme\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken. 15: Wed Oct 12 20:51:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Downloaded Program Files\axhost.dll". Action Taken: No Action Taken. 16: Wed Oct 12 20:51:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Programme\bfgtoolbar\bfgtoolbar.dll". Action Taken: No Action Taken. 17: Wed Oct 12 20:51:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "H:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken. 18: Wed Oct 12 20:51:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "H:\Programme\ATI Technologies\ATI Control Panel\setup.exe". Action Taken: No Action Taken. 19: Wed Oct 12 20:51:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "H:\Dokumente und Einstellungen\Melanie\Startmenü\Programme\MP3 Player Utilities 1.22\". Action Taken: No Action Taken. 20: Wed Oct 12 20:51:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "H:\Dokumente und Einstellungen\Melanie\Anwendungsdaten\Microsoft\Installer\{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}\". Action Taken: No Action Taken. 21: Wed Oct 12 20:51:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BUP". Action Taken: No Action Taken. 22: Wed Oct 12 20:51:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DIP". Action Taken: No Action Taken. 23: Wed Oct 12 20:51:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken. 24: Wed Oct 12 20:51:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VIR". Action Taken: No Action Taken. 25: Wed Oct 12 20:51:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Language pack for Ad-Aware SE". Action Taken: No Action Taken. 26: Wed Oct 12 20:51:35 2005 => Entry "HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" refers to invalid object "H:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll". Action Taken: No Action Taken. 27: Wed Oct 12 20:51:35 2005 => Entry "HKCR\CLSID\{390CE9F2-C4A0-11D4-8A92-0090271D4F88}" refers to invalid object "H:\Programme\Yahoo!\Messenger\ycrwin32.dll". Action Taken: No Action Taken. 28: Wed Oct 12 20:51:36 2005 => Entry "HKCR\CLSID\{41695A8E-6414-11D4-8FB3-00D0B7730277}" refers to invalid object "H:\Programme\Yahoo!\Messenger\asw.dll". Action Taken: No Action Taken. 29: Wed Oct 12 20:51:36 2005 => Entry "HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}" refers to invalid object "H:\Programme\Spybot - Search & Destroy\SDHelper.dll". Action Taken: No Action Taken. 30: Wed Oct 12 20:51:36 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "H:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken. 31: Wed Oct 12 20:51:36 2005 => Entry "HKCR\CLSID\{A5366673-E8CA-11D3-9CD9-0090271D075B}" refers to invalid object "H:\PROGRA~1\FlashGet\Jccatch.dll". Action Taken: No Action Taken. 32: Wed Oct 12 20:51:36 2005 => Entry "HKCR\CLSID\{B29DEB73-0511-4372-95E2-0EB539D929C9}" refers to invalid object "H:\PROGRA~1\ICQLite\ICQLIT~2.EXE". Action Taken: No Action Taken. 33: Wed Oct 12 20:51:37 2005 => Entry "HKCR\CLSID\{C16F618E-0B1A-426B-9216-1F588AE91F60}" refers to invalid object "H:\Programme\Ahead\nero\APHandler.dll". Action Taken: No Action Taken. 34: Wed Oct 12 20:51:37 2005 => Entry "HKCR\CLSID\{FB5DA722-162B-11D3-8B9B-AA70B4B0B524}" refers to invalid object "H:\PROGRA~1\FlashGet\Jccatch.dll". Action Taken: No Action Taken. 35: Wed Oct 12 20:51:37 2005 => Entry "HKCR\CLSID\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524}" refers to invalid object "H:\PROGRA~1\FlashGet\Jccatch.dll". Action Taken: No Action Taken. 36: Wed Oct 12 20:51:37 2005 => Entry "HKCR\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}" refers to invalid object "H:\WINDOWS\system32\hp72CE.tmp". Action Taken: No Action Taken. 37: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{057BA78D-FF70-4882-A53A-EE726AE26EE4}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 38: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{05801C43-50F8-4223-A789-8E91DAE773E7}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 39: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{07BA37DF-595F-4E86-85E7-C81B6E418ED9}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 40: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{08438D8A-B9D0-4D40-8CE5-C8837C9D15A6}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 41: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{0B40A8C3-3793-4FA3-9E59-87C8986F152F}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 42: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{0B969D90-3ABD-415C-8BD8-A30FFFC5D825}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 43: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{0CD88880-FF32-4E5B-8C98-40BABF42737B}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 44: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{0E6109B1-4C50-4DAD-AD73-14DCC0003C00}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 