Hallo,
ich habe das problem, das ich in der Datei C:\WINDOWS\system32\Tools\Restart.exe einen virus sitzen habe.

Leider ist mein Wissen nicht all zu gross was den Pc betrifft, so das ich keine Ahnung habe, wie ich jetzt weiter vorgehen muss. alle scanner können ihn nicht desinfizieren...

Danke für eure hilfe

Wie bezeichnet welches Virenprogramm den Viru
Poste zusätzlich einen Hijackthis-Logfile .

man hat einen" HackerTool/Rebootah" darin gefunden...nur ich habe keinen schimmer was das heisst.....kann man die datei nicht einfach löschen?

@cadamasa
poste bitte ein HJT logfile
http://www.trojaner-board.de/showthread.php?t=17493

und poste welches Programm den Virus entdeckt hat.
(hat Cronos schon mal gepostet)
chaosman

Hast du eine SIS Software?

Diese Fehlermeldung habe ich immer bei der Neuinstallation und dem anschließenden Escan.

Aber da kannst du ganz einfach löschen ohne Probs.
Dennoch poste n Hijackthis.log mal zu Socherheit.

LG, Platzregen

so, jetzt bin ich total überfordert

ich habe von sowas ja gar keinen grossen plan. also, ich habe jetzt den hijack benutzt und er zeigt mir folgende dinge an:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online.de/service/redir/ie_suche.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/service/redir/ie_t-online.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de/service/redir/ie_t-online.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Dialer Control] C:\Programme\Coolspot\Dialer Control\dc.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Smart OnlineController] C:\Programme\Smart OnlineController\soc.exe /minimized
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SmartSurfer.lnk = C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Preispiraten - {94A15285-AAE6-44E8-B2D7-4A2C6CDA9185} - C:\Programme\Preispiraten\preispiraten.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de/service/redir/ie_t-online.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1126474585713

und wie muss ich jetzt weiter vorgehen?

Einmisch:
Bitte das komplette HJT-Logfile posten....
cacatoa

Logfile of HijackThis v1.99.1
Scan saved at 23:02:38, on 17.09.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVirenKit professional trial\AVKService.exe
C:\Programme\AntiVirenKit professional trial\AVKWCtl.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\Coolspot\Dialer Control\dc.exe
C:\Programme\Winamp3\winampa.exe
C:\Programme\PestPatrol\PPControl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Smart OnlineController\soc.exe
C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online.de/service/redir/ie_suche.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/service/redir/ie_t-online.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de/service/redir/ie_t-online.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Dialer Control] C:\Programme\Coolspot\Dialer Control\dc.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Smart OnlineController] C:\Programme\Smart OnlineController\soc.exe /minimized
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SmartSurfer.lnk = C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Preispiraten - {94A15285-AAE6-44E8-B2D7-4A2C6CDA9185} - C:\Programme\Preispiraten\preispiraten.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de/service/redir/ie_t-online.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1126474585713
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126473045188
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE117291-9616-4568-A83C-4D62B3596482}: NameServer = 195.71.159.16 193.189.244.205
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit professional trial\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit professional trial\AVKWCtl.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hi,
erstens ist Dein System nicht auf dem neuesten Stand. SP2 fehlt.
Dann möchte ich noch wissen (wie auch cronos in seinem ersten post), welcher scanner den virus gefunden hat und wie hat er ihn bezeichnet?
cacatoa

ich kann keine updates machen weil er mir dann anzeigt, das ich keine proxyeinstellung im server habe.

ich habe online gescant.Panda-software hat mir das als risiko angezeigt und noch andere scanner.

HackerTool/Rebootah

hat mir ein anderer scanner angegeben.

keine ahnung welcher das war.

Hallo,
bitte Frage beantworten:

Zitat:

wie hat er ihn bezeichnet

Also, wie soll das Baby heißen?
zu Fehlermeldungen zwecks update-Schwierigkeiten gibt es Tante google....
cacatoa

Weißt was,
Du machst jetzt mal genau nach Anleitung einen eScan und postest das Ergebnis, o.k.?
cacatoa

danke für die geduld

das dauert jetzt aber einen mom bis ich das runtergeladen habe.

es gab mehrere bezeichnungen dafür. jeder hat ihn anderster genannt. pandasoftware:Security Risk:Application/RestartNicht desinfiziert C:\WINDOWS\system32\Tools\Restart.exe

so, ich habe den escan gemacht und das war jetzt das ergebnis:
14:16:04 2005 => Loading Spyware Signatures from new External Database (Size: 143636).

Sun Sep 18 14:24:02 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.

Sun Sep 18 14:25:00 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.

