CPU-Auslastung 100% ->Virus? |
||
|---|---|---|
| #0
| ||
|
12.04.2007, 20:40
...neu hier
Beiträge: 5 |
||
 
|
|
|
|
13.04.2007, 11:14
Ehrenmitglied
 Beiträge: 29434 |
#2
chili811
1. poste dieses log http://virus-protect.org/artikel/tools/combofix.html 2. Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script (ohne Zitat) Zitat Folders to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten _________ 3. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 4. Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
14.04.2007, 13:57
...neu hier
Themenstarter Beiträge: 5 |
#3
Hallo,
danke schon mal für die Hilfe. Hab alles durchgeführt wie beschrieben, hier die logfiles. Gruß, chili combofix: "UT" - 07-04-14 11:15:48 Service Pack 2 ComboFix 07-04-05.Rev3 - Running from: "C:\Dokumente und Einstellungen\UT\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Programme\thesearchaccelerator\INSTALL.LOG C:\Programme\thesearchaccelerator\UNWISE.EXE C:\Programme\thesearchaccelerator\toolbar.cfg C:\Programme\thesearchaccelerator\logo.ico C:\Programme\thesearchaccelerator\IUCmore.dll C:\Programme\thesearchaccelerator\TBlogin.users.ucmore.com.4.5.40.0 C:\WINDOWS\system32\taskmgr.com C:\install.log C:\WINDOWS\regedit.com C:\Programme\thesearchaccelerator ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\nm -------\LEGACY_NM ((((((((((((((((((((((((((((((( Files Created from 2007-03-14 to 2007-04-14 )))))))))))))))))))))))))))))))))) 2007-04-11 20:21 <DIR> d-------- C:\WINDOWS\pss 2007-04-10 23:32 <DIR> d-a------ C:\WINDOWS\zts2.exe 2007-04-10 23:32 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll 2007-04-10 23:32 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll 2007-04-10 23:32 <DIR> d-a------ C:\WINDOWS\rundll16.exe 2007-04-10 23:32 <DIR> d-a------ C:\WINDOWS\rundl132.dll 2007-04-10 23:32 <DIR> d-a------ C:\WINDOWS\logo1_.exe 2007-04-10 19:42 68,096 -ra------ C:\WINDOWS\agrsmdel.exe 2007-04-10 19:42 1,154,560 -ra------ C:\WINDOWS\system32\drivers\AGRSM.sys 2007-04-10 18:09 153,600 --a------ C:\WINDOWS\R.COM 2007-04-10 18:09 140,800 --a------ C:\WINDOWS\system32\T.COM 2007-04-10 16:31 <DIR> d-------- C:\Programme\Gemeinsame Dateien\ODBC 2007-04-10 16:25 <DIR> d-------- C:\escheck 2007-04-04 22:10 <DIR> d--hs---- C:\FOUND.005 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-11 23:59 49372 --a------ C:\WINDOWS\system32\perfc007.dat 2007-04-11 23:59 320338 --a------ C:\WINDOWS\system32\perfh007.dat 2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-28 22:20 10856 --ahs---- C:\WINDOWS\system32\kgygaavl.sys 2007-02-25 20:54 -------- d-------- C:\Programme\winamp 2007-02-25 20:54 -------- d-------- C:\Programme\winamp 2007-02-05 22:18 185856 --a------ C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="D:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "HomeAlarm"="D:\\Programme\\Chameleon Clock\\ChamClock.exe" "Trafmeter"="D:\\Programme\\TrafMeter\\TrafMeter.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AOLDialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe" "PC Alarm Clock"="" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Speed Disk service"=dword:00000002 "Diskeeper"=dword:00000002 "AOL ACS"=dword:00000002 "NProtectService"=dword:00000002 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source REG_SZ http://www.keane.at/pictures/saver2.JPG [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job C:\WINDOWS\tasks\Symantec Drmc.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-14 11:36:03 C:\ComboFix-quarantined-files.txt ... 07-04-14 11:36 --------------------------------------------------------------------------------------- datfind: 1. Datentr„ger in Laufwerk C: ist MAIN Volumeseriennummer: 4040-6463 Verzeichnis von C:\WINDOWS\system32 11.04.2007 23:59 41.034 perfc009.dat 11.04.2007 23:59 49.372 perfc007.dat 11.04.2007 23:59 733.074 PerfStringBackup.INI 11.04.2007 23:59 314.706 perfh009.dat 11.04.2007 23:59 320.338 perfh007.dat 09.04.2007 15:27 2.206 wpa.dbl 08.04.2007 01:58 229.592 FNTCACHE.DAT 03.04.2007 22:48 13.511.640 MRT.exe 17.03.2007 15:44 293.376 winsrv.dll 09.03.2007 12:24 123.392 xpsp3res.dll 08.03.2007 17:36 579.072 user32.dll 08.03.2007 17:36 40.960 mf3216.dll 08.03.2007 17:36 281.600 gdi32.dll 08.03.2007 17:32 1.843.712 win32k.sys 28.02.2007 22:20 10.856 KGyGaAvL.sys 28.02.2007 18:02 2.059.904 ntkrnlpa.exe 28.02.2007 18:02 2.182.656 ntoskrnl.exe 15.02.2007 18:01 337.280 WgaTray.exe 15.02.2007 18:01 1.476.992 LegitCheckControl.dll 15.02.2007 18:00 236.928 WgaLogon.dll 15.02.2007 16:41 122.142 TZLog.log 11.02.2007 01:32 124.688 mswinsck.ocx 07.02.2007 20:13 23.392 nscompat.tlb 07.02.2007 20:13 16.832 amcompat.tlb 05.02.2007 22:18 185.856 upnphost.dll 29.01.2007 09:58 60.416 tzchange.exe 23.01.2007 20:30 546.304 hhctrl.ocx 12.01.2007 09:27 6.054.400 ieframe.dll 12.01.2007 09:27 232.960 webcheck.dll 12.01.2007 09:27 3.580.416 mshtml.dll 12.01.2007 09:27 51.712 msfeedsbs.dll 12.01.2007 09:27 822.784 wininet.dll 12.01.2007 09:27 670.720 mstime.dll 12.01.2007 09:27 1.149.952 urlmon.dll 12.01.2007 09:27 458.752 msfeeds.dll 12.01.2007 09:27 132.608 extmgr.dll 12.01.2007 09:27 477.696 mshtmled.dll 12.01.2007 09:27 27.136 jsproxy.dll 10.01.2007 17:42 1.040.384 ieframe.dll.mui 08.01.2007 19:04 105.984 url.dll 08.01.2007 19:04 102.400 occache.dll 08.01.2007 19:03 193.024 msrating.dll 08.01.2007 19:02 1.823.744 inetcpl.cpl 08.01.2007 19:02 44.544 iernonce.dll 08.01.2007 19:02 266.752 iertutil.dll 08.01.2007 19:02 230.400 ieaksie.dll 08.01.2007 19:02 383.488 ieapfltr.dll 08.01.2007 19:02 161.792 ieakui.dll 08.01.2007 19:02 153.088 ieakeng.dll 08.01.2007 19:02 384.000 iedkcs32.dll 08.01.2007 19:01 17.408 corpol.dll 08.01.2007 19:00 124.928 advpack.dll 08.01.2007 18:08 56.832 ie4uinit.exe 08.01.2007 18:08 13.824 ieudinit.exe 2. Datentr„ger in Laufwerk C: ist MAIN Volumeseriennummer: 4040-6463 Verzeichnis von C:\WINDOWS\Downloaded Program Files 11 Datei(en) 754.956 Bytes 0 Verzeichnis(se), 920.010.752 Bytes frei 3. Datentr„ger in Laufwerk C: ist MAIN Volumeseriennummer: 4040-6463 Verzeichnis von C:\WINDOWS 14.04.2007 13:10 0 0.log 14.04.2007 13:09 159 wiadebug.log 14.04.2007 13:08 1.821 win.ini 14.04.2007 13:08 227 system.ini 14.04.2007 13:06 2.048 bootstat.dat 14.04.2007 13:04 2.030.194 WindowsUpdate.log 14.04.2007 13:04 32.334 SchedLgU.Txt 14.04.2007 13:04 50 wiaservc.log 12.04.2007 06:09 26 Lic.xxx 11.04.2007 23:57 179.539 setupapi.log 11.04.2007 19:30 48.556 ocmsn.log 11.04.2007 19:30 154.759 iis6.log 11.04.2007 19:30 332.937 comsetup.log 11.04.2007 19:30 48.887 msgsocm.log 11.04.2007 19:30 375.044 tsoc.log 11.04.2007 19:30 14.486 KB931784.log 11.04.2007 19:30 454.164 ocgen.log 11.04.2007 19:30 1.374 imsins.log 11.04.2007 19:30 201.616 ntdtcsetup.log 11.04.2007 19:30 968.516 FaxSetup.log 11.04.2007 19:28 1.374 imsins.BAK 11.04.2007 19:28 12.460 KB931261.log 11.04.2007 19:27 12.745 KB930178.log 11.04.2007 19:27 64.306 updspapi.log 11.04.2007 19:26 12.501 KB932168.log 11.04.2007 19:26 0 setuperr.log 08.04.2007 21:01 11.754 ModemLog_Agere Systems Usb 2.0 Soft Modem.txt 07.04.2007 10:14 12.438 KB925902.log 24.03.2007 20:28 1.088.281 setupapi.log.0.old 19.03.2007 23:59 54.156 QTFont.qfn 19.03.2007 23:59 1.409 QTFont.for 15.03.2007 20:16 292.856 wmsetup.log 15.03.2007 19:23 7.888 KB929399.log 15.03.2007 19:20 15.080 KB929338.log 02.03.2007 17:07 76.852 spupdsvc.log 02.03.2007 01:07 26.643 WgaNotify.log 25.02.2007 03:15 175.264 setupact.log 19.02.2007 12:38 387 RTacDbg.txt 15.02.2007 16:42 18.139 KB927779.log 15.02.2007 16:41 15.151 KB927802.log 15.02.2007 16:41 14.882 KB928255.log 15.02.2007 16:41 11.938 KB924667.log 15.02.2007 