45: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{10219CB0-704B-4D7C-8765-A1AF6540D7B1}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 46: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{1139493D-6061-413E-9691-ED12539FB252}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 47: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{119F7B79-D650-4FE6-ACFE-018587BC7C73}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 48: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{12BE4F40-0F3B-451B-8FC8-3D5C34298F54}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 49: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{1495ABF6-82AE-4539-A9D9-0252FE84401D}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 50: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{1A76411C-C410-4B8A-90C6-9BEB1D21132D}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 51: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{1E1B286C-88FF-11D2-8D96-D7ACAC95951F}" refers to invalid object "H:\WINDOWS\system32\hp72CE.tmp". Action Taken: No Action Taken. 52: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{213869C6-EA82-4F9C-BBEB-C81FCF06800A}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 53: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{21613C3B-5CF9-4613-BCBC-E475975160B3}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 54: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{24229B9B-CDFD-4E92-BA9B-E6A9A2377097}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 55: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{24D62100-FD86-4A90-859C-04C4164CE241}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 56: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{286694D4-D584-47EB-BC06-8D67FF36B0E5}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 57: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{2900A216-A2BB-41F6-AECA-92D1EE56D267}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 58: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{2BEFE347-1343-49A1-836F-F1AEA2E8FA52}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 59: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{339E39AB-6905-4620-90D0-69499F9DC490}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 60: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{34E7DF3C-1041-421B-B803-980624DD044D}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 61: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{38E67511-7653-48A1-B05B-294BC8E39099}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 62: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{390CE9E4-C4A0-11D4-8A92-0090271D4F88}" refers to invalid object "H:\Programme\Yahoo!\Messenger\ycrwin32.dll". Action Taken: No Action Taken. 63: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{41695A81-6414-11D4-8FB3-00D0B7730277}" refers to invalid object "H:\Programme\Yahoo!\Messenger\asw.dll". Action Taken: No Action Taken. 64: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{47623C67-2106-4D70-8128-A4F7BD997BA7}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 65: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{497C0B82-5D89-45DE-8997-DEC99F839D2D}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 66: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{4B63B9F1-73D8-4BD9-86BB-91D7811AC61B}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 67: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{52412E06-1F41-427C-989B-367FB3CADC07}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 68: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{58D8372B-4EBC-42D5-B79F-3AAC7E05C9A8}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 69: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{5B6FE72C-0253-4DD1-BC6C-216985DB8D4B}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 70: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}" refers to invalid object "H:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll". Action Taken: No Action Taken. 71: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{604C88B3-2AFB-43C6-903C-7D853005ABCC}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 72: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{619152D9-2DE6-4089-B206-640F49FE29B3}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 73: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{658DD4F0-DC08-4CAB-BA13-28C8E0C4F121}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 74: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{680918E6-DD17-4CAD-8107-3F8933E7D426}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 75: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{69ADC9C2-8CBA-42ED-8EC1-FC52C2DD07A1}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 76: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{6BC4B2B6-69DB-4256-BAF5-2B72CC4D4E6F}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 77: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{79DE8D41-161C-11D3-8B9B-DF77640BA112}" refers to invalid object "H:\PROGRA~1\FlashGet\Jccatch.dll". Action Taken: No Action Taken. 