Sun Sep 18 14:25:21 2005 => Offending file found: C:\DOKUME~1\Thomas\STARTM~1\PROGRA~1\AUTOST~1\POWERR~1.EXE
Sun Sep 18 14:25:21 2005 => System found infected with PowerReg Scheduler Spyware/Adware (powerreg scheduler v3.exe)! Action taken: No Action Taken.

Sun Sep 18 14:25:31 2005 => Offending file found: C:\WINDOWS\iun6002.exe
Sun Sep 18 14:25:31 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.

Sun Sep 18 14:26:05 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Sun Sep 18 14:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Widcomm\Bluetooth Software\ftp\". Action Taken: No Action Taken.

Sun Sep 18 14:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Widcomm\Bluetooth Software\opp\". Action Taken: No Action Taken.

Sun Sep 18 14:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Widcomm\Bluetooth Software\sync\". Action Taken: No Action Taken.

Sun Sep 18 14:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Ahead\Nero\". Action Taken: No Action Taken.

Sun Sep 18 14:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Ahead\". Action Taken: No Action Taken.

Sun Sep 18 14:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\TransportGigant\save\". Action Taken: No Action Taken.

Sun Sep 18 14:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\TransportGigant\". Action Taken: No Action Taken.

Sun Sep 18 14:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\SEGA\Immortal Cities\Data\Saved Games\". Action Taken: No Action Taken.

Sun Sep 18 14:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\SEGA\Immortal Cities\Snapshots\". Action Taken: No Action Taken.

Sun Sep 18 14:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\MSXML 4.0\". Action Taken: No Action Taken.

Sun Sep 18 14:26:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cif". Action Taken: No Action Taken.

Sun Sep 18 14:26:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".prefs". Action Taken: No Action Taken.

Sun Sep 18 14:26:08 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmb". Action Taken: No Action Taken.

Sun Sep 18 14:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "America Online de". Action Taken: No Action Taken.

Sun Sep 18 14:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Connectivity Services". Action Taken: No Action Taken.

Sun Sep 18 14:26:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Cultures - Die Entdeckung Vinlands". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DateiCommander 3.0 by C. Lütgens_is1". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "FinTools ComputerBild-Version". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "IrfanView". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821557". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823559". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823980". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q328310". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329048". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329115". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329170". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329390". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329834". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331953". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810577". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810833". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q811493". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815021". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817606". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Sierra-Dienstprogramme". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SimCity 3000". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Winamp". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WWII Frontline Command". Action Taken: No Action Taken.

Sun Sep 18 14:26:09 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "xpTuner_is1". Action Taken: No Action Taken.

Sun Sep 18 14:26:11 2005 => Entry "HKCR\CLSID\{4464114B-EBEC-11D6-9534-00E02932CC2E}" refers to invalid object "C:\Programme\Gemeinsame Dateien\fun communications\funAd.dll". Action Taken: No Action Taken.

Sun Sep 18 14:26:12 2005 => Entry "HKCR\CLSID\{7D40BE24-67B4-11D4-B7C0-0050044A0724}" refers to invalid object "C:\Programme\Gemeinsame Dateien\fun communications\UdaComServer.dll". Action Taken: No Action Taken.

Sun Sep 18 14:26:12 2005 => Entry "HKCR\CLSID\{86FC1FD1-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "E:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.

Sun Sep 18 14:26:12 2005 => Entry "HKCR\CLSID\{86FC1FD3-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "E:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.

Sun Sep 18 14:26:12 2005 => Entry "HKCR\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\aol\SCREEN~1\YGPSCR~1.DLL". Action Taken: No Action Taken.

Sun Sep 18 14:26:13 2005 => Entry "HKCR\CLSID\{B6857138-0A73-4AEF-B0DF-97D411CAECBD}" refers to invalid object "start ACDSee8.exe /StiDevice:%1 /StiEvent:%2". Action Taken: No Action Taken.

Sun Sep 18 14:26:13 2005 => Entry "HKCR\CLSID\{CC93F1D5-BAE8-11D4-BB7E-00E0290BFBAA}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\FUNCOM~1\FUNINT~1.DLL". Action Taken: No Action Taken.

Sun Sep 18 14:26:14 2005 => Entry "HKCR\CLSID\{E726E415-FC33-451A-A309-00A95540596F}" refers to invalid object "C:\Programme\Gemeinsame Dateien\fun communications\funAd.dll". Action Taken: No Action Taken.

Sun Sep 18 14:26:14 2005 => Entry "HKCR\CLSID\{FACF11A2-5095-11D3-A9DE-00C0268E5C48}" refers to invalid object "E:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.

Sun Sep 18 14:26:15 2005 => Entry "HKCR\TypeLib\{2D99B3D1-4A7E-11D4-B76E-0050044A0724}" refers to invalid object "C:\Programme\Gemeinsame Dateien\fun communications\UdaComServer.dll". Action Taken: No Action Taken.