16:41 23.292 KB931836.log 15.02.2007 16:41 12.844 KB926436.log 15.02.2007 16:41 9.381 KB928090-IE7.log 15.02.2007 16:40 11.255 KB918118.log 15.02.2007 16:39 11.039 KB928843.log 07.02.2007 23:57 1.280 wmsetup10.log 07.02.2007 20:14 4.897 KB926239.log 07.02.2007 20:14 3.326 MSCompPackV1.log 07.02.2007 20:13 17.065 wmp11.log 07.02.2007 20:09 24.336 WMFDist11.log 07.02.2007 20:09 316.640 WMSysPr9.prx 07.02.2007 20:06 10.127 Wudf01000Inst.log 29.01.2007 23:03 4.944 cdplayer.ini 13.01.2007 20:36 3.652 KB929969.log 27.12.2006 18:37 10.780 KB923689.log 27.12.2006 17:04 9.834 KB925398.log 27.12.2006 17:03 12.599 KB926255.log 27.12.2006 17:03 12.626 KB923694.log 26.12.2006 22:22 8.350 ModemLog_SENS LT56ADW Modem.txt 4. Datentr„ger in Laufwerk C: ist MAIN Volumeseriennummer: 4040-6463 Verzeichnis von C:\ 14.04.2007 13:20 0 sys.txt 14.04.2007 13:20 816 down.txt 14.04.2007 13:20 269 tmp.txt 14.04.2007 13:20 14.537 system.txt 14.04.2007 13:20 286 systemtemp.txt 14.04.2007 13:19 104.295 system32.txt 14.04.2007 13:08 216 boot.ini 14.04.2007 13:06 390.070.272 pagefile.sys 14.04.2007 12:34 5.242 ComboFix.txt 14.04.2007 12:34 1.826 ComboFix-quarantined-files.txt 14.04.2007 12:01 1.374 avenger.txt 14.04.2007 11:36 5.904 ComboFix2.txt 11.04.2007 12:00 0 23990098.$$$ 26.02.2007 00:58 757 IPH.PH 5. Datentr„ger in Laufwerk C: ist MAIN Volumeseriennummer: 4040-6463 Verzeichnis von C:\WINDOWS\temp 14.04.2007 13:07 66 WGAErrLog.txt 1 Datei(en) 66 Bytes 0 Verzeichnis(se), 920.014.848 Bytes frei 6. Datentr„ger in Laufwerk C: ist MAIN Volumeseriennummer: 4040-6463 Verzeichnis von C:\DOKUME~1\UT~1\LOKALE~1\Temp 14.04.2007 13:18 512 ~DF6030.tmp 1 Datei(en) 512 Bytes 0 Verzeichnis(se), 920.035.328 Bytes frei |
|
|
|
|
|
|
15.04.2007, 15:50
Ehrenmitglied
Beiträge: 29434 |
#4
chili811
virustotal Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen http://www.virustotal.com/flash/index_en.html C:\WINDOWS\agrsmdel.exe poste hier den report ------------------------------------------------ Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Files to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» poste hier das log vom avenger, was nach neustart erscheint __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
17.04.2007, 23:41
...neu hier
Themenstarter Beiträge: 5 |
#5
Ich habe agrsmdel.exe inzwischen gelöscht, ich vermute, dass es eine Datei von meinen Modem-Treibern (das ich seit einigen Tagen nicht mehr verwende) ist, deshalb brauche ich sie z. Z. nicht. Hier trotzdem noch die Ergebnisse (virustotal, avenger und aktuelles Combofix).
Merkwürdig ist, dass mein Laptop vor 2 Tagen nach dem Hochfahren wieder in seiner normalen Geschwindigkeit funktioniert hat. Am nächsten Tag war er dann leider wieder im langsamen Tempo mit hoher CPU-Auslastung. Da ich vor 2 Tagen gar nichts mehr verändert oder gelöscht habe, kann ich mir nicht erklären, woran es gelegen hat. Virustotal: Complete scanning result of "agrsmdel.exe", received in VirusTotal at 04.16.2007, 17:19:11 (CET). Antivirus Version Update Result AhnLab-V3 2007.4.14.0 04.16.2007 no virus found AntiVir 7.3.1.52 04.16.2007 no virus found Authentium 4.93.8 04.14.2007 no virus found Avast 4.7.981.0 04.16.2007 no virus found AVG 7.5.0.447 04.15.2007 no virus found BitDefender 7.2 04.16.2007 no virus found CAT-QuickHeal 9.00 04.16.2007 no virus found ClamAV devel-20070312 04.16.2007 no virus found DrWeb 4.33 04.16.2007 no virus found eSafe 7.0.15.0 04.16.2007 no virus found eTrust-Vet 30.7.3572 04.16.2007 no virus found Ewido 4.0 04.16.2007 no virus found FileAdvisor 1 04.16.2007 No Thread detected Fortinet 2.85.0.0 04.16.2007 no virus found F-Prot 4.3.2.48 04.13.2007 no virus found F-Secure 6.70.13030.0 04.16.2007 no virus found Ikarus T3.1.1.5 04.16.2007 no virus found Kaspersky 4.0.2.24 04.16.2007 no virus found McAfee 5009 04.13.2007 no virus found Microsoft 1.2405 04.16.2007 no virus found NOD32v2 2195 04.16.2007 no virus found Norman 5.80.02 04.14.2007 no virus found Panda 9.0.0.4 04.15.2007 no virus found Prevx1 V2 04.16.2007 no virus found Sophos 4.16.0 04.12.2007 no virus found Sunbelt 2.2.907.0 04.14.2007 no virus found Symantec 10 04.16.2007 no virus found TheHacker 6.1.6.095 04.15.2007 no virus found VBA32 3.11.3 04.16.2007 no virus found VirusBuster 4.3.7:9 04.15.2007 no virus found Webwasher-Gateway 6.0.1 04.16.2007 no virus found Aditional Information File size: 68096 bytes MD5: ee8c7dfb92000ead05d079939ac0f86c SHA1: bf636d387077c1e4bc1a1abc45187cb4adf5d7e6 Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=ee8c7dfb92000ead05d079939ac0f86c Avenger-Log: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\fpgivfwn ******************* Script file located at: \??\C:\yrxgvggb.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\R.COM deleted successfully. File C:\WINDOWS\system32\T.COM deleted successfully. Completed script processing. ******************* Finished! Terminate. Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\vrgqdvrb ******************* Script file located at: \??\C:\Program Files\qkjnvgcf.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Folder C:\FOUND.005 deleted successfully. Folder C:\WINDOWS\zts2.exe deleted successfully. Folder C:\WINDOWS\system32\vcmgcd32.dll deleted successfully. Folder C:\WINDOWS\system32\iifgfgf.dll deleted successfully. Folder C:\WINDOWS\rundll16.exe deleted successfully. Folder C:\WINDOWS\rundl132.dll deleted successfully. Folder C:\WINDOWS\logo1_.exe deleted successfully. Completed script processing. ******************* Finished! Terminate. Combofix: ((((((((((((((((((((((((((((((( Files Created from 2007-03-17 to 2007-04-17 )))))))))))))))))))))))))))))))))) 2007-04-17 22:03 <DIR> d-------- C:\avenger 2007-04-15 19:02 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-04-15 19:02 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-04-15 19:02 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-04-15 19:02 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-04-15 19:02 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-04-15 19:02 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-04-15 19:02 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-04-15 18:42 94,208 -ra------ C:\WINDOWS\VMCap.exe 2007-04-15 18:42 93,600 -ra------ C:\WINDOWS\system32\drivers\usbVM31b.sys 2007-04-15 18:42 61,440 -ra------ C:\WINDOWS\system32\VM31bSTI.dll 2007-04-15 18:42 53,248 -ra------ C:\WINDOWS\VM_STI.EXE 2007-04-15 18:42 49,152 -ra------ C:\WINDOWS\amcap.exe 2007-04-15 18:42 24,576 -ra------ C:\WINDOWS\system32\RunSetup.dll 2007-04-15 18:41 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-04-14 11:58 60,416 --a------ C:\WINDOWS\system32\drivers\f^efubub.sys 2007-04-11 20:21 <DIR> d-------- C:\WINDOWS\pss 2007-04-10 16:31 <DIR> d-------- C:\Programme\Gemeinsame Dateien\ODBC 2007-04-10 16:25 <DIR> d-------- C:\escheck (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-11 23:59 49372 --a------ C:\WINDOWS\system32\perfc007.dat 2007-04-11 23:59 320338 --a------ C:\WINDOWS\system32\perfh007.dat 2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-28 22:20 10856 --ahs---- C:\WINDOWS\system32\kgygaavl.sys 2007-02-25 20:54 -------- d-------- C:\Programme\winamp 2007-02-25 20:54 -------- d-------- C:\Programme\winamp 2007-02-05 22:18 185856 --a------ C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" "BigDogPath"="C:\\WINDOWS\\VM_STI.EXE USB PC Web Camera" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "HomeAlarm"="D:\\Programme\\Chameleon Clock\\ChamClock.exe" "Trafmeter"="D:\\Programme\\TrafMeter\\TrafMeter.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AOLDialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe" "PC Alarm Clock"="" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Speed Disk service"=dword:00000002 "Diskeeper"=dword:00000002 "AOL ACS"=dword:00000002 "NProtectService"=dword:00000002 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job C:\WINDOWS\tasks\Symantec Drmc.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 |