78: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{80E6C5EB-7265-4BE3-A999-ECEBAACD7040}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 79: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{81882DAB-BEE5-4EC8-960C-6F5832F6853E}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 80: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{84A70B70-E99A-49CD-8C73-8FA3684A748D}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 81: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{86B79BD9-5ADD-4AFA-894F-F4E8A84B7AAC}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 82: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{8B7C6883-F480-4DD6-B8D6-CC74CD66F05D}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 83: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{8DAA47DA-B3B1-401F-B0A9-E7932DF0B1FC}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 84: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{8FD21A76-6F86-43FC-9B65-230D2ECDC725}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 85: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{90040D1B-521D-4F95-859C-5981CD78F709}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 86: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{905070B5-0BB5-44AE-9BCB-3F5283471A7F}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 87: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{98955799-4C17-4851-AAE0-93C15FA965FA}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 88: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{A0E34A59-8491-4CA9-9E16-1B9073C9F5CD}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 89: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{A69BC616-FE4B-419D-8056-BEB00DD72C0C}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 90: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{B3624A3A-5ABB-473F-A8F8-1DBAD47E96FA}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 91: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{B4970C2F-E853-43D8-AEBA-562BB333B8A9}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 92: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{B4A7B9CD-55CB-4691-95DB-8DA281457591}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 93: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{BA0A64C6-9661-4F5F-ACB5-AF807DC3C2B5}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 94: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{BAFF6A41-E3B3-48AD-8DAB-691C0B5EE0D9}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 95: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{BB294182-2C81-4819-B28B-998F8617328F}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 96: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{BBC490CB-AD64-477C-A979-F1EF41A2B56D}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 97: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{BC4F85BC-AB96-4912-9EB9-219F5C8A409F}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 98: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{BD42887E-3E98-4AE9-A0C9-7380FF73B02F}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 99: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{BEBF08B4-1B6A-4276-A3A6-C8D2AFECACD1}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 100: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{BF84BFD8-B411-4948-9BDA-3A6C02CE7BD4}" refers to invalid object "H:\Programme\Ahead\NeroVision\NeroVisionAPI.dll". Action Taken: No Action Taken. 101: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{C1EC16BD-0F60-44B6-9640-AF3F561928AC}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 102: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{C3323208-A7ED-401A-AF3A-D95645921F39}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 103: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{C69282D8-5924-4E70-8DE2-B7BABF0EA08A}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 104: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{C6C36510-76B3-4771-882B-833060201D05}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 105: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{C78ACB31-0603-448C-B3D0-298A148B71B2}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 106: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{CF59C96D-4E5F-4AD5-B9B1-F121D1DB9395}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 107: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{D0571F19-8904-40B6-8DDB-EBEA4F72B09D}" refers to invalid object "H:\Programme\Ahead\nero\APHandler.dll". Action Taken: No Action Taken. 