Sun Sep 18 14:26:15 2005 => Entry "HKCR\TypeLib\{86FC1FC2-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "E:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.

Sun Sep 18 14:26:15 2005 => Entry "HKCR\TypeLib\{CC93F1C8-BAE8-11D4-BB7E-00E0290BFBAA}" refers to invalid object "C:\Programme\Gemeinsame Dateien\fun communications\funIntegCheck.dll". Action Taken: No Action Taken.

Sun Sep 18 14:26:15 2005 => Entry "HKCR\TypeLib\{DD3FCE4D-8442-4EFA-A71E-1C131F502F4A}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\aol\SCREEN~1\YGPSCR~1.DLL". Action Taken: No Action Taken.

Sun Sep 18 14:26:15 2005 => Entry "HKCR\TypeLib\{F3F0828C-B57B-4E38-8014-7F3B3941B6FD}" refers to invalid object "C:\Programme\Gemeinsame Dateien\fun communications\funAd.dll". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\ACHtmfu.HtmlFunctions" refers to invalid object "{756A2CB8-EC02-4DC8-8588-296C611A5365}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\ACHtmfu.HtmlFunctions.1" refers to invalid object "{756A2CB8-EC02-4DC8-8588-296C611A5365}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL.MimeConsumer" refers to invalid object "{C31746DC-4BF9-4DC8-A299-B0F09AFACFB4}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL.MimeConsumer.1" refers to invalid object "{C31746DC-4BF9-4DC8-A299-B0F09AFACFB4}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL.MimeController" refers to invalid object "{E9DD2392-EF9B-4963-BEDF-F86C0A2B762A}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL.MimeController.1" refers to invalid object "{E9DD2392-EF9B-4963-BEDF-F86C0A2B762A}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL.MimeNotification" refers to invalid object "{EB6BEA6B-F489-4846-902B-4CA285EA2311}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL.MimeNotification.1" refers to invalid object "{EB6BEA6B-F489-4846-902B-4CA285EA2311}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL.MimeSink" refers to invalid object "{C627B4C0-01AF-41BB-A4CF-EC0DEF91ADAF}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL.MimeSink.1" refers to invalid object "{C627B4C0-01AF-41BB-A4CF-EC0DEF91ADAF}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOLBrand_Client.AOLBrand_Client" refers to invalid object "{79498D83-FEFE-4e36-8B7E-E9CF79F010B0}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOLBrand_Client.AOLBrand_Client.1" refers to invalid object "{752B9690-7A0B-4c67-8A09-AE3885CFCDF4}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOLBrand_Client.AOLBrand_Client.2" refers to invalid object "{79498D83-FEFE-4e36-8B7E-E9CF79F010B0}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AolCalSvr.ACCalendarListCtrl" refers to invalid object "{A8ABE123-FAC4-41c1-ABA3-051B6F112B83}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AolCalSvr.ACCalendarListCtrl.5" refers to invalid object "{A8ABE123-FAC4-41c1-ABA3-051B6F112B83}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AolCalSvr.ACDayBoxViewCtrl" refers to invalid object "{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AolCalSvr.ACDayBoxViewCtrl.5" refers to invalid object "{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\Aolprefs.AolPreferences" refers to invalid object "{BBDA76FB-B05C-4A30-8E75-A96499A840D1}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\Aolprefs.AolPreferences.1" refers to invalid object "{BBDA76FB-B05C-4A30-8E75-A96499A840D1}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_AddressBook.AOL_AddressBook.1" refers to invalid object "{602DB47D-DFE2-4553-8C54-0522A9DC74AC}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_BuddyManager.AOL_BuddyManager.1" refers to invalid object "{19038319-D799-4819-94C0-1A115A590BF8}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_Client.AOL_Client" refers to invalid object "{AC44023F-D183-4397-9D02-27D34F120CB2}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_Client.AOL_Client.1" refers to invalid object "{225789FB-CCA8-11D2-A719-0060B0B41584}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_Client.AOL_Client.2" refers to invalid object "{AC44023F-D183-4397-9D02-27D34F120CB2}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_Client.AOL_Client.3" refers to invalid object "{8FC6A820-6BFC-11d6-A10D-0010A49A288A}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_ClientCommands.AOL_ClientCommands.1" refers to invalid object "{BB4AEB43-D0AB-11D2-A719-0060B0B41584}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_ClientDevice.AOL_ClientDevice.1" refers to invalid object "{225789FD-CCA8-11D2-A719-0060B0B41584}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_ClientDeviceDB.AOL_ClientDeviceDB.1" refers to invalid object "{22578A01-CCA8-11D2-A719-0060B0B41584}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_ClientLocality.AOL_ClientLocality.1" refers to invalid object "{22578A03-CCA8-11D2-A719-0060B0B41584}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_ClientLocalityDB.AOL_ClientLocalityDB.1" refers to invalid object "{22578A05-CCA8-11D2-A719-0060B0B41584}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_ClientLocalityGroup.AOL_ClientLocalityGroup.1" refers to invalid object "{22578A07-CCA8-11D2-A719-0060B0B41584}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_ClientPhoneDB.AOL_ClientPhoneDB.1" refers to invalid object "{22578A09-CCA8-11D2-A719-0060B0B41584}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_ClientPhoneList.AOL_ClientPhoneList.1" refers to invalid object "{22578A0B-CCA8-11D2-A719-0060B0B41584}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_ClientPhoneNum.AOL_ClientPhoneNum.1" refers to invalid object "{22578A0D-CCA8-11D2-A719-0060B0B41584}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_ClientSystem.AOL_ClientSystem.1" refers to invalid object "{22578A0F-CCA8-11D2-A719-0060B0B41584}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_Communications.AOL_Communications.1" refers to invalid object "{00e0313F-8627-45db-863d-fd41083c3d32}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_Favorites.AOL_Favorites.1" refers to invalid object "{C8A7FDAD-94D1-4da6-8D95-75888FB12DD4}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_IMManager.AOL_IMManager.1" refers to invalid object "{E3393F8F-B0C2-4103-A9E6-E0EB74645770}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_MailInfo.AOL_MailInfo.1" refers to invalid object "{7BD901A3-39BA-419b-AF57-EAA3145420DF}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_MailInfo2.AOL_MailInfo2.1" refers to invalid object "{14DB4DBD-FB4A-458e-8699-F9EB4BDAFEBC}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_Publish.AOL_Publish.1" refers to invalid object "{C689CA08-726F-4676-8876-99F163685B32}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\AOL_SAPMoniker.AOL_SAPMoniker.1" refers to invalid object "{9482BC28-EAA5-4b6e-82E9-C6832320936E}". Action Taken: No Action Taken.
Sun Sep 18 14:26:16 2005 => Entry "HKCR\CDDBControl.CddbTrackManager" refers to invalid object "{00014C0D-B007-4448-B89B-4EC3E857961D}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\CDDBControl.CddbTrackManager.1" refers to invalid object "{00014C0D-B007-4448-B89B-4EC3E857961D}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\CDDBControlAOL.CDDBProps" refers to invalid object "{229b78d8-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Sun Sep 18 14:26:16 2005 => Entry "HKCR\CDDBControlAOL.CDDBProps.1" refers to invalid object "{229b78d8-38f5-11d5-9001-00c04f4c3b9f}". Action Taken: No Action Taken.