|
|
|
|
|
|
18.04.2007, 09:11
Ehrenmitglied
Beiträge: 29434 |
#6
chili811
das war/ist auf dem Recher: W32/Looked-BO infiziert Dateien, die auf dem lokalen Computer aufgespürt wurden. W32/Looked-BO kopiert sich außerdem auf remote Netzwerkfreigaben und kann Dateien infizieren, die auf diesen Freigaben aufgespürt wurden. http://virus-protect.org/artikel/spyware/rundl132_dll.html ------------ «« http://virus-protect.org/artikel/tools/sdfix.html SDFix.zip entpacken es erscheint folgende Meldung: "The SDFix Folder has been extracted to %systemdrive% - Please run from that location. (%systemdrive% = drive that contains the Windows directory - typically C:\SDFix )" unter C:\ findet man nun den SDFix-Ordner boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet) gehe in den Ordner C:\SDFix RunThis.bat doppelt klicken schreibe: Y folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag »» scanne mit ewido und poste den report http://virus-protect.org/onlinescan.html «» poste dieses log http://virus-protect.org/winpfind.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
19.04.2007, 20:06
...neu hier
Themenstarter Beiträge: 5 |
#7
Hier die log-Dateien. Bei Ewido wurden ca. 50000 Cookies angezeigt, die poste ich jetzt mal nicht, sonst würde ich damit das Forum sprengen. ;-) Als ich auf "Remove" geklickt hab, ist leider mein Rechner abgestürzt, ich hab also noch nichts davon entfernt.
Danke für die Hilfe, Gruß, chili SDFix: SDFix: Version 1.79 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\regedit.com - Deleted Removing Temp Files ADS Check: Checking if ADS is attached to system32 Folder C:\WINDOWS\system32 No streams found. Checking if ADS is attached to svchost.exe C:\WINDOWS\system32\svchost.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\Programme\\ICQLite\\ICQLite.exe"="D:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite" "D:\\Programme\\Miranda IM\\miranda32.exe"="D:\\Programme\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM" "D:\\Programme\\eDonkey2000\\edonkey2000.exe"="D:\\Programme\\eDonkey2000\\edonkey2000.exe:*:Enabled:edonkey2000" "D:\\Programme\\eMule\\emule.exe"="D:\\Programme\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Programme\\Internet Explorer\\IEXPLORE.EXE"="C:\\Programme\\Internet Explorer\\IEXPLORE.EXE:*  isabled:Internet Explorer""C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger" "C:\\Programme\\AOL 9.0\\waol.exe"="C:\\Programme\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0" "C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLAcsd.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL" "C:\\Programme\\AOL 9.0a\\waol.exe"="C:\\Programme\\AOL 9.0a\\waol.exe:*:Enabled:AOL" "D:\\Programme\\Skype\\Phone\\Skype.exe"="D:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\AOL 9.0\\waol.exe"="C:\\Programme\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0" "C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLAcsd.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL" "C:\\Programme\\AOL 9.0a\\waol.exe"="C:\\Programme\\AOL 9.0a\\waol.exe:*:Enabled:AOL" Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Checking For Files with Hidden Attributes: C:\NTBOOTDD.SYS C:\WINDOWS\system32\KGyGaAvL.sys C:\WINDOWS\system32\F2D9CAC6ED.sys Finished -------------------------------------------------------------------------- Ewido: Name: Adware.BroadCastPC Path: HKLM\SOFTWARE\BTV Risk: Medium Name: Adware.BroadCastPC Path: HKLM\SOFTWARE\BTV\64.exe Risk: Medium Name: Adware.BroadCastPC Path: HKLM\SOFTWARE\BTV\71.zip Risk: Medium Name: Adware.BroadCastPC Path: HKLM\SOFTWARE\BTV\74.zip Risk: Medium Name: Adware.BroadCastPC Path: HKLM\SOFTWARE\BTV\75.zip Risk: Medium Name: Adware.BroadCastPC Path: HKLM\SOFTWARE\BTV\77.zip Risk: Medium Name: Adware.BroadCastPC Path: HKLM\SOFTWARE\BTV\79.zip Risk: Medium Name: Adware.BroadCastPC Path: HKLM\SOFTWARE\BTV\80.zip Risk: Medium Name: Adware.BroadCastPC Path: HKLM\SOFTWARE\BTV\83.zip Risk: Medium Name: Adware.BroadCastPC Path: HKLM\SOFTWARE\BTV\84.zip Risk: Medium Name: Adware.EffectiveBrandToolbar Path: HKLM\SOFTWARE\Effective-i Risk: Medium Name: Adware.EffectiveBrandToolbar Path: HKLM\SOFTWARE\Effective-i\TheSearchAccelerator Risk: Medium Name: Adware.EffectiveBrandToolbar Path: HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 Risk: Medium Name: Adware.EffectiveBrandToolbar Path: HKU\S-1-5-21-1004336348-688789844-854245398-1004\Software\Effective-i Risk: Medium Name: Adware.EffectiveBrandToolbar Path: HKU\S-1-5-21-1004336348-688789844-854245398-1004\Software\Effective-i\TheSearchAccelerator Risk: Medium Name: Adware.EffectiveBrandToolbar Path: HKU\S-1-5-21-1004336348-688789844-854245398-1004\Software\Effective-i\TheSearchAccelerator\IE5 Risk: Medium Name: Adware.MoeMoney Path: C:\Programme\WebRebates\System\Code\bf.class Risk: Medium Name: Adware.Ucmore Path: C:\System Volume Information\_restore{F90C5EDF-238C-4A53-B934-0DAB17378388}\RP781\A0151948.dll Risk: Medium Name: Adware.Ucmore Path: C:\QooBox\Quarantine\Programme\TheSearchAccelerator\IUCmore.dll.vir Risk: Medium Name: Adware.Ucmore Path: C:\Recycled\Dc1\UCmore Tour.lnk Risk: Medium Name: Adware.Ucmore Path: C:\Recycled\Dc1\How To Uninstall.lnk Risk: Medium Name: TrackingCookie.Ivwbox Path: :mozilla.19:C:\Recycled\NPROTECT\00045380.MOZ Risk: Medium Name: TrackingCookie.Doubleclick Path: :mozilla.30:C:\Recycled\NPROTECT\00045380.MOZ Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.31:C:\Recycled\NPROTECT\00045380.MOZ Risk: Medium --------------------------------------------------------------------------- WinPFind: »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 7.0.5730.11 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... PECompact2 03.04.2007 22:48:52 13511640 C:\WINDOWS\SYSTEM32\MRT.exe aspack 03.04.2007 22:48:52 13511640 C:\WINDOWS\SYSTEM32\MRT.exe Umonitor 04.08.2004 09:57:32 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll PEC2 18.08.2001 12:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc PTech 15.02.2007 18:01:30 337280 C:\WINDOWS\SYSTEM32\WgaTray.exe aspack 04.08.2004 09:57:08 733696 C:\WINDOWS\SYSTEM32\ntdll.dll PTech 15.02.2007 18:01:04 1476992 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll winsync 18.08.2001 12:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu PEC2 03.11.2006 10:02:58 8282112 C:\WINDOWS\SYSTEM32\wmploc.dll Checking %System%\Drivers folder and sub-folders... PTech 04.08.2004 07:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 18.04.2007 18:23:44 S 2048 C:\WINDOWS\bootstat.dat 19.03.2007 23:59:02 H 54156 C:\WINDOWS\QTFont.qfn 28.02.2007 22:20:14 HS 10856 C:\WINDOWS\system32\KGyGaAvL.sys 19.04.2007 17:34:00 H 1024 C:\WINDOWS\system32\config\system.LOG 19.04.2007 18:47:06 H 1024 C:\WINDOWS\system32\config\software.LOG 18.04.2007 18:38:14 H 1024 C:\WINDOWS\system32\config\default.LOG 18.04.2007 18:24:04 H 1024 C:\WINDOWS\system32\config\SAM.LOG 19.04.2007 14:24:20 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 12.04.2007 14:12:08 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 09.03.2007 16:11:10 S 11990 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB932168.cat 08.03.2007 18:02:04 S 13402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925902.cat 