108: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{D35760BE-AC10-4D1C-B15B-44493B715D78}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 109: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{D69D1DB2-C415-4982-AA93-05482AE5F1EA}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 110: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{D72843DE-F378-43D3-9F26-0C69E960144C}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 111: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{D760FD2A-A1C2-49EF-8BC4-340356E4AE84}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 112: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{DA010BB6-6D96-48A3-9983-E0C490B3DBDF}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 113: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{DBC8A4E0-3152-4D0D-AD6D-4EA05033695A}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 114: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "H:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken. 115: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{DDD641F3-EE4E-4872-A5C1-3324239960B3}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 116: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{DF5295A9-B00A-49CB-870B-EFB831764A1A}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 117: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{E0CAEC52-CAE6-4B98-B751-271E576D248D}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 118: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{E1A5D1CF-A05B-426F-9077-06A93341C165}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 119: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{E20C06DC-C336-45AD-B27E-A9EA9C3C4844}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 120: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{E39A07F5-4CBE-4151-AE41-21E86324D5F2}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 121: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{E3F00479-9753-40CC-B15A-AA955C3C45BE}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 122: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{E45D0B4F-F9E8-4D80-8BB9-F56DB24BDA01}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 123: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{EA458F2A-16CB-4392-92FA-804033BE99B4}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 124: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{F321E262-14AF-4F1A-AF3A-0F171372BEF4}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 125: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{FB3DB9A2-6480-48DB-B7EC-D34D09C78C0B}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 126: Wed Oct 12 20:51:37 2005 => Entry "HKCR\TypeLib\{FF1FDC7F-86E3-4CCA-8B8A-1763C44D3B9E}" refers to invalid object "H:\DOKUME~1\Melanie\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 127: Wed Oct 12 20:51:38 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. 128: Wed Oct 12 20:51:38 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. 129: Wed Oct 12 20:51:38 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "H:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken. 130: Wed Oct 12 20:51:38 2005 => Entry "HKCR\HP.1" refers to invalid object "{76b17cf3-3e51-4d69-a5e6-3fbed70f3481}". Action Taken: No Action Taken. 131: Wed Oct 12 20:51:38 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. 132: Wed Oct 12 20:51:38 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. 133: Wed Oct 12 20:51:38 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. 134: Wed Oct 12 20:51:39 2005 => Entry "HKCR\PhotoBase.Document" refers to invalid object "{F90E7260-9545-11D0-87A0-444553540000}". Action Taken: No Action Taken. 135: Wed Oct 12 20:51:39 2005 => Entry "HKCR\PhotoBase.Document\shell\open\command" refers to invalid object "H:\Programme\ArcSoft\PhotoStudio 2000\PhotoBase\PHBASE.EXE "%1"". Action Taken: No Action Taken. 136: Wed Oct 12 20:51:39 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. 137: Wed Oct 12 20:51:39 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. 138: Wed Oct 12 20:51:39 2005 => Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken. 139: Wed Oct 12 20:51:39 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. 140: Wed Oct 12 20:51:39 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. 141: Wed Oct 12 20:51:39 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. 142: Wed Oct 12 20:51:39 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. 143: Wed Oct 12 20:51:39 2005 => Entry "HKCR\Zb.ZbCmdProcessRawImages" refers to invalid object "{4DCADFA0-556A-4288-AB68-833C51A2CF6B}". Action Taken: No Action Taken. 144: Wed Oct 12 20:51:39 2005 => Entry "HKCR\Zb.ZbCmdProcessRawImages.1" refers to invalid object "{4DCADFA0-556A-4288-AB68-833C51A2CF6B}". Action Taken: No Action Taken. 145: Wed Oct 12 20:51:39 2005 => Entry "HKCR\Zb.ZbCmdRemoteCapture" refers to invalid object "{7D5BAFEE-5A7D-4BB0-B709-A17422EEB658}". Action Taken: No Action Taken. 