Sun Sep 18 14:26:17 2005 => Entry "HKCR\ed2k\shell\open\command" refers to invalid object ""C:\Dokumente und Einstellungen\Thomas\Desktop\emule44bv16-webcache-rar\emule.exe" "%1"". Action Taken: No Action Taken.

Sun Sep 18 14:26:18 2005 => Entry "HKCR\SA.DataCache" refers to invalid object "{10F34E64-BBB2-11D6-8A17-00E029570A3E}". Action Taken: No Action Taken.

Sun Sep 18 14:26:18 2005 => Entry "HKCR\SA.DataCache.1" refers to invalid object "{10F34E64-BBB2-11D6-8A17-00E029570A3E}". Action Taken: No Action Taken.

Sun Sep 18 14:26:18 2005 => Entry "HKCR\SA.SATBMgr" refers to invalid object "{8AB5F344-B600-11D6-8A15-00E029570A3E}". Action Taken: No Action Taken.

Sun Sep 18 14:26:18 2005 => Entry "HKCR\SA.SATBMgr.1" refers to invalid object "{8AB5F344-B600-11D6-8A15-00E029570A3E}". Action Taken: No Action Taken.

Sun Sep 18 14:26:18 2005 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

Sun Sep 18 14:26:18 2005 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

Sun Sep 18 14:26:18 2005 => Entry "HKCR\ZAMailSafe\shell\open\command" refers to invalid object ""C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe" -warning "%1"". Action Taken: No Action Taken.
Sun Sep 18 17:28:28 2005 => Gescannte Dateien: 94414
Sun Sep 18 17:28:28 2005 => Gefundene Viren: 4
Sun Sep 18 17:28:28 2005 => Anzahl der desinfizierten Dateien: 0
Sun Sep 18 17:28:28 2005 => Umbenannte Dateien: 0
Sun Sep 18 17:28:28 2005 => Anzahl der gelöschten Dateien: 0
Sun Sep 18 17:28:28 2005 => Anzahl Fehler: 112
Sun Sep 18 17:28:28 2005 => Zeit vergangen: 03:13:50
Sun Sep 18 17:28:28 2005 => Virus Datenbank Datum: 2005/09/09
Sun Sep 18 17:28:28 2005 => Virus Datenbank



und jetzt?