17.03.2007 15:56:40 S 11284 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB930178.cat 28.02.2007 18:22:30 S 13618 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB931784.cat 25.02.2007 22:41:56 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred 25.02.2007 22:41:56 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\db5a72d7-6a11-4038-990b-25752cc71380 17.04.2007 19:27:58 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 17.04.2007 19:27:58 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\6b38996d-d3ac-4ada-a7a8-776301b366f9 18.04.2007 18:24:18 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 04.08.2004 09:58:22 138240 C:\WINDOWS\SYSTEM32\desk.cpl Cirrus Logic, Inc. 22.08.2002 08:54:58 R 614400 C:\WINDOWS\SYSTEM32\cwaprops.cpl Microsoft Corporation 04.08.2004 09:58:22 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 04.08.2004 09:58:22 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 04.08.2004 09:58:22 70656 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 04.08.2004 09:58:22 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 08.01.2007 19:02:10 1823744 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 04.08.2004 09:58:22 133120 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 18.08.2001 12:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 04.08.2004 09:58:22 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 18.08.2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 18.08.2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 04.08.2004 09:58:22 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 04.08.2004 09:58:22 381440 C:\WINDOWS\SYSTEM32\irprops.cpl Intel Corporation 23.01.2003 16:11:48 R 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl Microsoft Corporation 04.08.2004 09:58:22 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Sun Microsystems, Inc. 04.03.2005 03:36:44 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 04.08.2004 09:58:22 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 04.08.2004 09:58:22 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 04.08.2004 09:58:22 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 04.08.2004 09:58:22 69632 C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation 04.08.2004 09:58:22 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 04.08.2004 09:58:22 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 04.08.2004 09:58:22 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 08.01.2007 19:02:10 1823744 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl Microsoft Corporation 18.08.2001 12:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 18.08.2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 18.08.2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Intel Corporation 23.01.2003 16:11:48 R 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 27.02.2004 00:43:50 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini Checking files in %ALLUSERSPROFILE%\Application Data folder... 11.02.2006 19:37:08 305 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html 27.02.2004 00:17:48 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini 09.05.2006 18:29:28 1352 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache Checking files in %USERPROFILE%\Startup folder... 27.02.2004 00:43:50 HS 84 C:\Dokumente und Einstellungen\UT\Startmenü\Programme\Autostart\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 27.02.2004 00:17:48 HS 62 C:\Dokumente und Einstellungen\UT\Anwendungsdaten\desktop.ini »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = D:\Programme\Adobe\Acrobat 6\Acrobat Elements\ContextMenu.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = D:\Programme\ICQLite\ICQLiteShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TuneUp Shredder {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = D:\Programme\TuneUp Utilities\sdshelex.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programme\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programme\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = D:\Programme\ICQLite\ICQLiteShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TuneUp Shredder {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = D:\Programme\TuneUp Utilities\sdshelex.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programme\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = D:\Programme\Adobe\Acrobat 6\Acrobat\ActiveX\AcroIEHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910} AcroIEToolbarHelper Class = D:\Programme\Adobe\Acrobat 6\Acrobat\AcroIEFavClient.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} MSN Suche Toolbar Helper = C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B} Adobe PDF = D:\Programme\Adobe\Acrobat 6\Acrobat\AcroIEFavClient.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {44BE0690-5429-47f0-85BB-3FFD8020233E} = : {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Suche Toolbar : C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : D:\Programme\Adobe\Acrobat 6\Acrobat\AcroIEFavClient.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} ButtonText = Recherchieren : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9} ButtonText = ICQ Lite : D:\Programme\ICQLite\ICQLite.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer-Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{FF059E31-CC5A-4E2E-BF3B-96E929D65503} &Recherchieren = C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = : {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Suche Toolbar : C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : D:\Programme\Adobe\Acrobat 6\Acrobat\AcroIEFavClient.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {855F3B16-6D32-4FE6-8A56-BBB695989046} = : {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Suche Toolbar : C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll {44BE0690-5429-47F0-85BB-3FFD8020233E} = : {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : D:\Programme\Adobe\Acrobat 6\Acrobat\AcroIEFavClient.dll {F2CF5485-4E02-4F68-819C-B92DE9277049} = &Links : C:\WINDOWS\system32\ieframe.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] HotKeysCmds C:\WINDOWS\System32\hkcmd.exe avgnt "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min BigDogPath C:\WINDOWS\VM_STI.EXE USB PC Web Camera [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] Register Homesite+.exe D:\Programme\Macromedia\Homesite+.exe /REGSERVER [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ctfmon.exe C:\WINDOWS\system32\ctfmon.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services Speed Disk service 2 Diskeeper 2 AOL ACS 2 NProtectService 2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 2 startup 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll WPDShServiceObj {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui = igfxsrvc.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon = WgaLogon.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 19.04.2007 18:53:14 |
|
|
|
|
|
|
30.04.2007, 10:07
...neu hier
Themenstarter Beiträge: 5 |
#8
Kann mir denn keiner helfen? Jetzt muss ich mich schon über 3 Wochen mit diesem Schlepptop herumärgern... :-( Wäre über Anregungen und Hilfe wirklich sehr dankbar.
Gruß, chili |
|
|
|
|
|
|
30.04.2007, 15:50
Ehrenmitglied
 Beiträge: 6028 |
#9
Tag,Ute
Downoad CounterSpy http://www.virus-protect.org/counterspy.html Und Scan dein Lappi damit,ist ein 15 Tage Trailversion Am Ende waehle immer "Remove" Poste danach noch ein HijackThis logfile __________ MfG Argus Dieser Beitrag wurde am 30.04.2007 um 15:59 Uhr von Arnold editiert.