146: Wed Oct 12 20:51:39 2005 => Entry "HKCR\Zb.ZbCmdRemoteCapture.1" refers to invalid object "{7D5BAFEE-5A7D-4BB0-B709-A17422EEB658}". Action Taken: No Action Taken. -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: H:\WINDOWS\popuper.exe => Trojan.Win32.Puper.bg 2: H:\WINDOWS\system32\intmonp.exe => Trojan.Win32.Puper.bg 3: H:\WINDOWS\system32\intell32.exe => Trojan-Downloader.Win32.Small.vu 4: H:\Programme\AVPersonal\INFECTED\MSOLE32.EXE.VIR => Trojan-Clicker.Win32.Agent.cr 5: H:\Programme\backups\backup-20051011-211210-401.dll => Trojan.Win32.Puper.be 6: H:\Programme\backups\backup-20051011-211227-921.dll => Trojan.Win32.Puper.be 7: H:\Programme\freeripmp3.exe => Trojan-Downloader.Win32.Agent.kr 8: H:\RECYCLER\S-1-5-21-1547161642-1085031214-682003330-1003\Dh15.dll => Trojan-Clicker.Win32.Agent.dj 9: H:\RECYCLER\S-1-5-21-1547161642-1085031214-682003330-1003\Dh20.dll => Trojan-Clicker.Win32.Agent.dj 10: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0058658.exe => Trojan.Win32.Puper.bf 11: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0058659.exe => Trojan-Clicker.Win32.Agent.dj 12: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0058660.exe => Trojan.Win32.Puper.bd 13: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0058683.exe => Trojan-Clicker.Win32.Agent.dj 14: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0059686.exe => Trojan-Clicker.Win32.Agent.dj 15: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0059687.dll => Trojan-Clicker.Win32.Agent.dj 16: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0059695.dll => Trojan-Clicker.Win32.Agent.dj 17: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060695.exe => Trojan-Clicker.Win32.Agent.dj 18: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060696.dll => Trojan-Clicker.Win32.Agent.dj 19: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060802.exe => Trojan-Clicker.Win32.Agent.dj 20: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060813.exe => Trojan-Clicker.Win32.Agent.dj 21: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060814.dll => Trojan-Clicker.Win32.Agent.dj 22: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060822.exe => Trojan-Clicker.Win32.Agent.dj 23: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060823.dll => Trojan-Clicker.Win32.Agent.dj 24: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060833.exe => Trojan-Clicker.Win32.Agent.dj 25: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060834.dll => Trojan-Clicker.Win32.Agent.dj 26: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060874.exe => Trojan.Win32.Puper.bg 27: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060875.exe => Trojan-Clicker.Win32.Agent.dj 28: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0060876.dll => Trojan-Clicker.Win32.Agent.dj 29: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0061874.exe => Trojan.Win32.Puper.bg 30: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0061875.exe => Trojan-Clicker.Win32.Agent.dj 31: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0061876.dll => Trojan-Clicker.Win32.Agent.dj 32: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0062874.exe => Trojan.Win32.Puper.bg 33: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0062875.exe => Trojan-Clicker.Win32.Agent.dj 34: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP127\A0062876.dll => Trojan-Clicker.Win32.Agent.dj 35: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062885.exe => Trojan.Win32.Puper.bg 36: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062886.dll => Trojan-Clicker.Win32.Agent.dj 37: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062894.exe => Trojan.Win32.Puper.bg 38: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062895.dll => Trojan-Clicker.Win32.Agent.dj 39: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062903.exe => Trojan.Win32.Puper.bg 40: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062904.exe => Trojan-Clicker.Win32.Agent.dj 41: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062905.dll => Trojan-Clicker.Win32.Agent.dj 42: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062940.exe => Trojan-Clicker.Win32.Agent.dj 43: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062959.exe => Trojan.Win32.Puper.bg 44: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062979.exe => Trojan.Win32.Puper.bg 45: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062980.exe => Trojan-Clicker.Win32.Agent.dj 46: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062981.dll => Trojan-Clicker.Win32.Agent.dj 47: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062997.exe => Trojan.Win32.Puper.bf 48: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062998.exe => Trojan-Downloader.Win32.Zlob.at 49: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0062999.exe => Trojan-Clicker.Win32.Agent.dj 50: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0063000.exe => Trojan.Win32.Puper.bg 51: H:\System Volume Information\_restore{5989760C-59D9-4656-A3FF-EDE0562DD790}\RP128\A0063001.dll => Trojan-Clicker.Win32.Agent.dj 52: H:\WINDOWS\system32\LogFiles\OD0080400.so => Trojan-Downloader.Win32.Small.bqx -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Thu