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Mein Laptop hat seit einigen Tagen eine CPU-Auslastung von 100%. escan hab ich irgendwann nach 11 Stunden aufgegeben, als es bis dahin immer noch nicht durch war. Bei AntiVir ist außer einer Warnung nichts rausgekommen (Beginne mit der Suche in 'C:\' <MAIN> C:\pagefile.sys[WARNUNG] Die Datei konnte nicht geöffnet werden!).
Bin über jede Hilfe dankbar...
hijackthis log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:30:24, on 12.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\crypserv.exe
D:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\DOKUME~1\UTETEI~1\LOKALE~1\Temp\mexe.com
C:\DOKUME~1\UTETEI~1\LOKALE~1\Temp\ScanningProcess.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Dokumente und Einstellungen\Ute Teichgräber\Desktop\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.uni-mainz.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 6\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSN Suche Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O3 - Toolbar: MSN Suche Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 6\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &MSN Suche - res://C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll/search.htm
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0000.1110\de-de\msntabres.dll/229?a2a1111dabfe46429e95d578d38d8c97
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0000.1110\de-de\msntabres.dll/230?a2a1111dabfe46429e95d578d38d8c97
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Programme\ICQ\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126559065832
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O24 - Desktop Component 0: (no name) - http://www.keane.at/pictures/saver2.JPG
--
End of file - 6788 bytes
---------------------------------------------------------------------------
escan
Object "ucmore adware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ucmore adware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "broadcastpc Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "password-finder 2.1 PSWTool" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "vcatch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ebates moneymaker Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "unknown trojan Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ucmore Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ucmore Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "unknown trojan Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "powerreg scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "password-finder 2.1 PSWTool" found in File System! Action Taken: No Action Taken.
Object "powerreg scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "password-finder 2.1 PSWTool" found in File System! Action Taken: No Action Taken.
Object "spylax Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\ABUI.ABUI.1" refers to invalid object "{61E15DE7-D229-4eb3-A460-40DCDDA60DA7}". Action Taken: No Action Taken.
Entry "HKCR\AccAOL.AccessAOL" refers to invalid object "{1B28020D-9DE7-11D4-A2D4-001083025146}". Action Taken: No Action Taken.
Entry "HKCR\AccAOL.AccessAOL.1" refers to invalid object "{1B28020D-9DE7-11D4-A2D4-001083025146}". Action Taken: No Action Taken.
Entry "HKCR\Acontext.Activation" refers to invalid object "{4B2A604D-B751-11D5-A2D5-001083025146}". Action Taken: No Action Taken.
Entry "HKCR\Acontext.Activation.1" refers to invalid object "{4B2A604D-B751-11D5-A2D5-001083025146}". Action Taken: No Action Taken.
Entry "HKCR\ACS.SENSReachability" refers to invalid object "{692B8041-F1C5-4881-82E9-4F94BBA34AC2}". Action Taken: No Action Taken.
Entry "HKCR\ACS.SENSReachability.1" refers to invalid object "{692B8041-F1C5-4881-82E9-4F94BBA34AC2}". Action Taken: No Action Taken.
Entry "HKCR\AOL.MemExpWz" refers to invalid object "{18477169-4752-41DC-AB0F-C50EBA75641D}". Action Taken: No Action Taken.
Entry "HKCR\AOL.MemExpWz.1" refers to invalid object "{18477169-4752-41DC-AB0F-C50EBA75641D}". Action Taken: No Action Taken.
Entry "HKCR\AOL.MimeController" refers to invalid object "{E9DD2392-EF9B-4963-BEDF-F86C0A2B762A}". Action Taken: No Action Taken.
Entry "HKCR\AOL.MimeController.1" refers to invalid object "{E9DD2392-EF9B-4963-BEDF-F86C0A2B762A}". Action Taken: No Action Taken.
Entry "HKCR\AOL.PicDownloadCtrl" refers to invalid object "{D670D0B3-05AB-4115-9F87-D983EF1AC747}". Action Taken: No Action Taken.
Entry "HKCR\AOL.PicDownloadCtrl.1" refers to invalid object "{D670D0B3-05AB-4115-9F87-D983EF1AC747}". Action Taken: No Action Taken.
Entry "HKCR\AOL.PicEditCtrl" refers to invalid object "{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}". Action Taken: No Action Taken.
Entry "HKCR\AOL.PicEditCtrl.1" refers to invalid object "{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}". Action Taken: No Action Taken.
Entry "HKCR\AOL.UPFCtrl" refers to invalid object "{98BFD494-F6AD-4794-9038-832C0654CC43}". Action Taken: No Action Taken.
Entry "HKCR\AOL.UPFCtrl.1" refers to invalid object "{98BFD494-F6AD-4794-9038-832C0654CC43}". Action Taken: No Action Taken.
Entry "HKCR\AOLBrand_Client.AOLBrand_Client" refers to invalid object "{79498D83-FEFE-4e36-8B7E-E9CF79F010B0}". Action Taken: No Action Taken.
Entry "HKCR\AOLBrand_Client.AOLBrand_Client.1" refers to invalid object "{752B9690-7A0B-4c67-8A09-AE3885CFCDF4}". Action Taken: No Action Taken.
Entry "HKCR\AOLBrand_Client.AOLBrand_Client.2" refers to invalid object "{79498D83-FEFE-4e36-8B7E-E9CF79F010B0}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACCalendarDCtrl" refers to invalid object "{63435828-E10D-42d5-8859-C94796B7C22D}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACCalendarDCtrl.4" refers to invalid object "{63435828-E10D-42d5-8859-C94796B7C22D}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACCalendarListCtrl" refers to invalid object "{A8ABE123-FAC4-41c1-ABA3-051B6F112B83}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACCalendarListCtrl.5" refers to invalid object "{A8ABE123-FAC4-41c1-ABA3-051B6F112B83}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACDayBoxViewCtrl" refers to invalid object "{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACDayBoxViewCtrl.5" refers to invalid object "{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACDictionary" refers to invalid object "{9F62797E-1249-4596-9FF7-AC6D851A542A}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACDictionary.5" refers to invalid object "{9F62797E-1249-4596-9FF7-AC6D851A542A}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACEventConflictCtrl" refers to invalid object "{B3E7BCF9-05C8-4233-BA88-37FDA4AD3147}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACEventConflictCtrl.5" refers to invalid object "{B3E7BCF9-05C8-4233-BA88-37FDA4AD3147}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACMonthViewCtrl" refers to invalid object "{0FE9096F-7F7A-4e40-857C-E48A53440DFE}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACMonthViewCtrl.5" refers to invalid object "{0FE9096F-7F7A-4e40-857C-E48A53440DFE}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACMPickerCtrl" refers to invalid object "{DA3C177A-D1DA-47f2-BBF0-E9710CA7253F}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACMPickerCtrl.5" refers to invalid object "{DA3C177A-D1DA-47f2-BBF0-E9710CA7253F}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACToolBarCtrl" refers to invalid object "{F4F30C01-A7B4-492e-943E-58A7CF2D9DD6}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACToolBarCtrl.5" refers to invalid object "{F4F30C01-A7B4-492e-943E-58A7CF2D9DD6}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACTopToolBarCtrl" refers to invalid object "{09E6F477-C3C3-4636-8BFD-2DDB36147FEC}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACTopToolBarCtrl.5" refers to invalid object "{09E6F477-C3C3-4636-8BFD-2DDB36147FEC}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACWebDlgHelper" refers to invalid object "{6AD3B5BD-9A96-4ca2-9455-2034D05EB134}". Action Taken: No Action Taken.
Entry "HKCR\AolCalSvr.ACWebDlgHelper.5" refers to invalid object "{6AD3B5BD-9A96-4ca2-9455-2034D05EB134}". Action Taken: No Action Taken.
Entry "HKCR\AOLFlash.AOLFlash" refers to invalid object "{C1145550-A454-11D4-9020-00D0B7239081}". Action Taken: No Action Taken.
Entry "HKCR\AOLFlash.AOLFlash.1" refers to invalid object "{C1145550-A454-11D4-9020-00D0B7239081}". Action Taken: No Action Taken.
Entry "HKCR\AOLFlash.AOLFlash.3" refers to invalid object "{C1145550-A454-11D4-9020-00D0B7239081}". Action Taken: No Action Taken.
Entry "HKCR\AOLFlash.AOLFlash.4" refers to invalid object "{C1145550-A454-11D4-9020-00D0B7239081}". Action Taken: No Action Taken.
Entry "HKCR\AOLFlash.AOLFlash.5" refers to invalid object "{C1145550-A454-11D4-9020-00D0B7239081}". Action Taken: No Action Taken.
Entry "HKCR\AOLFlash.AOLFlash.6" refers to invalid object "{C1145550-A454-11D4-9020-00D0B7239081}". Action Taken: No Action Taken.
Entry "HKCR\AOLFlashFactory.AOLFlashFactory" refers to invalid object "{C1145551-A454-11D4-9020-00D0B7239081}". Action Taken: No Action Taken.
Entry "HKCR\AOLFlashFactory.AOLFlashFactory.1" refers to invalid object "{C1145551-A454-11D4-9020-00D0B7239081}". Action Taken: No Action Taken.
Entry "HKCR\AOLFlashProp.AOLFlashProp.1" refers to invalid object "{75D44B92-DCAF-43f3-A7D1-91041F34E719}". Action Taken: No Action Taken.
Entry "HKCR\Aolprefs.AolPreferences" refers to invalid object "{BBDA76FB-B05C-4A30-8E75-A96499A840D1}". Action Taken: No Action Taken.
Entry "HKCR\Aolprefs.AolPreferences.1" refers to invalid object "{BBDA76FB-B05C-4A30-8E75-A96499A840D1}". Action Taken: No Action Taken.
Entry "HKCR\AOL_AddressBook.AOL_AddressBook.1" refers to invalid object "{602DB47D-DFE2-4553-8C54-0522A9DC74AC}". Action Taken: No Action Taken.
Entry "HKCR\AOL_BuddyManager.AOL_BuddyManager.1" refers to invalid object "{19038319-D799-4819-94C0-1A115A590BF8}". Action Taken: No Action Taken.
Entry "HKCR\AOL_Client.AOL_Client" refers to invalid object "{8FC6A820-6BFC-11d6-A10D-0010A49A288A}". Action Taken: No Action Taken.
Entry "HKCR\AOL_Client.AOL_Client.1" refers to invalid object "{225789FB-CCA8-11D2-A719-0060B0B41584}". Action Taken: No Action Taken.
Entry "HKCR\AOL_Client.AOL_Client.2" refers to invalid object "{AC44023F-D183-4397-9D02-27D34F120CB2}". Action Taken: No Action Taken.
Entry "HKCR\AOL_Client.AOL_Client.3" refers to invalid object "{8FC6A820-6BFC-11d6-A10D-0010A49A288A}". Action Taken: No Action Taken.
Entry "HKCR\AOL_ClientCommands.AOL_ClientCommands.1" refers to invalid object "{BB4AEB43-D0AB-11D2-A719-0060B0B41584}". Action Taken: No Action Taken.
Entry "HKCR\AOL_Communications.AOL_Communications.1" refers to invalid object "{00e0313F-8627-45db-863d-fd41083c3d32}". Action Taken: No Action Taken.
Entry "HKCR\AOL_Favorites.AOL_Favorites.1" refers to invalid object "{C8A7FDAD-94D1-4da6-8D95-75888FB12DD4}". Action Taken: No Action Taken.
Entry "HKCR\AOL_IMManager.AOL_IMManager.1" refers to invalid object "{E3393F8F-B0C2-4103-A9E6-E0EB74645770}". Action Taken: No Action Taken.
Entry "HKCR\AOL_MailInfo.AOL_MailInfo.1" refers to invalid object "{7BD901A3-39BA-419b-AF57-EAA3145420DF}". Action Taken: No Action Taken.
Entry "HKCR\AOL_MailInfo2.AOL_MailInfo2.1" refers to invalid object "{14DB4DBD-FB4A-458e-8699-F9EB4BDAFEBC}". Action Taken: No Action Taken.
Entry "HKCR\AOL_Publish.AOL_Publish.1" refers to invalid object "{C689CA08-726F-4676-8876-99F163685B32}". Action Taken: No Action Taken.
Entry "HKCR\AOL_SAPMoniker.AOL_SAPMoniker.1" refers to invalid object "{9482BC28-EAA5-4b6e-82E9-C6832320936E}". Action Taken: No Action Taken.
Entry "HKCR\Ares.AresPlayer" refers to invalid object "{4E97BE17-3300-4A4F-B380-5988DD771F1F}". Action Taken: No Action Taken.
Entry "HKCR\Ares.AresPlayer.1" refers to invalid object "{4E97BE17-3300-4A4F-B380-5988DD771F1F}". Action Taken: No Action Taken.
Entry "HKCR\AxMetaStream.MetaStreamCtl" refers to invalid object "{03F998B2-0E00-11D3-A498-00104B6EB52E}". Action Taken: No Action Taken.
Entry "HKCR\AxMetaStream.MetaStreamCtl.1" refers to invalid object "{03F998B2-0E00-11D3-A498-00104B6EB52E}". Action Taken: No Action Taken.
Entry "HKCR\AxMetaStream.MetaStreamCtlSecondary" refers to invalid object "{1B00725B-C455-4DE6-BFB6-AD540AD427CD}". Action Taken: No Action Taken.
Entry "HKCR\AxMetaStream.MetaStreamCtlSecondary.1" refers to invalid object "{1B00725B-C455-4DE6-BFB6-AD540AD427CD}". Action Taken: No Action Taken.
Entry "HKCR\AxTrack" refers to invalid object "{5145942E-41DF-4658-B7C4-089F48E84A75}". Action Taken: No Action Taken.
Entry "HKCR\AxTrack.CoAxTrack" refers to invalid object "{B9F3009B-976B-41C4-A992-229DCCF3367C}". Action Taken: No Action Taken.
Entry "HKCR\AxTrack.CoAxTrack.1" refers to invalid object "{B9F3009B-976B-41C4-A992-229DCCF3367C}". Action Taken: No Action Taken.
Entry "HKCR\AxTrack.CoAxTrackMk" refers to invalid object "{5145942E-41DF-4658-B7C4-089F48E84A75}". Action Taken: No Action Taken.
Entry "HKCR\AxTrack.CoAxTrackMk.1" refers to invalid object "{5145942E-41DF-4658-B7C4-089F48E84A75}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControl.CddbTrackManager" refers to invalid object "{00014C0D-B007-4448-B89B-4EC3E857961D}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControl.CddbTrackManager.1" refers to invalid object "{00014C0D-B007-4448-B89B-4EC3E857961D}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CDDBAOLControl.1" refers to invalid object "{229b78d5-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CDDBControl" refers to invalid object "{229b78d5-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbCredit" refers to invalid object "{229b78e2-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbCredit.1" refers to invalid object "{229b78e2-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbDisc" refers to invalid object "{229b78d5-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbDisc.1" refers to invalid object "{229b78d5-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbFullName.1" refers to invalid object "{229b78e1-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbID3Tag" refers to invalid object "{bc8a96c6-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbID3Tag.1" refers to invalid object "{bc8a96c6-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbID3TagManager" refers to invalid object "{bc8a96c5-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbID3TagManager.1" refers to invalid object "{bc8a96c5-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbInfoWindow" refers to invalid object "{bc8a96c7-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbInfoWindow.1" refers to invalid object "{bc8a96c7-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbSegment" refers to invalid object "{229b78df-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbSegment.1" refers to invalid object "{229b78df-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbUIOptions" refers to invalid object "{bc8a96c8-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbUIOptions.1" refers to invalid object "{bc8a96c8-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbURL" refers to invalid object "{229b78e0-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbURL.1" refers to invalid object "{229b78e0-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbURLManager" refers to invalid object "{bc8a96c4-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.CddbURLManager.1" refers to invalid object "{bc8a96c4-3909-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlAOL.FullName" refers to invalid object "{229b78e1-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.
Entry "HKCR\Cerberus.CerberusCDPlayer" refers to invalid object "{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}". Action Taken: No Action Taken.
Entry "HKCR\Cerberus.CerberusCDPlayer.1" refers to invalid object "{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}". Action Taken: No Action Taken.