Oct 13 01:17:28 2005 => Total Objects Scanned: 96614 Thu Oct 13 01:17:28 2005 => Total Virus(es) Found: 72 Thu Oct 13 01:17:28 2005 => Total Errors: 146 Thu Oct 13 01:17:28 2005 => Virus Database Date: 2005/10/12 Thu Oct 13 01:17:28 2005 => Virus Database Count: 153674 Thu Oct 13 01:28:53 2005 => Total Objects Scanned: 96614 Thu Oct 13 01:28:53 2005 => Total Virus(es) Found: 72 Thu Oct 13 01:28:53 2005 => Total Errors: 146 _________________________________________________________________ Volume in Laufwerk H: hat keine Bezeichnung. Volumeseriennummer: 782A-5E54 Verzeichnis von H:\WINDOWS\system32 13.10.2005 13:33 3.072 intmonp.exe 13.10.2005 13:33 889 vsconfig.xml 10.10.2005 15:41 4.286 ot.ico 10.10.2005 15:41 4.286 ts.ico 10.10.2005 15:40 6.656 intell32.exe 10.10.2005 14:38 2.206 wpa.dbl 15.09.2005 15:31 3.799 jupdate-1.5.0_04-b05.log 20.08.2005 23:51 4.212 zllictbl.dat Volume in Laufwerk H: hat keine Bezeichnung. Volumeseriennummer: 782A-5E54 Verzeichnis von H:\DOKUME~1\Melanie\LOKALE~1\Temp 13.10.2005 13:37 16.384 ~DFA39E.tmp 13.10.2005 13:34 16.384 Perflib_Perfdata_abc.dat 13.10.2005 13:33 3.875 jusched.log 12.10.2005 20:36 398 kb.log 12.10.2005 20:27 16.384 ~DFC25C.tmp 11.10.2005 19:24 16.384 ~DF3739.tmp 11.10.2005 19:01 16.384 ~DF7E1C.tmp 11.10.2005 18:58 16.384 Perflib_Perfdata_dcc.dat 8 Datei(en) 102.577 Bytes 0 Verzeichnis(se), 10.062.856.192 Bytes frei Volume in Laufwerk H: hat keine Bezeichnung. Volumeseriennummer: 782A-5E54 Verzeichnis von H:\WINDOWS 13.10.2005 13:34 949 win.ini 13.10.2005 13:33 0 0.log 13.10.2005 13:33 159 wiadebug.log 13.10.2005 13:33 50 wiaservc.log 13.10.2005 13:32 2.048 bootstat.dat 13.10.2005 01:29 32.634 SchedLgU.Txt 13.10.2005 01:29 229.093 WindowsUpdate.log 11.10.2005 21:06 439 system.ini 10.10.2005 22:35 17.193 popuper.exe 10.10.2005 22:35 1.640 sites.ini 10.10.2005 15:40 3.072 uninstIU.exe 10.10.2005 15:40 1.668 warnhp.html 06.10.2005 15:32 116 NeroDigital.ini 26.09.2005 16:45 132 homeDVD-Fotos2_5.INI 20.09.2005 18:34 4.096 d3dx.dat 08.09.2005 14:53 1.233 pstudio.ini 04.09.2005 06:35 400 ODBC.INI 01.09.2005 18:44 218 cdplayer.ini 21.08.2005 21:38 130 TM.INI Volume in Laufwerk H: hat keine Bezeichnung. Volumeseriennummer: 782A-5E54 Verzeichnis von H:\ 13.10.2005 13:55 0 sys.txt 13.10.2005 13:54 6.849 system.txt 13.10.2005 13:54 658 systemtemp.txt 13.10.2005 13:50 98.033 system32.txt 13.10.2005 13:32 402.653.184 pagefile.sys 29.09.2005 11:22 26 ioSpecial.ini 29.01.2005 22:53 3.693.597 ow32dede754,opera.exe 29.01.2005 20:12 210 boot.ini 29.01.2005 20:07 47.564 NTDETECT.COM 29.01.2005 20:07 251.184 ntldr 23.08.2001 16:00 4.952 bootfont.bin 11 Datei(en) 406.756.257 Bytes 0 Verzeichnis(se), 10.062.843.904 Bytes frei LG Nelli |
|
|
||
14.10.2005, 15:25
Ehrenmitglied
Beiträge: 29434 |
#8
Hallo@nelli73
CCleaner (loesche alle temp-Dateien) http://virus-protect.org/temp.html KILLBOX http://www.bleepingcomputer.com/files/killbox.php Anleitung: (bebildert) http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" H:\Programme\AVPersonal\INFECTED\MSOLE32.EXE.VIR H:\RECYCLER\S-1-5-21-1547161642-1085031214-682003330-1003\Dh15.dll H:\RECYCLER\S-1-5-21-1547161642-1085031214-682003330-1003\Dh20.dll H:\Programme\freeripmp3.exe H:\WINDOWS\system32\intmonp.exe H:\WINDOWS\system32\vsconfig.xml H:\WINDOWS\system32\ot.ico H:\WINDOWS\system32\ts.ico H:\WINDOWS\system32\intell32.exe H:\WINDOWS\popuper.exe H:\WINDOWS\sites.ini H:\Programme\jcdeu.ini H:\WINDOWS\uninstIU.exe H:\WINDOWS\warnhp.html H:\WINDOWS\system32\LogFiles\OD0080400.so PC neustarten *reg-Datei oben im Browser: Datei -- Seite speichern unter.. -- wähle "Desktop" -- speichern http://www.bleepingcomputer.com/files/reg/smitfraud.reg dann erscheint eine smitfraud.reg auf dem Desktop Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "smitfraud.reg" auf dem Desktop doppelklicken und mit "ja" bestätigen, damit die reg*-Datei der Registry beigefügt wird und sofort den PC neustarten. smitRem TOOL (Entfernungstool) http://noahdfear.geekstogo.com/ öffne smitRem folder,Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) suche smitfiles.txt und poste die Textdatei in den Thread Deaktivieren Wiederherstellung «XP Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. scanne mit ewido und poste den Scanreport http://virus-protect.org/ewido.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
14.10.2005, 17:13
Member
Themenstarter Beiträge: 85 |
#9
Hallo,