Entry "HKCR\DFreeActivator.FreeActivator" refers to invalid object "{F687EF8D-9C9D-11D5-A2D5-001083025146}". Action Taken: No Action Taken.
Entry "HKCR\DFreeActivator.FreeActivator.1" refers to invalid object "{F687EF8D-9C9D-11D5-A2D5-001083025146}". Action Taken: No Action Taken.
Entry "HKCR\DStaActivator.IPStaAct" refers to invalid object "{38B2A7ED-92EB-11D5-A2D5-001083025146}". Action Taken: No Action Taken.
Entry "HKCR\DStaActivator.IPStaAct.1" refers to invalid object "{38B2A7ED-92EB-11D5-A2D5-001083025146}". Action Taken: No Action Taken.
Entry "HKCR\DXImageTransform.Canon.CanonMETEffect" refers to invalid object "{BFA3C355-7B7B-4898-8B9D-549A35FCB6E3}". Action Taken: No Action Taken.
Entry "HKCR\DXImageTransform.Canon.CanonMETEffect.1" refers to invalid object "{BFA3C355-7B7B-4898-8B9D-549A35FCB6E3}". Action Taken: No Action Taken.
Entry "HKCR\DXImageTransform.Canon.CanonMETTransition" refers to invalid object "{F5E816E8-C2F5-463c-A8A9-7FACB75C58AD}". Action Taken: No Action Taken.
Entry "HKCR\DXImageTransform.Canon.CanonMETTransition.1" refers to invalid object "{F5E816E8-C2F5-463c-A8A9-7FACB75C58AD}". Action Taken: No Action Taken.
Entry "HKCR\FE.FlashEngine" refers to invalid object "{2BAE89B0-68EF-4fab-AFF7-1E486D93F9EB}". Action Taken: No Action Taken.
Entry "HKCR\FE.FlashEngine.1" refers to invalid object "{2BAE89B0-68EF-4fab-AFF7-1E486D93F9EB}". Action Taken: No Action Taken.
Entry "HKCR\MIMEHook.CoMIMEHook" refers to invalid object "{8BBDA254-CE76-11D3-A2CE-00108335731F}". Action Taken: No Action Taken.
Entry "HKCR\MIMEHook.CoMIMEHook.1" refers to invalid object "{8BBDA254-CE76-11D3-A2CE-00108335731F}". Action Taken: No Action Taken.
Entry "HKCR\MIMEHook.CoMIMESink" refers to invalid object "{80373D03-D993-11D3-A2CE-00108335731F}". Action Taken: No Action Taken.
Entry "HKCR\MIMEHook.CoMIMESink.1" refers to invalid object "{80373D03-D993-11D3-A2CE-00108335731F}". Action Taken: No Action Taken.
Entry "HKCR\NSVPLAYX.NsvPlayXCtrl.1" refers to invalid object "{C5E28B9D-0A68-4B50-94E9-E8F6B4697515}". Action Taken: No Action Taken.
Entry "HKCR\Pathfinder.PathfinderDownload" refers to invalid object "{1167C47F-01F9-4C08-8564-1D6C9BAAFB60}". Action Taken: No Action Taken.
Entry "HKCR\Pathfinder.PathfinderDownload.1" refers to invalid object "{1167C47F-01F9-4C08-8564-1D6C9BAAFB60}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_Ares" refers to invalid object "{E981D791-F499-4837-A483-5AB22F1C548F}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_Ares.1" refers to invalid object "{E981D791-F499-4837-A483-5AB22F1C548F}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_Cerberus" refers to invalid object "{EB511AE4-87FE-4EFB-91A3-428B2F2601F7}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_Cerberus.1" refers to invalid object "{EB511AE4-87FE-4EFB-91A3-428B2F2601F7}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_QuickTime" refers to invalid object "{57C368A7-F2E9-48C6-B0E2-C201751383C1}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_QuickTime.1" refers to invalid object "{57C368A7-F2E9-48C6-B0E2-C201751383C1}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_Real" refers to invalid object "{205D2DFB-BBAD-4DC4-A0BB-CDA12A1639CE}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_Real.1" refers to invalid object "{205D2DFB-BBAD-4DC4-A0BB-CDA12A1639CE}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_Winamp" refers to invalid object "{AED456C4-4866-4420-863F-35767EBED514}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_Winamp.1" refers to invalid object "{AED456C4-4866-4420-863F-35767EBED514}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_WMP" refers to invalid object "{D465B936-C361-4417-9AC5-35167066F84B}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Engine_WMP.1" refers to invalid object "{D465B936-C361-4417-9AC5-35167066F84B}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Phobos" refers to invalid object "{D9F99C6B-A3A6-11D4-AF64-444553546170}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Phobos.1" refers to invalid object "{D9F99C6B-A3A6-11D4-AF64-444553546170}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Player" refers to invalid object "{7C9688C3-7279-474D-ABA5-A632373D2CDB}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Player.1" refers to invalid object "{7C9688C3-7279-474D-ABA5-A632373D2CDB}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Playlist" refers to invalid object "{A105BD70-BF56-4D10-BC91-41C88321F47C}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Playlist.1" refers to invalid object "{A105BD70-BF56-4D10-BC91-41C88321F47C}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.SupportedType" refers to invalid object "{639A19DD-1D97-4A6E-A0D1-01E04FED563F}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.SupportedType.1" refers to invalid object "{639A19DD-1D97-4A6E-A0D1-01E04FED563F}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Track" refers to invalid object "{B4F80028-5714-4B7B-B9B1-5748B204799A}". Action Taken: No Action Taken.
Entry "HKCR\Phobos.Track.1" refers to invalid object "{B4F80028-5714-4B7B-B9B1-5748B204799A}". Action Taken: No Action Taken.
Entry "HKCR\SA.DataCache" refers to invalid object "{10F34E64-BBB2-11D6-8A17-00E029570A3E}". Action Taken: No Action Taken.
Entry "HKCR\SA.DataCache.1" refers to invalid object "{10F34E64-BBB2-11D6-8A17-00E029570A3E}". Action Taken: No Action Taken.
Entry "HKCR\SA.SATBMgr" refers to invalid object "{8AB5F344-B600-11D6-8A15-00E029570A3E}". Action Taken: No Action Taken.
Entry "HKCR\SA.SATBMgr.1" refers to invalid object "{8AB5F344-B600-11D6-8A15-00E029570A3E}". Action Taken: No Action Taken.
Entry "HKCR\Sb.SuperBuddy" refers to invalid object "{189504B8-50D1-4AA8-B4D6-95C8F58A6414}". Action Taken: No Action Taken.
Entry "HKCR\Sb.SuperBuddy.1" refers to invalid object "{189504B8-50D1-4AA8-B4D6-95C8F58A6414}". Action Taken: No Action Taken.
Entry "HKCR\Sb.SuperBuddyData" refers to invalid object "{A98ABF1C-107C-44E7-9254-2C3FF435D0C2}". Action Taken: No Action Taken.
Entry "HKCR\Sb.SuperBuddyData.1" refers to invalid object "{A98ABF1C-107C-44E7-9254-2C3FF435D0C2}". Action Taken: No Action Taken.
Entry "HKCR\WinAmpX.IWinAmpActiveX" refers to invalid object "{C28BC286-884C-4a63-8A9C-6F7F5711034F}". Action Taken: No Action Taken.
Entry "HKCR\WinAmpX.IWinAmpActiveX.1" refers to invalid object "{C28BC286-884C-4a63-8A9C-6F7F5711034F}". Action Taken: No Action Taken.
Entry "HKCR\WinAmpX.IWinAmpActiveX.2" refers to invalid object "{FA3662C3-B8E8-11D6-A667-0010B556D978}". Action Taken: No Action Taken.
Entry "HKCR\WinAmpXChat.IWinAmpActiveXChat" refers to invalid object "{E3852604-B619-11d6-94EC-00047521F020}". Action Taken: No Action Taken.
Entry "HKCR\WinAmpXChat.IWinAmpActiveXChat.1" refers to invalid object "{E3852604-B619-11d6-94EC-00047521F020}". Action Taken: No Action Taken.
Entry "HKCR\Xanthe.XantheQuickTimePlayer" refers to invalid object "{1CB749C0-81EC-484E-B82C-ADD141FC6415}". Action Taken: No Action Taken.
Entry "HKCR\Xanthe.XantheQuickTimePlayer.1" refers to invalid object "{1CB749C0-81EC-484E-B82C-ADD141FC6415}". Action Taken: No Action Taken.
Entry "HKCR\YGPPicInfo.IImageInfo" refers to invalid object "{AD41621C-A2DD-487D-A24B-8BE40116A5A3}". Action Taken: No Action Taken.
Entry "HKCR\YGPPicInfo.IImageInfo.1" refers to invalid object "{AD41621C-A2DD-487D-A24B-8BE40116A5A3}". Action Taken: No Action Taken.
Entry "HKCR\YGPPicInfo.PictureInfo" refers to invalid object "{943742F6-3A40-43FF-97F4-A1750D97B200}". Action Taken: No Action Taken.
Entry "HKCR\YGPPicInfo.PictureInfo.1" refers to invalid object "{943742F6-3A40-43FF-97F4-A1750D97B200}". Action Taken: No Action Taken.
Entry "HKCR\YGPPicInfo.PictureInfos" refers to invalid object "{84CBABC2-D3BE-4EEF-8394-121FAC215CEF}". Action Taken: No Action Taken.
Entry "HKCR\YGPPicInfo.PictureInfos.1" refers to invalid object "{84CBABC2-D3BE-4EEF-8394-121FAC215CEF}". Action Taken: No Action Taken.
Entry "HKCR\Zb.ZbCmdRegisterForCIG" refers to invalid object "{7BF9A4A1-5B15-4d37-90D7-D0B9CE7F964A}". Action Taken: No Action Taken.
Entry "HKCR\Zb.ZbCmdRegisterForCIG.1" refers to invalid object "{7BF9A4A1-5B15-4d37-90D7-D0B9CE7F964A}". Action Taken: No Action Taken.
Entry "HKCR\ZbTaskCIGAlbum.TCIG_AlbumTask" refers to invalid object "{05190D52-1B3F-42d4-A38A-3F953B263BEF}". Action Taken: No Action Taken.
Entry "HKCR\ZbTaskCIGAlbum.TCIG_AlbumTask.1" refers to invalid object "{05190D52-1B3F-42d4-A38A-3F953B263BEF}". Action Taken: No Action Taken.
Entry "HKCR\ZbTaskCIGMyCamera.TCIG_DownloadTask" refers to invalid object "{E1A4B65B-2D62-4436-9098-A85DF4D8C24A}". Action Taken: No Action Taken.
Entry "HKCR\ZbTaskCIGMyCamera.TCIG_DownloadTask.1" refers to invalid object "{E1A4B65B-2D62-4436-9098-A85DF4D8C24A}". Action Taken: No Action Taken.
Entry "HKCR\ZbTaskCIGRegist.TCIG_RegistTask" refers to invalid object "{1025A2B4-2E3B-4fb9-9E82-D0770BFA44D7}". Action Taken: No Action Taken.
Entry "HKCR\ZbTaskCIGRegist.TCIG_RegistTask.1" refers to invalid object "{1025A2B4-2E3B-4fb9-9E82-D0770BFA44D7}". Action Taken: No Action Taken.
Entry "HKCR\ZbTaskCIGTopPage.TCIG_TopPageTask" refers to invalid object "{21B77562-87FE-4061-9C51-C6ECB9B9AB10}". Action Taken: No Action Taken.
Entry "HKCR\ZbTaskCIGTopPage.TCIG_TopPageTask.1" refers to invalid object "{21B77562-87FE-4061-9C51-C6ECB9B9AB10}". Action Taken: No Action Taken.
Entry "HKCR\ZbTaskCIGUpload.TCIG_UploadTask" refers to invalid object "{7E64E394-F52F-41d3-AD3E-E0C37C5476F6}". Action Taken: No Action Taken.
Entry "HKCR\ZbTaskCIGUpload.TCIG_UploadTask.1" refers to invalid object "{7E64E394-F52F-41d3-AD3E-E0C37C5476F6}". Action Taken: No Action Taken.
Entry "HKCR\ZbTaskMovieDesk.TMD_MovieDeskTask" refers to invalid object "{1FDCE279-48F6-451F-83A6-F67874552B94}". Action Taken: No Action Taken.
Entry "HKCR\ZbTaskMovieDesk.TMD_MovieDeskTask.1" refers to invalid object "{1FDCE279-48F6-451F-83A6-F67874552B94}". Action Taken: No Action Taken.
Entry "HKCR\ZbTaskMovieExportDES.TME_MovieExport" refers to invalid object "{13E48F16-C974-45BE-816E-2D7E2DAE668E}". Action Taken: No Action Taken.
Entry "HKCR\ZbTaskMovieExportDES.TME_MovieExport.1" refers to invalid object "{13E48F16-C974-45BE-816E-2D7E2DAE668E}". Action Taken: No Action Taken.
Entry "HKCR\ZbTask_MovieToStill.TMD_MovieToStill" refers to invalid object "{59A0A86A-D4C4-4C97-87D0-7CF0C18A8185}". Action Taken: No Action Taken.
Entry "HKCR\ZbTask_MovieToStill.TMD_MovieToStill.1" refers to invalid object "{59A0A86A-D4C4-4C97-87D0-7CF0C18A8185}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Adobe\Acrobat 6.0\Reader\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programs\STOPzilla!\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programs\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 7.0\Setup Files\RdrBig\DEU\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 7.0\Setup Files\SpellingDictionary\{6850D81D-1BEF-4E38-A24F-AE7D342AA811}\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Adobe\Acrobat 6\TempIccProfiles\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\Adobe\Acrobat 6\TempIccProfiles\Non-Recommended\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".000". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".04". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".05". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".117/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".117/pub/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".117/pub/to-scene/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".117/pub/to-scene/mappacks/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".117/pub/to-scene/maps/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".117/pub/to-scene/maps/pics/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".117/pub/to-scene/maps/pics/Eigene%20Bilder/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".117/pub/to-scene/maps/pics/Eigene%20webs/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".117/pub/to-scene/maps/pics/Eigene%20webs/channelstats/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".117/pub/to-scene/movies/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".117/pub/to-scene/soundpack/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".apr". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bak". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bpl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".clist". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cue". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".djvu". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".drw". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".esd". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".FTS". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".met". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".msf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".msl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mtx". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".OUT". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".part". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pdf-2". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".qm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rjs". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rjt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sbk". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".Semester". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sln". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".src". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tsk". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".txt[1]". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "._ohne_Pelkmannsav". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Adobe Photoshop 7.0". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AdobeESD". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "America Online de". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AntiVir/XP". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Connectivity Services". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL YGP Screensaver". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOLCoach de". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "CAL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "CameraWindowDVC5". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "CameraWindowDVC6". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "CameraWindowMC". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "CANON iMAGE GATEWAY Task". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Canon Internet Library for ZoomBrowser EX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "CSCLIB". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DivX Player". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DivX Pro Codec". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "eDonkey2000". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "EOS Utility". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821557". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823559". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833407". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Keane Screensaver.scr". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mediscript-CD GK3". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Miranda IM_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MovieEditTask". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5.0.3)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5.0.9)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MSN Toolbar". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q309521". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q311889". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q311967". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q313450". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q314862". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q315000". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q315403". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q317277". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q318138". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q319580". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q323172". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q324096". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q324380". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q326830". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q328940". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329048". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329115". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329170". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329390". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329441". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329834". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810577". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q811493". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815021". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817606". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q819696". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "RAW Image Task". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "RemoteCaptureTask". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "StreetPlugin". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ToolbarICQToolbar.ICQToolbarObjectIEToolbar". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ViewpointMediaPlayer". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "VLC media player". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Web Designers Toolkit 2006_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ZoneAlarm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ZoomBrowser EX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2B257128-0B59-4A88-AFDF-BE12E5F5B9A0}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2B257128-0B59-4A88-AFDF-BE12E5F5B9A1}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A802A94B-1C59-446C-BE78-A4063EF47777}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-0000-0000-6028747ADE01}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1031-7B44-A00000000001}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B6F867E8-F092-4C5E-7D72-AC7057DBEF45}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F891AE22-3685-4494-8BB9-BB6BFD8DA66D}". Action Taken: No Action Taken.
File C:\Programme\TheSearchAccelerator\IUCmore.dll tagged as "not-a-virus:AdWare.Win32.Ucmore". Action Taken: No Action Taken.