hier die dateien. smitRem log file version 2.6 by noahdfear ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! Pre-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ oleext.dll logfiles ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Post-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! _________________________________________________________________ --------------------------------------------------------- ewido security suite - Scan Report --------------------------------------------------------- + Erstellt am: 17:12:20, 14.10.2005 + Report-Checksumme: 522A1215 + Scanergebnis: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Gesäubert mit Backup HKU\S-1-5-21-1547161642-1085031214-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Gesäubert mit Backup H:\Dokumente und Einstellungen\Melanie\Cookies\melanie@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Gesäubert mit Backup H:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll -> Spyware.HotBar : Gesäubert mit Backup H:\WINDOWS\system32\AdCache -> Adware.Cydoor : Gesäubert mit Backup H:\WINDOWS\system32\AdCache\B_434_0_0_106300.gif -> Adware.Cydoor : Gesäubert mit Backup H:\WINDOWS\system32\AdCache\B_434_0_0_115100.gif -> Adware.Cydoor : Gesäubert mit Backup H:\WINDOWS\system32\AdCache\B_434_0_0_132500.gif -> Adware.Cydoor : Gesäubert mit Backup H:\WINDOWS\system32\AdCache\B_434_0_0_132600.gif -> Adware.Cydoor : Gesäubert mit Backup H:\WINDOWS\system32\AdCache\B_434_0_0_157600.gif -> Adware.Cydoor : Gesäubert mit Backup H:\WINDOWS\system32\AdCache\B_434_0_0_257900.gif -> Adware.Cydoor : Gesäubert mit Backup H:\WINDOWS\system32\AdCache\B_434_0_0_262400.gif -> Adware.Cydoor : Gesäubert mit Backup H:\WINDOWS\system32\AdCache\B_434_0_0_278400.gif -> Adware.Cydoor : Gesäubert mit Backup H:\WINDOWS\system32\AdCache\B_434_0_0_278600.gif -> Adware.Cydoor : Gesäubert mit Backup H:\WINDOWS\system32\AdCache\B_434_0_0_278800.gif -> Adware.Cydoor : Gesäubert mit Backup H:\WINDOWS\system32\AdCache\B_434_0_0_278900.gif -> Adware.Cydoor : Gesäubert mit Backup H:\WINDOWS\system32\AdCache\B_434_0_0_303900.gif -> Adware.Cydoor : ::Report Ende LG Nelli |
|
|
||
15.10.2005, 01:01
Ehrenmitglied
Beiträge: 29434 |
#10
http://virus-protect.org/onlinescan.html
scanne mit Panda und poste den Scanreport (falls der Antivirus "meckert"--> nicht beachten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.10.2005, 16:11
Member
Themenstarter Beiträge: 85 |
#11
Incident Status Location
Adware:adware/securityerror No disinfected H:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Center.url Virus:Exploit/Mhtredir.gen Disinfected H:\Programme\AVPersonal\INFECTED\OPR0FY5L.HTM.VIR Security Risk:Exploit/MIE.CHM No disinfected H:\Programme\AVPersonal\INFECTED\OPR0LTE5.HTML.VIR LG nelli |
|
|
||
15.10.2005, 20:41
Ehrenmitglied
Beiträge: 29434 |
#12
loesche manuell oder mit der Killbox:
H:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Center.url H:\Programme\AVPersonal\INFECTED\OPR0FY5L.HTM.VIR H:\Programme\AVPersonal\INFECTED\OPR0LTE5.HTML.VIR dann poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.10.2005, 20:53
Member
Themenstarter Beiträge: 85 |
#13
Hallo
Hier das ergebnis. Logfile of HijackThis v1.99.1 Scan saved at 20:51:37, on 15.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\System32\Ati2evxx.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\Explorer.EXE H:\Programme\Zone Labs\ZoneAlarm\zlclient.exe H:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe H:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe H:\Programme\AVPersonal\AVGNT.EXE H:\Programme\Java\jre1.5.0_04\bin\jusched.exe H:\Programme\Messenger\msmsgs.exe H:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe H:\Programme\Logitech\SetPoint\KEM.exe H:\Programme\WinZip\WZQKPICK.EXE H:\Programme\Logitech\SetPoint\KHALMNPR.EXE H:\Programme\Yahoo!\Messenger\ymsgr_tray.exe H:\PROGRAMME\AVPERSONAL\AVGUARD.EXE H:\Programme\AVPersonal\AVWUPSRV.EXE H:\Programme\ewido\security suite\ewidoctrl.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\ZoneLabs\vsmon.exe H:\Programme\HijackThis.exe O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - H:\Programme\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - H:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - H:\Programme\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O4 - HKLM\..\Run: [EM_EXEC] H:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Zone Labs Client] "H:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ToADiMon.exe] H:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [TkBellExe] "H:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVGCtrl] "H:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKCU\..\Run: [Yahoo! Pager] "H:\Programme\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "H:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader - Schnellstart.lnk = H:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = H:\Programme\Logitech\SetPoint\KEM.exe O4 - Global Startup: WinZip Quick Pick.lnk = H:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Alles mit FlashGet laden - H:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Mit FlashGet laden - H:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - H:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - H:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.lycos.de/activex/zylomgamesplayer.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - H:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - H:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - ewido networks - H:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - H:\WINDOWS\system32\ZoneLabs\vsmon.exe LG nelli |
|
|
||
15.10.2005, 21:02
Ehrenmitglied
Beiträge: 29434 |
#14
nun muesste alles wieder in Ordnung sein, aber wir ueberpruefen NOCH EINMAL
lade die Trialversion (rechts), scanne und poste den Scanreport http://www.webroot.com/consumer/products/spysweeper/index.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.10.2005, 21:35
Member
Themenstarter Beiträge: 85 |
#15
********
21:10: | Start of Session, Samstag, 15. Oktober 2005 | 21:10: Spy Sweeper started 21:10: Sweep initiated using definitions version 555 21:10: Starting Memory Sweep 21:14: Memory Sweep Complete, Elapsed Time: 00:04:06 21:14: Starting Registry Sweep 21:15: Found Adware: psguard desktop hijacker 21:15: HKLM\software\microsoft\windows\currentversion\uninstall\internet update\ (2 subtraces) (ID = 136964) 21:15: Found Trojan Horse: trojan-downloader-zlob 21:15: HKCR\nvideocodek.chl\ (2 subtraces) (ID = 820294) 21:15: HKLM\software\classes\nvideocodek.chl\ (2 subtraces) (ID = 820324) 21:15: Registry Sweep Complete, Elapsed Time:00:01:06 21:15: Starting Cookie Sweep 21:15: Found Spy Cookie: falkag cookie 21:15: melanie@as1.falkag[1].txt (ID = 2650) 21:15: Found Spy Cookie: fe.lea.lycos.com cookie 21:15: melanie@fe.lea.lycos[1].txt (ID = 2660) 21:15: Found Spy Cookie: tradedoubler cookie 21:15: melanie@tradedoubler[1].txt (ID = 3575) 21:15: Cookie Sweep Complete, Elapsed Time: 00:00:00 21:15: Starting File Sweep 21:33: File Sweep Complete, Elapsed Time: 00:18:01 21:33: Full Sweep has completed. Elapsed time 00:23:19 21:33: Traces Found: 12 ******** 21:08: | Start of Session, Samstag, 15. Oktober 2005 | 21:08: Spy Sweeper started 21:09: Your spyware definitions have been updated. 21:10: | End of Session, Samstag, 15. Oktober 2005 | Übrigens ist mein Desktop immer noch weiss, ich kann dort kein bild reinmachen. LG Nelli |
|
|
||
habe heute folgendes Problem.
Auf meinem Rechner sind zwei Trojaner (Troj. Pferd TR/Click.AG.dj.13 A + 13 B und Troj. Pferd TR/Puper.BA.1) die ich weder unbenennen noch löschen kann.
Habe WinXP, mein Virenprogramm ist Antivir (neues update hab ich schon, löscht den mist aber trotzdem nicht). Das Zeug hat sich übrigens bei Windows/System32 eingenisstet.
Hier direkt mal die Logfile.
Logfile of HijackThis v1.99.1
Scan saved at 20:47:30, on 10.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\shnlog.exe
H:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
H:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
H:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
H:\Programme\AVPersonal\AVGNT.EXE
H:\Programme\Java\jre1.5.0_04\bin\jusched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Programme\Logitech\SetPoint\KEM.exe
H:\Programme\WinZip\WZQKPICK.EXE
H:\Programme\Logitech\SetPoint\KHALMNPR.EXE
H:\WINDOWS\system32\intmon.exe
H:\Programme\AVPersonal\AVGUARD.EXE
H:\Programme\AVPersonal\AVWUPSRV.EXE
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\Programme\Opera\opera.exe
H:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
H:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
H:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
H:\Programme\Steganos Trace Destructor 6\itd.exe
H:\Programme\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - H:\WINDOWS\system32\hp5B9D.tmp
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - H:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [EM_EXEC] H:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "H:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ToADiMon.exe] H:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [TkBellExe] "H:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] "H:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RegSvr32] H:\WINDOWS\system32\msmsgs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "H:\Programme\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = H:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = H:\Programme\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = H:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Alles mit FlashGet laden - H:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - H:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - H:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - H:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.bigfishgames.com/online/tumblebugs/axhost.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.lycos.de/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{86A3BC59-606E-43CF-97C4-1800E8E80F5A}: NameServer = 217.237.150.97 217.237.150.225
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - H:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - H:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - H:\WINDOWS\system32\ZoneLabs\vsmon.exe
Hoffe mir kann jemand helfen.
LG
Nelli